TW202231017A - Management system for iot devices and management method thereof. - Google Patents

Management system for iot devices and management method thereof. Download PDF

Info

Publication number
TW202231017A
TW202231017A TW110103598A TW110103598A TW202231017A TW 202231017 A TW202231017 A TW 202231017A TW 110103598 A TW110103598 A TW 110103598A TW 110103598 A TW110103598 A TW 110103598A TW 202231017 A TW202231017 A TW 202231017A
Authority
TW
Taiwan
Prior art keywords
iot device
group
iot
verification
information
Prior art date
Application number
TW110103598A
Other languages
Chinese (zh)
Inventor
范榮軒
劉柏伶
Original Assignee
奧暢雲服務股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 奧暢雲服務股份有限公司 filed Critical 奧暢雲服務股份有限公司
Priority to TW110103598A priority Critical patent/TW202231017A/en
Publication of TW202231017A publication Critical patent/TW202231017A/en

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A management system for IOT (Internet of Things) devices and a management method thereof. The management system includes a communication interface, a storage device and a processor. The storage device stores a group list. The processor is configured to: receive identification information with timeliness from an IOT device through the communication interface; authenticate the IOT device according to the identification information; if the IOT device passes the authentication, determine whether the IOT device belongs to a predetermined group according to the group list; and if the IOT device belongs to the predetermined group, group the IOT device to the predetermined group and assign an authority for accessing the IOT device to a manager of the predetermined group.

Description

物聯網裝置的管理系統與管理方法Management system and management method of Internet of things device

本發明是有關於一種物聯網(Internet of Things, IoT)裝置的管理技術,且特別是有關於一種物聯網裝置的管理系統與管理方法。The present invention relates to a management technology of an Internet of Things (Internet of Things, IoT) device, and in particular, to a management system and a management method of the Internet of Things device.

隨著科技的進步,物聯網裝置的使用也越來越普及。例如,常見的物聯網裝置大至飛機或汽車,小至工業電腦、電視或冷氣機。一般來說,物聯網裝置在出廠前或出廠後,都需要對其合法管理者進行存取權限的管控。例如,最簡單的方式,是在物聯網裝置出廠前,就先將管理者的身分資訊設定於物聯網裝置中。物聯網裝置出廠後,可直接根據預先設定的身分資訊而允許合法的管理者對其進行存取。但是,這樣的管理機制必須在物聯網裝置出廠前就作好存取權限的相關設定,在物聯網裝置出廠後的使用上缺乏彈性。With the advancement of technology, the use of IoT devices has become more and more popular. For example, common IoT devices range from airplanes or cars to industrial computers, TVs, or air conditioners. Generally speaking, before or after leaving the factory, IoT devices need to control the access rights of their legal administrators. For example, the easiest way is to set the administrator's identity information in the IoT device before the IoT device leaves the factory. After the IoT device leaves the factory, it can directly allow legitimate administrators to access it based on the pre-set identity information. However, such a management mechanism must be set before the IoT device leaves the factory, and it lacks flexibility in the use of the IoT device after it leaves the factory.

此外,某些類型的物聯網裝置可以在出廠後,由管理人員使用此物聯網裝置的設備識別碼向遠端的管理伺服器請求下載憑證以進行管理權限的設定。但是,實務上曾經發生駭客使用偽造的設備識別碼來控制他人的物聯網裝置的例子,故使用上具有安全性的疑慮。In addition, after some types of IoT devices are shipped from the factory, the administrator can use the device identification code of the IoT device to request a download certificate from a remote management server to set management authority. However, in practice, there have been examples of hackers using fake device IDs to control other people's IoT devices, so there are concerns about security in use.

本發明提供一種物聯網裝置的管理系統與管理方法,可便捷且安全地對物聯網裝置進行群組與存取權限的分配。The present invention provides a management system and a management method for an Internet of Things device, which can conveniently and safely assign groups and access rights to the Internet of Things device.

本發明的實施例提供一種物聯網裝置的管理系統,其包括通訊介面、儲存裝置及處理器。所述儲存裝置儲存有群組清單。所述處理器耦接至所述通訊介面與所述儲存裝置並且用以:經由所述通訊介面從物聯網裝置接收帶有時效性的識別資訊;根據所述識別資訊驗證所述物聯網裝置;若所述物聯網裝置通過驗證,根據所述群組清單判斷所述物聯網裝置是否屬於預設群組;以及若所述物聯網裝置屬於所述預設群組,將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。Embodiments of the present invention provide a management system for an Internet of Things device, which includes a communication interface, a storage device, and a processor. The storage device stores a group list. The processor is coupled to the communication interface and the storage device and used for: receiving identification information with time-sensitive information from the Internet of Things device via the communication interface; verifying the Internet of Things device according to the identification information; If the IoT device passes the verification, determine whether the IoT device belongs to a preset group according to the group list; and if the IoT device belongs to the preset group, add the IoT device to the preset group to the preset group and grant the administrator of the preset group access rights to the IoT device.

本發明的實施例另提供一種物聯網裝置的管理方法,其包括:從物聯網裝置接收帶有時效性的識別資訊;根據所述識別資訊驗證所述物聯網裝置;若所述物聯網裝置通過驗證,根據群組清單判斷所述物聯網裝置是否屬於預設群組;以及若所述物聯網裝置屬於所述預設群組,將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。An embodiment of the present invention further provides a management method for an Internet of Things device, which includes: receiving identification information with time-sensitive information from the Internet of Things device; verifying the Internet of Things device according to the identification information; if the Internet of Things device passes Verify, determine whether the IoT device belongs to a preset group according to the group list; and if the IoT device belongs to the preset group, add the IoT device to the preset group and assign the IoT device to the preset group The authority of the administrator of the preset group to access the IoT device.

基於上述,在經由通訊介面從物聯網裝置接收帶有時效性的識別資訊後,可根據所述識別資訊驗證所述物聯網裝置。若所述物聯網裝置通過驗證,可根據群組清單判斷所述物聯網裝置是否屬於預設群組。若所述物聯網裝置屬於所述預設群組,可將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。藉此,可便捷且安全地對物聯網裝置進行群組與存取權限的分配。Based on the above, after the time-sensitive identification information is received from the IoT device through the communication interface, the IoT device can be authenticated according to the identification information. If the IoT device passes the verification, it can be determined whether the IoT device belongs to a preset group according to the group list. If the IoT device belongs to the default group, the IoT device may be added to the default group and an administrator of the default group may be given permission to access the IoT device. In this way, groups and access rights can be assigned to the IoT devices conveniently and securely.

圖1是根據本發明的一實施例所繪示的管理物聯網裝置的示意圖。圖2是根據本發明的一實施例所繪示的物聯網裝置的管理系統的概要方塊圖。請參照圖1與圖2,管理系統10可用以管理物聯網裝置11~13。管理系統10可實作為桌上型電腦、筆記型電腦、平板電腦、伺服器主機或工業電腦等各類型的電腦裝置。FIG. 1 is a schematic diagram of managing an IoT device according to an embodiment of the present invention. FIG. 2 is a schematic block diagram of a management system of an IoT device according to an embodiment of the present invention. Referring to FIG. 1 and FIG. 2 , the management system 10 can be used to manage the IoT devices 11 to 13 . The management system 10 can be implemented as various types of computer devices such as desktop computers, notebook computers, tablet computers, server hosts or industrial computers.

