TWM615402U - Management system for iot devices - Google Patents

Management system for iot devices Download PDF

Info

Publication number
TWM615402U
TWM615402U TW110201185U TW110201185U TWM615402U TW M615402 U TWM615402 U TW M615402U TW 110201185 U TW110201185 U TW 110201185U TW 110201185 U TW110201185 U TW 110201185U TW M615402 U TWM615402 U TW M615402U
Authority
TW
Taiwan
Prior art keywords
internet
things device
things
group
management system
Prior art date
Application number
TW110201185U
Other languages
Chinese (zh)
Inventor
范榮軒
劉柏伶
Original Assignee
奧暢雲服務股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 奧暢雲服務股份有限公司 filed Critical 奧暢雲服務股份有限公司
Priority to TW110201185U priority Critical patent/TWM615402U/en
Publication of TWM615402U publication Critical patent/TWM615402U/en

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

A management system for IOT (Internet of Things) devices. The management system includes a communication interface, a storage device and a processor. The storage device stores a group list. The processor is configured to: receive identification information carrying a timestamp from an IOT device through the communication interface; authenticate the IOT device according to the identification information; if the IOT device passes the authentication, determine whether the IOT device belongs to a predetermined group according to the group list; and if the IOT device belongs to the predetermined group, group the IOT device to the predetermined group and assign an authority for accessing the IOT device to a manager of the predetermined group.

Description

物聯網裝置的管理系統Management system for IoT devices

本新型創作是有關於一種物聯網裝置的管理系統。This new creation relates to a management system for Internet of Things devices.

隨著科技的進步,物聯網裝置的使用也越來越普及。例如,常見的物聯網裝置大至飛機或汽車,小至工業電腦、電視或冷氣機。一般來說,物聯網裝置在出廠前或出廠後,都需要對其合法管理者進行存取權限的管控。例如,最簡單的方式,是在物聯網裝置出廠前,就先將管理者的身分資訊設定於物聯網裝置中。物聯網裝置出廠後,可直接根據預先設定的身分資訊而允許合法的管理者對其進行存取。但是,這樣的管理機制必須在物聯網裝置出廠前就作好存取權限的相關設定,在物聯網裝置出廠後的使用上缺乏彈性。With the advancement of technology, the use of IoT devices has become more and more popular. For example, common IoT devices range from airplanes or cars to industrial computers, TVs, or air conditioners. Generally speaking, before or after leaving the factory, the Internet of Things device needs to control the access rights of its legal administrators. For example, the easiest way is to set the administrator's identity information in the IoT device before the IoT device leaves the factory. After the Internet of Things device leaves the factory, it can be accessed by legal administrators directly based on the preset identity information. However, such a management mechanism must make relevant settings for access permissions before the IoT device leaves the factory, and it lacks flexibility in the use of the IoT device after it leaves the factory.

此外,某些類型的物聯網裝置可以在出廠後,由管理人員使用此物聯網裝置的設備識別碼向遠端的管理伺服器請求下載憑證以進行管理權限的設定。但是,實務上曾經發生駭客使用偽造的設備識別碼來控制他人的物聯網裝置的例子,故使用上具有安全性的疑慮。In addition, after some types of IoT devices are shipped from the factory, the administrator can use the device identification code of the IoT device to request a download certificate from the remote management server to set the management authority. However, in practice, there have been instances of hackers using forged device identification codes to control other people's IoT devices, so there are concerns about security.

本新型創作提供一種物聯網裝置的管理系統與管理方法,可便捷且安全地對物聯網裝置進行群組與存取權限的分配。The novel creation provides a management system and management method for Internet of Things devices, which can conveniently and safely allocate groups and access permissions to Internet of Things devices.

本新型創作的實施例提供一種物聯網裝置的管理系統,其包括通訊介面、儲存裝置及處理器。所述儲存裝置儲存有群組清單。所述處理器耦接至所述通訊介面與所述儲存裝置並且用以:經由所述通訊介面從物聯網裝置接收帶有時效性的識別資訊;根據所述識別資訊驗證所述物聯網裝置;若所述物聯網裝置通過驗證,根據所述群組清單判斷所述物聯網裝置是否屬於預設群組;以及若所述物聯網裝置屬於所述預設群組,將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。The embodiment of the present invention provides a management system for Internet of Things devices, which includes a communication interface, a storage device, and a processor. The storage device stores a group list. The processor is coupled to the communication interface and the storage device and is used to: receive time-sensitive identification information from an Internet of Things device via the communication interface; verify the Internet of Things device according to the identification information; If the Internet of Things device passes the verification, determine whether the Internet of Things device belongs to a preset group based on the group list; and if the Internet of Things device belongs to the preset group, add the Internet of Things device to To the preset group and grant the administrator of the preset group the permission to access the Internet of Things device.