物聯網裝置11~13皆具有連網與資料處理能力。須注意的是,在一實施例中,物聯網裝置11~13分別是以工業電腦、數位看板及大型顯示器作為範例,但物聯網裝置11~13的類型不限於此。在另一實施例中,物聯網裝置11~13還可包括伺服器主機、多媒體事務機(Kiosk)、掃地機器人、智能電視或智能冰箱等各式符合物聯網規範的電子裝置。此外,物聯網裝置11~13的數目還可以是更多或更少,本發明不加以限制。The IoT devices 11 to 13 all have networking and data processing capabilities. It should be noted that, in one embodiment, the IoT devices 11 to 13 are respectively exemplified by industrial computers, digital signage and large displays, but the types of the IoT devices 11 to 13 are not limited thereto. In another embodiment, the IoT devices 11 to 13 may further include various electronic devices conforming to the IoT specification, such as a server host, a Kiosk, a cleaning robot, a smart TV, or a smart refrigerator. In addition, the number of IoT devices 11 to 13 may be more or less, which is not limited in the present invention.

管理系統10包括通訊介面21、儲存電路22及處理器23。通訊介面21可用以與物聯網裝置11~13通訊。例如,通訊介面21可包括有線網路介面卡以支援乙太網路(Ethernet)等有線通訊協定及/或無線網路介面卡以支援WiFi等無線通訊協定。The management system 10 includes a communication interface 21 , a storage circuit 22 and a processor 23 . The communication interface 21 can be used to communicate with the IoT devices 11 to 13 . For example, the communication interface 21 may include a wired network interface card to support wired communication protocols such as Ethernet and/or a wireless network interface card to support wireless communication protocols such as WiFi.

儲存電路22可包括揮發性記憶體模組與非揮發性記憶體模組。揮發性記憶體模組可用以揮發性地儲存資料。非揮發性記憶體模組可用以非揮發性地儲存資料。例如,揮發性記憶體模組可包括動態隨機存取記憶體(Dynamic Random Access Memory, DRAM),且非揮發性記憶體模組可包括傳統硬碟(Hard Disk Drive, HDD)及/或固態硬碟(Solid state drive, SSD)。The storage circuit 22 may include volatile memory modules and non-volatile memory modules. Volatile memory modules can be used to volatilely store data. Non-volatile memory modules can be used to store data non-volatilely. For example, the volatile memory module may include dynamic random access memory (DRAM), and the non-volatile memory module may include conventional hard disk drives (HDDs) and/or solid state drives Disk (Solid state drive, SSD).

處理器23耦接至通訊介面21與儲存電路22。處理器23可用以負責管理系統10的整體或部分操作。例如,處理器23可包括中央處理單元(Central Processing Unit, CPU)、或是其他可程式化之一般用途或特殊用途的微處理器、數位訊號處理器(Digital Signal Processor, DSP)、可程式化控制器、特殊應用積體電路(Application Specific Integrated Circuits, ASIC)、可程式化邏輯裝置(Programmable Logic Device, PLD)或其他類似裝置或這些裝置的組合。The processor 23 is coupled to the communication interface 21 and the storage circuit 22 . The processor 23 may be used to manage all or part of the operation of the system 10 . For example, the processor 23 may include a central processing unit (CPU), or other programmable general-purpose or special-purpose microprocessors, digital signal processors (DSP), programmable Controllers, Application Specific Integrated Circuits (ASICs), Programmable Logic Devices (PLDs) or other similar devices or combinations of these devices.

在一實施例中,儲存電路22儲存有群組清單201。群組清單201用以記載一或多個物聯網裝置是否已經被預先分配至特定群組的相關資訊。當物聯網裝置11~13中的任一者出廠後且經由網路(例如Internet)連接至管理系統10時,管理系統10可先對此物聯網裝置進行驗證。若此物聯網裝置通過驗證,管理系統10可根據群組清單201中的資訊來決定是否將此物聯網裝置加入至某一群組。In one embodiment, the storage circuit 22 stores the group list 201 . The group list 201 is used to record information about whether one or more IoT devices have been pre-assigned to a specific group. When any one of the IoT devices 11 to 13 is shipped from the factory and is connected to the management system 10 via a network (eg, the Internet), the management system 10 can first verify the IoT device. If the IoT device passes the verification, the management system 10 can determine whether to add the IoT device to a group according to the information in the group list 201 .

在一實施例中,處理器23可經由通訊介面21從物聯網裝置11接收帶有時效性的識別資訊。處理器23可根據此識別資訊來驗證物聯網裝置11。若物聯網裝置11通過驗證,處理器23可根據群組清單201判斷物聯網裝置11是否屬於某一預設群組。在一實施例中,假設群組清單201反映物聯網裝置11已被預先分組至群組G(A)。因此,處理器23可根據群組清單201將物聯網裝置11加入至群組G(A)並賦予群組G(A)的管理者101存取物聯網裝置11的權限。In one embodiment, the processor 23 may receive the identification information with time-sensitive information from the IoT device 11 via the communication interface 21 . The processor 23 can authenticate the IoT device 11 according to the identification information. If the IoT device 11 passes the verification, the processor 23 can determine whether the IoT device 11 belongs to a predetermined group according to the group list 201 . In one embodiment, it is assumed that the group list 201 reflects that the IoT devices 11 have been pre-grouped into the group G(A). Therefore, the processor 23 can add the IoT device 11 to the group G(A) according to the group list 201 and grant the administrator 101 of the group G(A) access authority to the IoT device 11 .

在一實施例中,處理器23可經由通訊介面21分別從物聯網裝置12與13接收帶有時效性的識別資訊。處理器23可根據此識別資訊來驗證物聯網裝置12與13。若物聯網裝置12與13皆通過驗證,處理器23可根據群組清單201判斷物聯網裝置12與13是否屬於一或多個預設群組。在一實施例中,假設群組清單201反映物聯網裝置12與13皆已被預先分組至群組G(B)。因此,處理器23可根據群組清單201將物聯網裝置12與13加入至群組G(B)並賦予群組G(B)的管理者102存取物聯網裝置12與13的權限。In one embodiment, the processor 23 can receive time-sensitive identification information from the IoT devices 12 and 13 respectively through the communication interface 21 . The processor 23 can authenticate the IoT devices 12 and 13 according to the identification information. If both the IoT devices 12 and 13 pass the verification, the processor 23 can determine whether the IoT devices 12 and 13 belong to one or more preset groups according to the group list 201 . In one embodiment, it is assumed that the group list 201 reflects that both the IoT devices 12 and 13 have been pre-grouped into the group G(B). Therefore, the processor 23 can add the IoT devices 12 and 13 to the group G(B) according to the group list 201 and grant the administrator 102 of the group G(B) access rights to the IoT devices 12 and 13 .

須注意的是,在前述實施例中,管理者101未被賦予存取屬於群組G(B)的物聯網裝置的權限。因此,管理者101只能存取屬於群組G(A)的物聯網裝置(例如物聯網裝置11),而無法存取屬於群組G(B)的物聯網裝置(例如物聯網裝置12與13)。同理,管理者102未被賦予存取屬於群組G(A)的物聯網裝置的權限。因此,管理者102只能存取屬於群組G(B)的物聯網裝置(例如物聯網裝置12與13),而無法存取屬於群組G(A)的物聯網裝置(例如物聯網裝置11)。在以下實施例中,將以物聯網裝置11作為範例,更進一步說明前述的驗證與分組的相關操作細節。It should be noted that, in the foregoing embodiment, the administrator 101 is not given the authority to access the IoT devices belonging to the group G(B). Therefore, the manager 101 can only access the IoT devices belonging to the group G(A) (eg, the IoT device 11 ), but cannot access the IoT devices belonging to the group G(B) (eg, the IoT device 12 and the IoT device 11 ) 13). Likewise, the administrator 102 is not given the right to access the IoT devices belonging to the group G(A). Therefore, the manager 102 can only access the IoT devices (eg, IoT devices 12 and 13 ) belonging to the group G(B), but cannot access the IoT devices (eg, IoT devices) belonging to the group G(A) 11). In the following embodiments, the IoT device 11 will be used as an example to further describe the above-mentioned details of the operations related to verification and grouping.