本新型創作的實施例另提供一種物聯網裝置的管理方法,其包括:從物聯網裝置接收帶有時效性的識別資訊;根據所述識別資訊驗證所述物聯網裝置;若所述物聯網裝置通過驗證,根據群組清單判斷所述物聯網裝置是否屬於預設群組;以及若所述物聯網裝置屬於所述預設群組,將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。The embodiment of the present invention also provides a method for managing the Internet of Things device, which includes: receiving time-sensitive identification information from the Internet of Things device; verifying the Internet of Things device according to the identification information; if the Internet of Things device After verification, determine whether the Internet of Things device belongs to a preset group according to the group list; and if the Internet of Things device belongs to the preset group, add the Internet of Things device to the preset group and The administrator of the preset group is given the authority to access the Internet of Things device.

基於上述,在經由通訊介面從物聯網裝置接收帶有時效性的識別資訊後,可根據所述識別資訊驗證所述物聯網裝置。若所述物聯網裝置通過驗證,可根據群組清單判斷所述物聯網裝置是否屬於預設群組。若所述物聯網裝置屬於所述預設群組,可將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。藉此,可便捷且安全地對物聯網裝置進行群組與存取權限的分配。Based on the above, after receiving time-sensitive identification information from the Internet of Things device via the communication interface, the Internet of Things device can be verified according to the identification information. If the Internet of Things device passes the verification, it can be determined whether the Internet of Things device belongs to a preset group according to the group list. If the Internet of Things device belongs to the preset group, the Internet of Things device can be added to the preset group and the administrator of the preset group is given the permission to access the Internet of Things device. In this way, it is possible to conveniently and safely assign groups and access permissions to IoT devices.

圖1是根據本新型創作的一實施例所繪示的管理物聯網裝置的示意圖。圖2是根據本新型創作的一實施例所繪示的物聯網裝置的管理系統的概要方塊圖。請參照圖1與圖2,管理系統10可用以管理物聯網裝置11~13。管理系統10可實作為桌上型電腦、筆記型電腦、平板電腦、伺服器主機或工業電腦等各類型的電腦裝置。FIG. 1 is a schematic diagram of managing an Internet of Things device according to an embodiment of the creation of the present invention. Fig. 2 is a schematic block diagram of a management system of an Internet of Things device according to an embodiment of the present invention. 1 and 2, the management system 10 can be used to manage the Internet of Things devices 11-13. The management system 10 can be implemented as various types of computer devices such as a desktop computer, a notebook computer, a tablet computer, a server host, or an industrial computer.

物聯網裝置11~13皆具有連網與資料處理能力。須注意的是,在一實施例中,物聯網裝置11~13分別是以工業電腦、數位看板及大型顯示器作為範例,但物聯網裝置11~13的類型不限於此。在另一實施例中,物聯網裝置11~13還可包括伺服器主機、多媒體事務機(Kiosk)、掃地機器人、智能電視或智能冰箱等各式符合物聯網規範的電子裝置。此外,物聯網裝置11~13的數目還可以是更多或更少,本新型創作不加以限制。The Internet of Things devices 11-13 all have networking and data processing capabilities. It should be noted that, in one embodiment, the IoT devices 11-13 are industrial computers, digital signage, and large displays respectively as examples, but the types of the IoT devices 11-13 are not limited to this. In another embodiment, the Internet of Things devices 11-13 may also include various electronic devices that comply with the Internet of Things specifications, such as a server host, a Kiosk, a sweeping robot, a smart TV, or a smart refrigerator. In addition, the number of Internet of Things devices 11-13 can also be more or less, and the creation of this new type is not limited.

管理系統10包括通訊介面21、儲存電路22及處理器23。通訊介面21可用以與物聯網裝置11~13通訊。例如,通訊介面21可包括有線網路介面卡以支援乙太網路(Ethernet)等有線通訊協定及/或無線網路介面卡以支援WiFi等無線通訊協定。The management system 10 includes a communication interface 21, a storage circuit 22 and a processor 23. The communication interface 21 can be used to communicate with the Internet of Things devices 11-13. For example, the communication interface 21 may include a wired network interface card to support wired communication protocols such as Ethernet and/or a wireless network interface card to support wireless communication protocols such as WiFi.