在一實施例中,來自物聯網裝置11的識別資訊包括物聯網裝置11的裝置識別碼與一個驗證碼(亦稱為第一驗證碼)。物聯網裝置11的裝置識別碼可為物聯網裝置11專屬的唯一識別碼,例如,物聯網裝置11的序列號碼。此外,此第一驗證碼屬於基於時間的一次性密碼。In one embodiment, the identification information from the IoT device 11 includes a device identification code of the IoT device 11 and a verification code (also referred to as a first verification code). The device identification code of the IoT device 11 may be a unique identification code dedicated to the IoT device 11 , for example, the serial number of the IoT device 11 . Furthermore, this first verification code is a time-based one-time password.

在一實施例中,物聯網裝置11可對其自身的裝置識別碼(例如序列號碼)與一個時間參數進行編碼以產生第一驗證碼。此時間參數可反映物聯網裝置11在執行此編碼時的系統時間。在一實施例中,物聯網裝置11可將所述裝置識別碼與所述時間參數輸入至基於時間的一次性密碼(Time-based One-Time password, TOTP)演算法。例如,此TOTP演算法可包含對所述裝置識別碼與所述時間參數執行雜湊運算。物聯網裝置11可根據此TOTP演算法的輸出產生第一驗證碼。藉此,所產生的第一驗證碼可具有時效性且可反映所述時間參數。然後,物聯網裝置11可將包含物聯網裝置11的裝置識別碼與第一驗證碼的識別資訊傳送至管理系統10。In one embodiment, the IoT device 11 may encode its own device identification code (eg, serial number) and a time parameter to generate the first verification code. This time parameter may reflect the system time of the IoT device 11 when the encoding is performed. In one embodiment, the IoT device 11 may input the device identification code and the time parameter into a time-based one-time password (TOTP) algorithm. For example, such a TOTP algorithm may include performing a hash operation on the device identification code and the time parameter. The IoT device 11 can generate the first verification code according to the output of the TOTP algorithm. Thereby, the generated first verification code can be time-sensitive and can reflect the time parameter. Then, the IoT device 11 can transmit the identification information including the device identification code of the IoT device 11 and the first verification code to the management system 10 .

在一實施例中,在接收到包含物聯網裝置11的裝置識別碼與第一驗證碼的識別資訊後,管理系統10的處理器23可根據此裝置識別碼產生另一個驗證碼(亦稱為第二驗證碼)。例如,第二驗證碼也屬於基於時間的一次性密碼。例如,處理器23可使用與物聯網裝置11相同的TOTP演算法來對所接收到的裝置識別碼與一個時間參數進行編碼以產生第二驗證碼。此時間參數可反映處理器23在執行此編碼時的系統時間。然後,處理器23可比較第一驗證碼與第二驗證碼。若第一驗證碼與第二驗證碼一致(例如相同),處理器23可判定物聯網裝置11通過驗證。反之,若第一驗證碼與第二驗證碼不一致(例如不相同),處理器23可判定物聯網裝置11未通過驗證。In one embodiment, after receiving the identification information including the device identification code of the IoT device 11 and the first verification code, the processor 23 of the management system 10 can generate another verification code (also called a verification code) according to the device identification code. second verification code). For example, the second verification code is also a time-based one-time password. For example, the processor 23 may use the same TOTP algorithm as the IoT device 11 to encode the received device identification code and a time parameter to generate the second verification code. This time parameter may reflect the system time of the processor 23 when the encoding is performed. Then, the processor 23 may compare the first verification code with the second verification code. If the first verification code is consistent with the second verification code (eg, the same), the processor 23 may determine that the IoT device 11 has passed the verification. Conversely, if the first verification code and the second verification code are inconsistent (eg, not identical), the processor 23 may determine that the IoT device 11 fails the verification.

在一實施例中,若物聯網裝置11通過驗證,處理器23可經由通訊介面21傳送一個認證資訊至物聯網裝置11。爾後,此認證資訊可用以表示物聯網裝置11已通過認證。In one embodiment, if the IoT device 11 passes the verification, the processor 23 may transmit an authentication message to the IoT device 11 via the communication interface 21 . Thereafter, the authentication information can be used to indicate that the IoT device 11 has been authenticated.

在一實施例中,在判定物聯網裝置11通過驗證後,處理器23可根據此裝置識別碼查詢群組清單201。然後,處理器23可根據查詢結果判斷物聯網裝置11是否屬於某一個預設群組。例如,假設群組清單201中記載有物聯網裝置11的裝置識別碼與群組G(A)之間的對應關係,則處理器23可判定物聯網裝置11應屬於群組G(A)。因此,處理器23可將物聯網裝置11加入至群組G(A)並賦予群組G(A)的管理者101存取物聯網裝置11的權限。In one embodiment, after determining that the IoT device 11 has passed the verification, the processor 23 can query the group list 201 according to the device identification code. Then, the processor 23 can determine whether the IoT device 11 belongs to a certain preset group according to the query result. For example, if the group list 201 records the correspondence between the device ID of the IoT device 11 and the group G(A), the processor 23 can determine that the IoT device 11 should belong to the group G(A). Therefore, the processor 23 can add the IoT device 11 to the group G(A) and grant the administrator 101 of the group G(A) access rights to the IoT device 11 .

在一實施例中,若物聯網裝置11未通過驗證,表示物聯網裝置11的裝置識別碼可能被盜用。例如,駭客等惡意使用者可能正在嘗試將他人擁有的物聯網裝置11歸戶至駭客所指定的群組。此時,處理器23可判定物聯網裝置11為非法裝置而不對物聯網裝置11執行分組,避免駭客取得對於物聯網裝置11的存取權限。In one embodiment, if the IoT device 11 fails the verification, it means that the device identification code of the IoT device 11 may be stolen. For example, a malicious user such as a hacker may be trying to re-home the IoT device 11 owned by another person to a group designated by the hacker. At this time, the processor 23 can determine that the IoT device 11 is an illegal device and does not perform grouping on the IoT device 11 , so as to prevent a hacker from obtaining access rights to the IoT device 11 .

在一實施例中,若群組清單201中未記載物聯網裝置11的裝置識別碼與任何群組之間的對應關係,處理器23可暫時將物聯網裝置11加入至一個系統群組G(S),以等待歸戶(即分組)。In one embodiment, if the corresponding relationship between the device ID of the IoT device 11 and any group is not recorded in the group list 201, the processor 23 may temporarily add the IoT device 11 to a system group G ( S) to wait for homecoming (ie grouping).

圖3是根據本發明的一實施例所繪示的對屬於系統群組的物聯網裝置進行分組的示意圖。請參照圖2與圖3,在一實施例中,假設物聯網裝置31已被加入至系統群組G(S)。FIG. 3 is a schematic diagram of grouping IoT devices belonging to a system group according to an embodiment of the present invention. Referring to FIG. 2 and FIG. 3 , in one embodiment, it is assumed that the IoT device 31 has been added to the system group G(S).

在某一時間點,使用者301可操作物聯網裝置31以觸發物聯網裝置31傳送一個配對請求至管理系統10。根據此配對請求,處理器23可經由通訊介面21將配對資訊(亦稱為第一配對資訊)傳送至物聯網裝置31。例如,第一配對資訊可包含由多個字母及/或數字組成的認證碼。接著,在第一配對資訊的一個有效時間範圍(例如10分鐘)內,處理器23可經由通訊介面21從一個通訊裝置32接收另一配對資訊(亦稱為第二配對資訊)。處理器23可比較第一配對資訊與第二配對資訊。若第一配對資訊與第二配對資訊一致(例如相同),處理器23可將物聯網裝置31加入至通訊裝置32(或使用者301)所指定的用戶群組G(C)。同時,用戶群組G(C)的管理者(例如使用者301)可被賦予存取物聯網裝置31的權限。At a certain point in time, the user 301 may operate the IoT device 31 to trigger the IoT device 31 to transmit a pairing request to the management system 10 . According to the pairing request, the processor 23 can transmit the pairing information (also referred to as the first pairing information) to the IoT device 31 via the communication interface 21 . For example, the first pairing information may include an authentication code consisting of a plurality of letters and/or numbers. Then, within a valid time range (eg, 10 minutes) of the first pairing information, the processor 23 can receive another pairing information (also referred to as second pairing information) from a communication device 32 via the communication interface 21 . The processor 23 may compare the first pairing information with the second pairing information. If the first pairing information is consistent with the second pairing information (eg, the same), the processor 23 can add the IoT device 31 to the user group G(C) designated by the communication device 32 (or the user 301 ). At the same time, the administrator of the user group G(C) (eg, the user 301 ) can be granted the authority to access the IoT device 31 .