儲存電路22可包括揮發性記憶體模組與非揮發性記憶體模組。揮發性記憶體模組可用以揮發性地儲存資料。非揮發性記憶體模組可用以非揮發性地儲存資料。例如,揮發性記憶體模組可包括動態隨機存取記憶體(Dynamic Random Access Memory, DRAM),且非揮發性記憶體模組可包括傳統硬碟(Hard Disk Drive, HDD)及/或固態硬碟(Solid state drive, SSD)。The storage circuit 22 may include a volatile memory module and a non-volatile memory module. Volatile memory modules can be used to store data volatilely. The non-volatile memory module can be used to store data non-volatile. For example, volatile memory modules may include dynamic random access memory (Dynamic Random Access Memory, DRAM), and non-volatile memory modules may include traditional hard disk drives (Hard Disk Drive, HDD) and/or solid state hard disks. Disk (Solid state drive, SSD).

處理器23耦接至通訊介面21與儲存電路22。處理器23可用以負責管理系統10的整體或部分操作。例如,處理器23可包括中央處理單元(Central Processing Unit, CPU)、或是其他可程式化之一般用途或特殊用途的微處理器、數位訊號處理器(Digital Signal Processor, DSP)、可程式化控制器、特殊應用積體電路(Application Specific Integrated Circuits, ASIC)、可程式化邏輯裝置(Programmable Logic Device, PLD)或其他類似裝置或這些裝置的組合。The processor 23 is coupled to the communication interface 21 and the storage circuit 22. The processor 23 can be used to manage the whole or part of the operation of the system 10. For example, the processor 23 may include a central processing unit (Central Processing Unit, CPU), or other programmable general-purpose or special-purpose microprocessors, digital signal processors (DSP), and programmable Controller, Application Specific Integrated Circuits (ASIC), Programmable Logic Device (PLD) or other similar devices or a combination of these devices.

在一實施例中,儲存電路22儲存有群組清單201。群組清單201用以記載一或多個物聯網裝置是否已經被預先分配至特定群組的相關資訊。當物聯網裝置11~13中的任一者出廠後且經由網路(例如Internet)連接至管理系統10時,管理系統10可先對此物聯網裝置進行驗證。若此物聯網裝置通過驗證,管理系統10可根據群組清單201中的資訊來決定是否將此物聯網裝置加入至某一群組。In one embodiment, the storage circuit 22 stores a group list 201. The group list 201 is used to record information about whether one or more IoT devices have been pre-allocated to a specific group. When any one of the Internet of Things devices 11-13 is connected to the management system 10 via a network (such as the Internet) after being shipped from the factory, the management system 10 may first verify the Internet of Things devices. If the IoT device passes the verification, the management system 10 can determine whether to add the IoT device to a group based on the information in the group list 201.

在一實施例中,處理器23可經由通訊介面21從物聯網裝置11接收帶有時效性的識別資訊。處理器23可根據此識別資訊來驗證物聯網裝置11。若物聯網裝置11通過驗證,處理器23可根據群組清單201判斷物聯網裝置11是否屬於某一預設群組。在一實施例中,假設群組清單201反映物聯網裝置11已被預先分組至群組G(A)。因此,處理器23可根據群組清單201將物聯網裝置11加入至群組G(A)並賦予群組G(A)的管理者101存取物聯網裝置11的權限。In an embodiment, the processor 23 may receive time-sensitive identification information from the Internet of Things device 11 via the communication interface 21. The processor 23 can verify the IoT device 11 based on the identification information. If the IoT device 11 passes the verification, the processor 23 can determine whether the IoT device 11 belongs to a certain preset group according to the group list 201. In one embodiment, it is assumed that the group list 201 reflects that the IoT devices 11 have been pre-grouped into the group G(A). Therefore, the processor 23 can add the IoT device 11 to the group G(A) according to the group list 201 and grant the administrator 101 of the group G(A) the permission to access the IoT device 11.

在一實施例中,處理器23可經由通訊介面21分別從物聯網裝置12與13接收帶有時效性的識別資訊。處理器23可根據此識別資訊來驗證物聯網裝置12與13。若物聯網裝置12與13皆通過驗證,處理器23可根據群組清單201判斷物聯網裝置12與13是否屬於一或多個預設群組。在一實施例中,假設群組清單201反映物聯網裝置12與13皆已被預先分組至群組G(B)。因此,處理器23可根據群組清單201將物聯網裝置12與13加入至群組G(B)並賦予群組G(B)的管理者102存取物聯網裝置12與13的權限。In an embodiment, the processor 23 may receive time-sensitive identification information from the Internet of Things devices 12 and 13 via the communication interface 21, respectively. The processor 23 can verify the IoT devices 12 and 13 based on the identification information. If both the IoT devices 12 and 13 pass the verification, the processor 23 can determine whether the IoT devices 12 and 13 belong to one or more preset groups according to the group list 201. In one embodiment, it is assumed that the group list 201 reflects that the IoT devices 12 and 13 have been pre-grouped into the group G(B). Therefore, the processor 23 can add the IoT devices 12 and 13 to the group G(B) according to the group list 201 and grant the administrator 102 of the group G(B) the permission to access the IoT devices 12 and 13.

須注意的是,在前述實施例中,管理者101未被賦予存取屬於群組G(B)的物聯網裝置的權限。因此,管理者101只能存取屬於群組G(A)的物聯網裝置(例如物聯網裝置11),而無法存取屬於群組G(B)的物聯網裝置(例如物聯網裝置12與13)。同理,管理者102未被賦予存取屬於群組G(A)的物聯網裝置的權限。因此,管理者102只能存取屬於群組G(B)的物聯網裝置(例如物聯網裝置12與13),而無法存取屬於群組G(A)的物聯網裝置(例如物聯網裝置11)。在以下實施例中,將以物聯網裝置11作為範例,更進一步說明前述的驗證與分組的相關操作細節。It should be noted that in the foregoing embodiment, the administrator 101 is not given the authority to access the IoT devices belonging to the group G(B). Therefore, the administrator 101 can only access the Internet of Things devices (such as the Internet of Things device 11) belonging to the group G (A), but cannot access the Internet of Things devices (such as the Internet of Things device 12 and the Internet of Things device 12) belonging to the group G (B). 13). Similarly, the administrator 102 is not given the permission to access the IoT devices belonging to the group G(A). Therefore, the administrator 102 can only access the IoT devices belonging to group G(B) (such as IoT devices 12 and 13), but cannot access the IoT devices belonging to group G(A) (such as IoT devices). 11). In the following embodiments, the IoT device 11 will be taken as an example to further illustrate the aforementioned verification and grouping related operations.

在一實施例中,來自物聯網裝置11的識別資訊包括物聯網裝置11的裝置識別碼與一個驗證碼(亦稱為第一驗證碼)。物聯網裝置11的裝置識別碼可為物聯網裝置11專屬的唯一識別碼,例如,物聯網裝置11的序列號碼。此外,此第一驗證碼屬於基於時間的一次性密碼。In one embodiment, the identification information from the Internet of Things device 11 includes the device identification code of the Internet of Things device 11 and a verification code (also referred to as a first verification code). The device identification code of the Internet of Things device 11 may be a unique identification code unique to the Internet of Things device 11, for example, the serial number of the Internet of Things device 11. In addition, this first verification code is a time-based one-time password.

在一實施例中,物聯網裝置11可對其自身的裝置識別碼(例如序列號碼)與一個時間參數進行編碼以產生第一驗證碼。此時間參數可反映物聯網裝置11在執行此編碼時的系統時間。在一實施例中,物聯網裝置11可將所述裝置識別碼與所述時間參數輸入至基於時間的一次性密碼(Time-based One-Time password, TOTP)演算法。例如,此TOTP演算法可包含對所述裝置識別碼與所述時間參數執行雜湊運算。物聯網裝置11可根據此TOTP演算法的輸出產生第一驗證碼。藉此,所產生的第一驗證碼可具有時效性且可反映所述時間參數。然後,物聯網裝置11可將包含物聯網裝置11的裝置識別碼與第一驗證碼的識別資訊傳送至管理系統10。In an embodiment, the IoT device 11 may encode its own device identification code (such as a serial number) and a time parameter to generate the first verification code. This time parameter can reflect the system time of the IoT device 11 when executing this encoding. In one embodiment, the IoT device 11 can input the device identification code and the time parameter into a Time-based One-Time password (TOTP) algorithm. For example, the TOTP algorithm may include performing a hash operation on the device identification code and the time parameter. The Internet of Things device 11 can generate the first verification code according to the output of the TOTP algorithm. In this way, the generated first verification code can be time-sensitive and can reflect the time parameter. Then, the Internet of Things device 11 can transmit the identification information including the device identification code of the Internet of Things device 11 and the first verification code to the management system 10.