在一實施例中,來自管理系統10的第一配對資訊可被呈現於物聯網裝置31的顯示器。例如,假設第一配對資訊包含6個作為認證碼使用的數字,則物聯網裝置31的顯示器可呈現這6個數字。在一實施例中,使用者301可經由物聯網裝置31的顯示器查看這6個數字(即第一配對資訊)並在一個有效時間範圍(例如10分鐘)內,經由通訊裝置32的輸入介面(例如滑鼠、鍵盤及/或觸控板)輸入這6個數字(即第二配對資訊)。根據使用者301之輸入,通訊裝置32可將包含這6個數字的驗證碼(即第二配對資訊)傳送至管理系統10。In one embodiment, the first pairing information from the management system 10 may be presented on the display of the IoT device 31 . For example, assuming that the first pairing information includes 6 numbers used as the authentication code, the display of the IoT device 31 can present the 6 numbers. In one embodiment, the user 301 can view the 6 numbers (ie, the first pairing information) through the display of the IoT device 31 and within a valid time range (eg, 10 minutes), through the input interface ( Such as mouse, keyboard and/or touchpad) to input these 6 numbers (ie the second pairing information). According to the input of the user 301 , the communication device 32 can transmit the verification code (ie, the second pairing information) including the six numbers to the management system 10 .

在一實施例中,若第一配對資訊與在所述有效時間範圍內接收的第二配對資訊一致(例如物聯網裝置31的顯示器呈現的驗證碼與使用者301經由通訊裝置32輸入的驗證碼完全相同),表示使用者301有很高機率確實是物聯網裝置31以及通訊裝置32的擁有者。因此,物聯網裝置31可被加入(或更新)至通訊裝置32(或使用者301)所指定的用戶群組G(C)以供使用者301存取。In one embodiment, if the first pairing information is consistent with the second pairing information received within the valid time range (for example, the verification code displayed on the display of the IoT device 31 and the verification code input by the user 301 via the communication device 32 ) identically), indicating that the user 301 has a high probability that he is indeed the owner of the IoT device 31 and the communication device 32 . Therefore, the IoT device 31 can be added (or updated) to the user group G(C) designated by the communication device 32 (or the user 301 ) for the user 301 to access.

在一實施例中,若未在所述有效時間範圍內接收到第二配對資訊,或者第一配對資訊與所接收到的第二配對資訊不一致(例如物聯網裝置31的顯示器呈現的驗證碼與使用者301經由通訊裝置32輸入的驗證碼不完全相同),表示駭客等惡意使用者可能正在嘗試將他人擁有的物聯網裝置31歸戶至駭客所指定的群組。此時,處理器23可不對物聯網裝置31執行分組,避免駭客取得對於物聯網裝置31的存取權限。In one embodiment, if the second pairing information is not received within the valid time range, or the first pairing information is inconsistent with the received second pairing information (for example, the verification code displayed on the display of the IoT device 31 is different from the second pairing information) The verification codes input by the user 301 via the communication device 32 are not identical), indicating that a malicious user such as a hacker may be trying to return the IoT device 31 owned by others to the group designated by the hacker. At this time, the processor 23 may not perform grouping on the IoT device 31 to prevent hackers from obtaining access rights to the IoT device 31 .

在一實施例中,在判定第一配對資訊與第二配對資訊一致後,處理器23可經由通訊介面21發送一個互動驗證請求至通訊裝置32並發送相應於此互動驗證請求的驗證動作資訊至物聯網裝置31。在此互動驗證請求的一個有效時間範圍(例如10分鐘)內,處理器23可經由通訊介面21從通訊裝置32接收一個用戶行為資訊。此用戶行為資訊可反映使用者(例如使用者301)對於通訊裝置32的操作行為。接著,處理器23可根據此用戶行為資訊將31物聯網裝置加入至通訊裝置32(或使用者301)所指定的用戶群組G(C)。In one embodiment, after determining that the first pairing information is consistent with the second pairing information, the processor 23 can send an interactive verification request to the communication device 32 via the communication interface 21 and send verification action information corresponding to the interactive verification request to IoT device 31. Within a valid time range (eg, 10 minutes) of the interactive verification request, the processor 23 may receive a user behavior information from the communication device 32 via the communication interface 21 . The user behavior information can reflect the operation behavior of the user (eg, the user 301 ) on the communication device 32 . Then, the processor 23 can add 31 the IoT device to the user group G(C) designated by the communication device 32 (or the user 301 ) according to the user behavior information.

在一實施例中,物聯網裝置31可根據所述驗證動作資訊將一個互動導引訊息呈現於物聯網裝置31的顯示器,以指示使用者301根據此互動導引訊息來操作通訊裝置32。例如,此互動導引訊息可包括對畫面中顯示的驗證碼的6個數字中的某些數字進行標記或類似帶有互動驗證動作之引導的相關訊息。例如,此互動導引訊息可包含圖形化的互動引導訊息。In one embodiment, the IoT device 31 may present an interactive guide message on the display of the IoT device 31 according to the verification action information, so as to instruct the user 301 to operate the communication device 32 according to the interactive guide message. For example, the interactive guidance message may include marking some of the 6 numbers of the verification code displayed on the screen or a similar message with guidance of interactive verification actions. For example, the interactive guidance message may include a graphical interactive guidance message.

在一實施例中,所述互動導引訊息可根據使用者301在物聯網裝置31上的一個預設操作行為而呈現於物聯網裝置31的顯示器。例如,在物聯網裝置31接收到所述驗證動作資訊後,物聯網裝置31可暫不呈現此互動導引訊息。在經由物聯網裝置31的輸入介面(例如滑鼠、鍵盤及/或觸控板)來偵測使用者執行的預設操作行為(例如使用者控制顯示器中的游標滑過畫面中包含前述6個數字的驗證碼)後,響應於此預設操作行為,物聯網裝置31可將所述互動導引訊息呈現於物聯網裝置31的顯示器。In one embodiment, the interactive guidance message may be presented on the display of the IoT device 31 according to a preset operation behavior of the user 301 on the IoT device 31 . For example, after the IoT device 31 receives the verification action information, the IoT device 31 may temporarily not present the interactive guidance message. Detecting the preset operation behavior performed by the user through the input interface (such as a mouse, a keyboard and/or a touchpad) of the IoT device 31 (such as the user controlling the cursor on the display to slide over the screen includes the aforementioned six After the digital verification code), in response to the preset operation behavior, the IoT device 31 can present the interactive guidance message on the display of the IoT device 31 .

圖8是根據本發明的一實施例所繪示的呈現互動導引訊息的示意圖。請參照圖8,在一實施例中,在使用者控制物聯網裝置31的顯示器中的游標滑過畫面81中包含前述6個數字的驗證碼後,互動導引訊息801可呈現於畫面81中。此互動導引訊息801可對此驗證碼中的特定數字進行標記。以標記此驗證碼中的第2個、第4個及第5個數字為例,此互動導引訊息801可改變此驗證碼中的第2個、第4個及第5個數字的底色。FIG. 8 is a schematic diagram of presenting interactive guidance information according to an embodiment of the present invention. Referring to FIG. 8 , in one embodiment, after the user controls the cursor on the display of the IoT device 31 to slide over the verification code containing the aforementioned six numbers in the screen 81 , the interactive guide message 801 can be displayed on the screen 81 . . The interactive guide message 801 can mark a specific number in the verification code. Take marking the 2nd, 4th and 5th numbers in this verification code as an example, this interactive guidance message 801 can change the background color of the 2nd, 4th and 5th numbers in this verification code .

在一實施例中,使用者301可在對應於所述互動驗證請求的有效時間範圍(例如10分鐘)內,根據顯示於物聯網裝置31的互動導引訊息來操作通訊裝置32的輸入介面(例如滑鼠、鍵盤及/或觸控板)執行相應的操作行為(例如“點擊所輸入的驗證碼的6個數字中的第2個、第4個及第5個數字”)。然後,通訊裝置32可將反映此操作行為的用戶行為資訊傳送至管理系統10。In one embodiment, the user 301 can operate the input interface ( For example, a mouse, a keyboard and/or a touchpad) perform the corresponding operation behavior (for example, "click the 2nd, 4th and 5th digits of the 6 digits of the entered verification code"). Then, the communication device 32 can transmit the user behavior information reflecting the operation behavior to the management system 10 .

在一實施例中,在對應於所述互動驗證請求的有效時間範圍(例如10分鐘)內,若來自通訊裝置32的用戶行為資訊所反映的用戶行為與所述互動驗證請求所要求的用戶行為一致,表示使用者301有很高的機率確實是物聯網裝置31的擁有者。因此,物聯網裝置31可被加入至通訊裝置32(或使用者301)所指定的用戶群組G(C)以供使用者301存取。In one embodiment, within the valid time range (for example, 10 minutes) corresponding to the interactive verification request, if the user behavior reflected by the user behavior information from the communication device 32 is the same as the user behavior required by the interactive verification request If they are consistent, it means that the user 301 has a high probability that he is indeed the owner of the IoT device 31 . Therefore, the IoT device 31 can be added to the user group G(C) designated by the communication device 32 (or the user 301 ) for the user 301 to access.

在一實施例中,若未在對應於所述互動驗證請求的有效時間範圍(例如10分鐘)內接收到用戶行為資訊,或者所接收到的用戶行為資訊所反映的用戶行為與所述互動驗證請求所指示的用戶行為不一致,表示駭客等惡意使用者可能是透過特定手法(例如藉由安裝於物聯網裝置31中的惡意程式)來嘗試通過先前的配對資訊之驗證機制。此時,處理器23可不對物聯網裝置31執行分組,避免駭客取得對於物聯網裝置31的存取權限。In one embodiment, if the user behavior information is not received within the valid time range (for example, 10 minutes) corresponding to the interactive verification request, or the user behavior reflected by the received user behavior information is related to the interactive verification The inconsistent user behavior indicated by the request indicates that a malicious user such as a hacker may try to pass the authentication mechanism of the previous pairing information through a specific method (eg, by a malicious program installed in the IoT device 31 ). At this time, the processor 23 may not perform grouping on the IoT device 31 to prevent hackers from obtaining access rights to the IoT device 31 .

換言之,在一實施例中,當使用者301嘗試將當前屬於系統群組G(S)的物聯網裝置31加入特定的用戶群組G(C)時,管理系統10可對使用者301執行雙重驗證。例如,所述比對第一配對資訊與第二配對資訊之操作是屬於雙重驗證中的第一階段驗證,而比對用戶行為資訊所反映的用戶行為與所述互動驗證請求所請求的用戶行為則是屬於雙重驗證中的第二階段驗證。只有當使用者301通過此雙重驗證時,處理器23才會將物聯網裝置31加入至使用者301所指定的用戶群組G(C)。藉此,可有效避免駭客等惡意使用者取得系統群組G(S)中當前尚未歸戶的物聯網裝置的存取權限。In other words, in one embodiment, when the user 301 tries to add the IoT device 31 that currently belongs to the system group G(S) to a specific user group G(C), the management system 10 can perform a dual operation on the user 301 verify. For example, the operation of comparing the first pairing information with the second pairing information is a first-stage verification in the two-step verification, and comparing the user behavior reflected by the user behavior information and the user behavior requested by the interactive verification request It belongs to the second stage of verification in two-factor verification. Only when the user 301 passes the double authentication, the processor 23 will add the IoT device 31 to the user group G(C) designated by the user 301 . In this way, malicious users such as hackers can be effectively prevented from obtaining the access rights of the IoT devices in the system group G(S) that are not currently homed.

在一實施例中,在物聯網裝置出廠後,一個代理程式可被安裝於物聯網裝置中。爾後,此代理程式即可自動執行例如發送所述帶有時效性的識別資訊、發送配對請求、接收並呈現第一配對資訊、接收互動驗證請求等操作行為,以配合管理系統10對物聯網裝置進行驗證與歸戶(即分組)。In one embodiment, an agent may be installed in the IoT device after the IoT device is shipped from the factory. After that, the agent can automatically perform operations such as sending the time-sensitive identification information, sending a pairing request, receiving and presenting the first pairing information, receiving an interactive verification request, etc., so as to cooperate with the management system 10 on the IoT device. Authenticate and return home (ie, grouping).

圖4是根據本發明的一實施例所繪示的物聯網裝置的管理方法的流程圖。請參照圖4,在步驟S401中,從物聯網裝置接收帶有時效性的識別資訊。在步驟S402中,根據所述識別資訊驗證所述物聯網裝置。在步驟S403中,判斷所述物聯網裝置是否通過驗證。若所述物聯網裝置未通過驗證,在步驟S404中,判定所述物聯網裝置為非法裝置,且不對其進行歸戶(即分組)。FIG. 4 is a flowchart of a management method of an IoT device according to an embodiment of the present invention. Referring to FIG. 4 , in step S401 , time-sensitive identification information is received from the IoT device. In step S402, the IoT device is verified according to the identification information. In step S403, it is determined whether the IoT device has passed the verification. If the Internet of Things device fails the verification, in step S404, it is determined that the Internet of Things device is an illegal device, and it is not returned to its home (ie, grouped).

若所述物聯網裝置通過驗證,在步驟S405中,根據群組清單判斷所述物聯網裝置是否屬於預設群組。若所述物聯網裝置屬於某一預設群組,在步驟S406中,將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。此外,若所述物聯網裝置不屬於任一預設群組,在步驟S407中,將所述物聯網裝置加入至系統群組,以等待歸戶(即分組)。If the IoT device passes the verification, in step S405, it is determined whether the IoT device belongs to a preset group according to the group list. If the IoT device belongs to a predetermined group, in step S406, add the IoT device to the default group and give the manager of the default group access to the IoT Device permissions. In addition, if the IoT device does not belong to any preset group, in step S407 , the IoT device is added to the system group to wait for homecoming (ie, grouping).

圖5是根據本發明的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。請參照圖5,在步驟S501中,物聯網裝置51可從其內部儲存空間讀取裝置識別碼SN。物聯網裝置51可以是圖1的物聯網裝置11~13中的任一者。在步驟S502中,物聯網裝置51可根據裝置識別碼SN與時間參數T(0)產生驗證碼AN(0)(即第一驗證碼)。時間參數T(0)可反映物聯網裝置51端當前的系統時間。在步驟S503中,物聯網裝置51可將裝置識別碼SN與驗證碼AN(0)傳送至管理系統10。在步驟S504中,管理系統10可根據裝置識別碼SN與時間參數T(1)產生驗證碼AN(1)(即第二驗證碼)。時間參數T(1)可反映管理系統10端當前的系統時間。在步驟S505中,管理系統10可比對驗證碼AN(0)與AN(1)。若驗證碼AN(0)與AN(1)一致(例如相同),在步驟S506中,管理系統10可將表示物聯網裝置51通過驗證的認證資訊CT傳送至物聯網裝置51。然而,在一實施例中,若驗證碼AN(0)與AN(1)不一致(例如不相同),則步驟S506可不被執行。FIG. 5 is a sequence diagram illustrating a management operation of an IoT device according to an embodiment of the present invention. Referring to FIG. 5 , in step S501 , the IoT device 51 can read the device identification code SN from its internal storage space. The IoT device 51 may be any one of the IoT devices 11 to 13 of FIG. 1 . In step S502, the IoT device 51 can generate the verification code AN(0) (ie, the first verification code) according to the device identification code SN and the time parameter T(0). The time parameter T(0) can reflect the current system time of the IoT device 51 . In step S503 , the IoT device 51 may transmit the device identification code SN and the verification code AN(0) to the management system 10 . In step S504, the management system 10 may generate the verification code AN(1) (ie, the second verification code) according to the device identification code SN and the time parameter T(1). The time parameter T(1) can reflect the current system time on the management system 10 side. In step S505, the management system 10 may compare the verification codes AN(0) and AN(1). If the verification code AN(0) is the same as AN(1) (eg, the same), in step S506 , the management system 10 may transmit the authentication information CT indicating that the IoT device 51 has passed the verification to the IoT device 51 . However, in one embodiment, if the verification codes AN(0) and AN(1) are inconsistent (eg, not identical), step S506 may not be executed.

此外,在判定物聯網裝置51通過驗證後,在步驟S507中,管理系統10可根據裝置識別碼SN查詢群組清單(例如圖2的群組清單201)。在步驟S508中,管理系統10可根據查詢結果將物聯網裝置51加入至某一預設群組。然而,在一實施例中,若所述群組清單中未記載與裝置識別碼SN(或物聯網裝置51)有關的分組資訊,則步驟S508可不被執行。In addition, after determining that the IoT device 51 has passed the verification, in step S507 , the management system 10 can query the group list (eg, the group list 201 in FIG. 2 ) according to the device identification code SN. In step S508, the management system 10 may add the IoT device 51 to a predetermined group according to the query result. However, in one embodiment, if the group list does not record the grouping information related to the device identification code SN (or the IoT device 51 ), step S508 may not be performed.

圖6是根據本發明的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。請參照圖6,在步驟S601中,物聯網裝置51可觸發一個配對程序。在步驟S602中,響應於此配對程序,物聯網裝置51可傳送配對請求至管理系統10。在步驟S603中,響應於此配對請求,管理系統10可產生配對資訊PI(1)(即第一配對資訊)。在步驟S604中,管理系統10可將配對資訊PI(1)傳送至物聯網裝置51。同時,在步驟S605中,管理系統10可啟動一個計時器。FIG. 6 is a sequence diagram illustrating a management operation of an IoT device according to an embodiment of the present invention. Referring to FIG. 6, in step S601, the IoT device 51 may trigger a pairing procedure. In step S602 , in response to the pairing procedure, the IoT device 51 may transmit a pairing request to the management system 10 . In step S603, in response to the pairing request, the management system 10 may generate pairing information PI(1) (ie, the first pairing information). In step S604 , the management system 10 may transmit the pairing information PI( 1 ) to the IoT device 51 . Meanwhile, in step S605, the management system 10 may start a timer.

另一方面,在接收到配對資訊PI(1)後,在步驟S606中,物聯網裝置51可經由顯示器呈現配對資訊PI(1)。在步驟S607中,通訊裝置61可傳送配對資訊PI(2)(即第二配對資訊)至管理系統10。例如,通訊裝置61可以是圖3的通訊裝置32。若管理系統10在配對資訊PI(1)的有效時間範圍內接收到配對資訊PI(2),在步驟S608中,管理系統10可比對配對資訊PI(1)與PI(2)。若配對資訊PI(1)與PI(2)一致(例如相同),在步驟S609中,管理系統10可將物聯網裝置51加入至通訊裝置61(或其使用者)所指定的用戶群組。然而,在一實施例中,若管理系統10未在配對資訊PI(1)的有效時間範圍內接收到配對資訊PI(2)或配對資訊PI(1)與PI(2)不一致(例如不相同),步驟S609可不執行。On the other hand, after receiving the pairing information PI(1), in step S606, the IoT device 51 may present the pairing information PI(1) via the display. In step S607 , the communication device 61 may transmit the pairing information PI( 2 ) (ie, the second pairing information) to the management system 10 . For example, the communication device 61 may be the communication device 32 of FIG. 3 . If the management system 10 receives the pairing information PI(2) within the valid time range of the pairing information PI(1), in step S608, the management system 10 may compare the pairing information PI(1) and PI(2). If the pairing information PI(1) and PI(2) are identical (eg, the same), in step S609, the management system 10 can add the IoT device 51 to the user group designated by the communication device 61 (or its user). However, in one embodiment, if the management system 10 does not receive the pairing information PI(2) within the valid time range of the pairing information PI(1), or the pairing information PI(1) and PI(2) are inconsistent (eg, not identical) ), step S609 may not be executed.

圖7是根據本發明的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。請參照圖7,接續於圖6的實施例,在一實施例中,在判定配對資訊PI(1)與PI(2)一致(例如相同)後,圖6的步驟S609可不執行。取而代之的是,在步驟S701中,管理系統10可傳送一個互動驗證請求至通訊裝置32。同時,在步驟S702中,管理系統10可傳送一個驗證動作資訊至物聯網裝置51。接著,在步驟S703中,管理系統10可啟動一個計時器。FIG. 7 is a sequence diagram illustrating a management operation of an IoT device according to an embodiment of the present invention. Referring to FIG. 7 , following the embodiment of FIG. 6 , in one embodiment, after it is determined that the pairing information PI(1) and PI(2) are consistent (eg, the same), step S609 in FIG. 6 may not be executed. Instead, in step S701 , the management system 10 may transmit an interactive authentication request to the communication device 32 . Meanwhile, in step S702 , the management system 10 may transmit a verification action information to the IoT device 51 . Next, in step S703, the management system 10 may start a timer.

在接收到驗證動作資訊後,在步驟S704中,物聯網裝置51可呈現對應於此驗證動作資訊的互動導引訊息。在步驟S705中,通訊裝置32可接收一個用戶操作。例如,此用戶操作可以是使用者根據物聯網裝置51所呈現的互動引導訊息而對通訊裝置32執行的操作行為。在步驟S706中,通訊裝置32可傳送反映此用戶操作的用戶行為資訊至管理系統10。若在此互動驗證請求的有效時間範圍內有接收到此用戶行為資訊,且此用戶行為資訊所反映的用戶行為與所述互動驗證請求所請求的用戶行為一致,在步驟S707中,管理系統10可將物聯網裝置51加入至通訊裝置61(或其使用者)所指定的用戶群組。然而,在一實施例中,若在此互動驗證請求的有效時間範圍內未接收到此用戶行為資訊或此用戶行為資訊所反映的用戶行為與所述互動驗證請求所請求的用戶行為不一致,則步驟S707可不執行。After receiving the verification action information, in step S704, the IoT device 51 may present an interactive guide message corresponding to the verification action information. In step S705, the communication device 32 may receive a user operation. For example, the user operation may be an operation behavior performed by the user on the communication device 32 according to the interactive guidance message presented by the IoT device 51 . In step S706 , the communication device 32 may transmit the user behavior information reflecting the user operation to the management system 10 . If the user behavior information is received within the valid time range of the interactive verification request, and the user behavior reflected by the user behavior information is consistent with the user behavior requested by the interactive verification request, in step S707, the management system 10 The IoT device 51 can be added to a user group designated by the communication device 61 (or its user). However, in one embodiment, if the user behavior information is not received within the valid time range of the interactive verification request or the user behavior reflected by the user behavior information is inconsistent with the user behavior requested by the interactive verification request, then Step S707 may not be executed.

然而,圖4至圖7中各步驟已詳細說明如上,在此便不再贅述。值得注意的是,圖4至圖7中各步驟可以實作為多個程式碼或是電路,本發明不加以限制。此外,圖4至圖7的方法可以搭配以上實施例使用,也可以單獨使用,本發明不加以限制。However, each step in FIG. 4 to FIG. 7 has been described in detail as above, and will not be repeated here. It should be noted that each step in FIG. 4 to FIG. 7 can be implemented as a plurality of codes or circuits, which is not limited by the present invention. In addition, the methods of FIG. 4 to FIG. 7 can be used in combination with the above embodiments, and can also be used alone, which is not limited in the present invention.

綜上所述,在使用帶有時效性的識別資訊來驗證物聯網裝置後,若此物聯網裝置的分組資訊已事先記載於管理系統中,則此物聯網裝置可自動被歸戶(即分組)至預設群組,從而完成全自動化的歸戶作業與存取權限分配。此外,即便某一物聯網裝置的分組資訊未記載於管理系統中,也可以透過後續的單階段驗證或雙重驗證來將此物聯網裝置歸戶至使用者所指定的用戶群組。藉此,可便捷且安全地對物聯網裝置進行群組與存取權限的分配。To sum up, after using the time-sensitive identification information to verify the IoT device, if the grouping information of the IoT device has been recorded in the management system in advance, the IoT device can be automatically returned to the home (ie, grouped). ) to the default group for fully automated homework and access rights assignment. In addition, even if the group information of a certain IoT device is not recorded in the management system, the IoT device can be returned to the user group designated by the user through subsequent single-stage verification or two-step verification. In this way, groups and access rights can be assigned to the IoT devices conveniently and securely.

雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何所屬技術領域中具有通常知識者,在不脫離本揭露的精神和範圍內,當可作些許的更動與潤飾,故本揭露的保護範圍當視後附的申請專利範圍所界定者為準。Although the present disclosure has been disclosed above with examples, it is not intended to limit the present disclosure. Anyone with ordinary knowledge in the technical field may make some changes and modifications without departing from the spirit and scope of the present disclosure. The scope of protection of the present disclosure shall be determined by the scope of the appended patent application.

10:管理系統 11~13, 31, 51:物聯網裝置 101, 102:管理者 G(A), G(B), G(C), G(S):群組 21:通訊介面 22:儲存電路 23:處理器 201:群組清單 301:使用者 32, 61:通訊裝置 S401~S407, S501~S508, S601~S609, S701~S707:步驟 81:畫面 801:互動引導訊息 10: Management System 11~13, 31, 51: IoT devices 101, 102: Managers G(A), G(B), G(C), G(S): Group 21: Communication interface 22: Storage circuit 23: Processor 201: Group List 301: User 32, 61: Communication devices S401~S407, S501~S508, S601~S609, S701~S707: Steps 81: Screen 801: Interactive Guidance Message

圖1是根據本發明的一實施例所繪示的管理物聯網裝置的示意圖。 圖2是根據本發明的一實施例所繪示的物聯網裝置的管理系統的概要方塊圖。 圖3是根據本發明的一實施例所繪示的對屬於系統群組的物聯網裝置進行分組的示意圖。 圖4是根據本發明的一實施例所繪示的物聯網裝置的管理方法的流程圖。 圖5是根據本發明的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。 圖6是根據本發明的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。 圖7是根據本發明的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。 圖8是根據本發明的一實施例所繪示的呈現互動導引訊息的示意圖。 FIG. 1 is a schematic diagram of managing an IoT device according to an embodiment of the present invention. FIG. 2 is a schematic block diagram of a management system of an IoT device according to an embodiment of the present invention. FIG. 3 is a schematic diagram of grouping IoT devices belonging to a system group according to an embodiment of the present invention. FIG. 4 is a flowchart of a management method of an IoT device according to an embodiment of the present invention. FIG. 5 is a sequence diagram illustrating a management operation of an IoT device according to an embodiment of the present invention. FIG. 6 is a sequence diagram illustrating a management operation of an IoT device according to an embodiment of the present invention. FIG. 7 is a sequence diagram illustrating a management operation of an IoT device according to an embodiment of the present invention. FIG. 8 is a schematic diagram of presenting interactive guidance information according to an embodiment of the present invention.

10:管理系統 10: Management System

11~13:物聯網裝置 11~13: IoT Devices

101,102:管理者 101, 102: Managers

G(A),G(B):群組 G(A),G(B): group

Claims (14)

一種物聯網裝置的管理系統,包括: 一通訊介面; 一儲存裝置,儲存一群組清單;以及 一處理器,耦接至該通訊介面與該儲存裝置並且用以: 經由該通訊介面從一物聯網裝置接收帶有時效性的一識別資訊; 根據該識別資訊驗證該物聯網裝置; 若該物聯網裝置通過驗證,根據該群組清單判斷該物聯網裝置是否屬於一預設群組;以及 若該物聯網裝置屬於該預設群組,將該物聯網裝置加入至該預設群組並賦予該預設群組的一管理者存取該物聯網裝置的權限。 A management system for an Internet of Things device, comprising: a communication interface; a storage device storing a group list; and a processor coupled to the communication interface and the storage device for: Receive a time-sensitive identification information from an IoT device via the communication interface; Authenticate the IoT device based on the identification information; If the IoT device passes the verification, determining whether the IoT device belongs to a preset group according to the group list; and If the IoT device belongs to the default group, the IoT device is added to the default group and a manager of the default group is given permission to access the IoT device. 如請求項1所述的物聯網裝置的管理系統,其中該識別資訊包括該物聯網裝置的一裝置識別碼與一第一驗證碼,且該第一驗證碼屬於基於時間的一次性密碼。The management system of an IoT device according to claim 1, wherein the identification information includes a device identification code and a first verification code of the IoT device, and the first verification code is a time-based one-time password. 如請求項2所述的物聯網裝置的管理系統,其中該第一驗證碼是該物聯網裝置基於對該裝置識別碼與一時間參數進行編碼而產生。The management system of an IoT device according to claim 2, wherein the first verification code is generated by the IoT device based on encoding the device identification code and a time parameter. 如請求項2所述的物聯網裝置的管理系統,其中該處理器更用以: 根據該裝置識別碼產生一第二驗證碼; 比較該第一驗證碼與該第二驗證碼;以及 若該第一驗證碼與該第二驗證碼一致,判定該物聯網裝置通過驗證。 The management system of the Internet of Things device as claimed in claim 2, wherein the processor is further configured to: generating a second verification code according to the device identification code; comparing the first verification code with the second verification code; and If the first verification code is consistent with the second verification code, it is determined that the IoT device has passed the verification. 如請求項1所述的物聯網裝置的管理系統,其中該處理器更用以: 根據該識別資訊中的一裝置識別碼查詢該群組清單;以及 根據一查詢結果判斷物聯網裝置是否屬於該預設群組。 The management system of the Internet of Things device as claimed in claim 1, wherein the processor is further configured to: query the group list according to a device identification code in the identification information; and It is determined whether the IoT device belongs to the preset group according to a query result. 如請求項1所述的物聯網裝置的管理系統,其中該處理器更用以: 若該物聯網裝置不屬於該預設群組,經由該通訊介面從該物聯網裝置接收一配對請求; 根據該配對請求,經由該通訊介面將一第一配對資訊傳送至該物聯網裝置; 在該第一配對資訊的一有效時間範圍內,經由該通訊介面從一通訊裝置接收一第二配對資訊;以及 若該第一配對資訊與該第二配對資訊一致,將該物聯網裝置加入至該通訊裝置所指定的一用戶群組。 The management system of the Internet of Things device as claimed in claim 1, wherein the processor is further configured to: If the IoT device does not belong to the default group, receive a pairing request from the IoT device via the communication interface; According to the pairing request, send a first pairing information to the IoT device via the communication interface; receiving a second pairing information from a communication device via the communication interface within a valid time range of the first pairing information; and If the first pairing information is consistent with the second pairing information, the IoT device is added to a user group designated by the communication device. 如請求項6所述的物聯網裝置的管理系統,其中該處理器更用以: 在判定該第一配對資訊與該第二配對資訊一致後,經由該通訊介面發送一互動驗證請求至該通訊裝置; 在該互動驗證請求的一有效時間範圍內,經由該通訊介面從該通訊裝置接收一用戶行為資訊;以及 根據該用戶行為資訊將該物聯網裝置加入至該通訊裝置所指定的該用戶群組。 The management system of an Internet of Things device as claimed in claim 6, wherein the processor is further configured to: After determining that the first pairing information is consistent with the second pairing information, send an interactive verification request to the communication device through the communication interface; Receive a user behavior information from the communication device via the communication interface within a valid time range of the interaction verification request; and The Internet of Things device is added to the user group designated by the communication device according to the user behavior information. 一種物聯網裝置的管理方法,包括: 從一物聯網裝置接收帶有時效性的一識別資訊; 根據該識別資訊驗證該物聯網裝置; 若該物聯網裝置通過驗證,根據一群組清單判斷該物聯網裝置是否屬於一預設群組;以及 若該物聯網裝置屬於該預設群組,將該物聯網裝置加入至該預設群組並賦予該預設群組的一管理者存取該物聯網裝置的權限。 A management method for an Internet of Things device, comprising: Receive time-sensitive identification information from an IoT device; Authenticate the IoT device based on the identification information; If the IoT device passes the verification, determining whether the IoT device belongs to a preset group according to a group list; and If the IoT device belongs to the default group, the IoT device is added to the default group and a manager of the default group is given permission to access the IoT device. 如請求項8所述的物聯網裝置的管理方法,其中該識別資訊包括該物聯網裝置的一裝置識別碼與一第一驗證碼,且該第一驗證碼屬於基於時間的一次性密碼。The management method of an IoT device according to claim 8, wherein the identification information includes a device identification code and a first verification code of the IoT device, and the first verification code is a time-based one-time password. 如請求項9所述的物聯網裝置的管理方法,其中該第一驗證碼是該物聯網裝置基於對該裝置識別碼與一時間參數進行編碼而產生。The method for managing an IoT device according to claim 9, wherein the first verification code is generated by the IoT device based on encoding the device identification code and a time parameter. 如請求項9所述的物聯網裝置的管理方法,其中根據該識別資訊驗證該物聯網裝置的步驟包括: 根據該裝置識別碼產生一第二驗證碼; 比較該第一驗證碼與該第二驗證碼;以及 若該第一驗證碼與該第二驗證碼一致,判定該物聯網裝置通過驗證。 The management method of the Internet of Things device according to claim 9, wherein the step of authenticating the Internet of Things device according to the identification information comprises: generating a second verification code according to the device identification code; comparing the first verification code with the second verification code; and If the first verification code is consistent with the second verification code, it is determined that the IoT device has passed the verification. 如請求項8所述的物聯網裝置的管理方法,其中根據該群組清單判斷該物聯網裝置是否屬於該預設群組的步驟包括: 根據該識別資訊中的一裝置識別碼查詢該群組清單;以及 根據一查詢結果判斷物聯網裝置是否屬於該預設群組。 The method for managing an IoT device according to claim 8, wherein the step of judging whether the IoT device belongs to the preset group according to the group list comprises: query the group list according to a device identification code in the identification information; and It is determined whether the IoT device belongs to the preset group according to a query result. 如請求項8所述的物聯網裝置的管理方法,更包括: 若該物聯網裝置不屬於該預設群組,從該物聯網裝置接收一配對請求; 根據該配對請求,將一第一配對資訊傳送至該物聯網裝置; 在該第一配對資訊的一有效時間範圍內,從一通訊裝置接收一第二配對資訊;以及 若該第一配對資訊與該第二配對資訊一致,將該物聯網裝置加入至該通訊裝置所指定的一用戶群組。 The management method for an Internet of Things device as claimed in claim 8, further comprising: If the IoT device does not belong to the preset group, receive a pairing request from the IoT device; sending a first pairing information to the IoT device according to the pairing request; receiving a second pairing information from a communication device within a valid time range of the first pairing information; and If the first pairing information is consistent with the second pairing information, the IoT device is added to a user group designated by the communication device. 如請求項13所述的物聯網裝置的管理方法,其中將該物聯網裝置加入至該通訊裝置所指定的該用戶群組的步驟包括: 在判定該第一配對資訊與該第二配對資訊一致後,發送一互動驗證請求至該通訊裝置; 在該互動驗證請求的一有效時間範圍內,從該通訊裝置接收一用戶行為資訊;以及 根據該用戶行為資訊將該物聯網裝置加入至該通訊裝置所指定的該用戶群組。 The method for managing an IoT device according to claim 13, wherein the step of adding the IoT device to the user group designated by the communication device comprises: After determining that the first pairing information is consistent with the second pairing information, sending an interactive verification request to the communication device; Receive a user behavior information from the communication device within a valid time frame of the interaction verification request; and The Internet of Things device is added to the user group designated by the communication device according to the user behavior information.
TW110103598A 2021-01-29 2021-01-29 Management system for iot devices and management method thereof. TW202231017A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110103598A TW202231017A (en) 2021-01-29 2021-01-29 Management system for iot devices and management method thereof.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110103598A TW202231017A (en) 2021-01-29 2021-01-29 Management system for iot devices and management method thereof.

Publications (1)

Publication Number Publication Date
TW202231017A true TW202231017A (en) 2022-08-01

Family

ID=83782451

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110103598A TW202231017A (en) 2021-01-29 2021-01-29 Management system for iot devices and management method thereof.

Country Status (1)

Country Link
TW (1) TW202231017A (en)

Similar Documents

Publication Publication Date Title
CN108293045B (en) Single sign-on identity management between local and remote systems
US10855690B2 (en) Management of secrets using stochastic processes
CN110463161B (en) Password state machine for accessing protected resources
US10484359B2 (en) Device-level authentication with unique device identifiers
US9432358B2 (en) System and method of authenticating user account login request messages
CN106664291B (en) System and method for providing secure access to local network devices
US20080114980A1 (en) System, method and apparatus for using standard and extended storage devices in two-factor authentication
US9900159B2 (en) Solid state storage device with command and control access
WO2015142402A1 (en) Device-driven user authentication
CN110781468A (en) Identity authentication processing method and device, electronic equipment and storage medium
US10389693B2 (en) Keys for encrypted disk partitions
US20200218815A1 (en) Systems and methods for distributed ledger management
JP5013931B2 (en) Apparatus and method for controlling computer login
US9223949B1 (en) Secure transformable password generation
US11757877B1 (en) Decentralized application authentication
EP3937040B1 (en) Systems and methods for securing login access
US11893585B2 (en) Associating multiple user accounts with a content output device
US10652279B1 (en) Encryption compliance verification system
US10318725B2 (en) Systems and methods to enable automatic password management in a proximity based authentication
US20160028718A1 (en) Information processing apparatus, information processing method, and non-transitory computer readable medium
US10158623B2 (en) Data theft deterrence
WO2015062266A1 (en) System and method of authenticating user account login request messages
TW202231017A (en) Management system for iot devices and management method thereof.
US11232220B2 (en) Encryption management for storage devices
TWM615402U (en) Management system for iot devices