在一實施例中,在接收到包含物聯網裝置11的裝置識別碼與第一驗證碼的識別資訊後,管理系統10的處理器23可根據此裝置識別碼產生另一個驗證碼(亦稱為第二驗證碼)。例如,第二驗證碼也屬於基於時間的一次性密碼。例如,處理器23可使用與物聯網裝置11相同的TOTP演算法來對所接收到的裝置識別碼與一個時間參數進行編碼以產生第二驗證碼。此時間參數可反映處理器23在執行此編碼時的系統時間。然後,處理器23可比較第一驗證碼與第二驗證碼。若第一驗證碼與第二驗證碼一致(例如相同),處理器23可判定物聯網裝置11通過驗證。反之,若第一驗證碼與第二驗證碼不一致(例如不相同),處理器23可判定物聯網裝置11未通過驗證。In one embodiment, after receiving the identification information including the device identification code of the IoT device 11 and the first verification code, the processor 23 of the management system 10 may generate another verification code (also referred to as the device identification code) according to the device identification code. The second verification code). For example, the second verification code is also a time-based one-time password. For example, the processor 23 may use the same TOTP algorithm as the Internet of Things device 11 to encode the received device identification code and a time parameter to generate the second verification code. This time parameter can reflect the system time when the processor 23 is executing this encoding. Then, the processor 23 may compare the first verification code with the second verification code. If the first verification code is consistent with the second verification code (for example, the same), the processor 23 may determine that the IoT device 11 is verified. Conversely, if the first verification code and the second verification code are inconsistent (for example, they are not the same), the processor 23 may determine that the IoT device 11 has not passed the verification.

在一實施例中,若物聯網裝置11通過驗證,處理器23可經由通訊介面21傳送一個認證資訊至物聯網裝置11。爾後,此認證資訊可用以表示物聯網裝置11已通過認證。In one embodiment, if the IoT device 11 passes the verification, the processor 23 may send a piece of authentication information to the IoT device 11 via the communication interface 21. Thereafter, this certification information can be used to indicate that the IoT device 11 has been certified.

在一實施例中,在判定物聯網裝置11通過驗證後,處理器23可根據此裝置識別碼查詢群組清單201。然後,處理器23可根據查詢結果判斷物聯網裝置11是否屬於某一個預設群組。例如,假設群組清單201中記載有物聯網裝置11的裝置識別碼與群組G(A)之間的對應關係,則處理器23可判定物聯網裝置11應屬於群組G(A)。因此,處理器23可將物聯網裝置11加入至群組G(A)並賦予群組G(A)的管理者101存取物聯網裝置11的權限。In one embodiment, after determining that the IoT device 11 is verified, the processor 23 may query the group list 201 according to the device identification code. Then, the processor 23 can determine whether the Internet of Things device 11 belongs to a certain preset group according to the query result. For example, assuming that the corresponding relationship between the device identification code of the IoT device 11 and the group G(A) is recorded in the group list 201, the processor 23 may determine that the IoT device 11 should belong to the group G(A). Therefore, the processor 23 can add the IoT device 11 to the group G(A) and grant the administrator 101 of the group G(A) the right to access the IoT device 11.

在一實施例中,若物聯網裝置11未通過驗證,表示物聯網裝置11的裝置識別碼可能被盜用。例如,駭客等惡意使用者可能正在嘗試將他人擁有的物聯網裝置11歸戶至駭客所指定的群組。此時,處理器23可判定物聯網裝置11為非法裝置而不對物聯網裝置11執行分組,避免駭客取得對於物聯網裝置11的存取權限。In one embodiment, if the IoT device 11 fails the verification, it means that the device identification code of the IoT device 11 may be stolen. For example, a malicious user such as a hacker may be trying to return an IoT device 11 owned by another person to a group designated by the hacker. At this time, the processor 23 can determine that the Internet of Things device 11 is an illegal device and does not perform grouping on the Internet of Things device 11 to prevent hackers from obtaining access rights to the Internet of Things device 11.

在一實施例中,若群組清單201中未記載物聯網裝置11的裝置識別碼與任何群組之間的對應關係,處理器23可暫時將物聯網裝置11加入至一個系統群組G(S),以等待歸戶(即分組)。In one embodiment, if the corresponding relationship between the device identification code of the IoT device 11 and any group is not recorded in the group list 201, the processor 23 may temporarily add the IoT device 11 to a system group G( S), to wait for return (ie grouping).

圖3是根據本新型創作的一實施例所繪示的對屬於系統群組的物聯網裝置進行分組的示意圖。請參照圖2與圖3,在一實施例中,假設物聯網裝置31已被加入至系統群組G(S)。Fig. 3 is a schematic diagram of grouping IoT devices belonging to a system group according to an embodiment of the present invention. 2 and 3, in one embodiment, it is assumed that the IoT device 31 has been added to the system group G(S).

在某一時間點,使用者301可操作物聯網裝置31以觸發物聯網裝置31傳送一個配對請求至管理系統10。根據此配對請求,處理器23可經由通訊介面21將配對資訊(亦稱為第一配對資訊)傳送至物聯網裝置31。例如,第一配對資訊可包含由多個字母及/或數字組成的認證碼。接著,在第一配對資訊的一個有效時間範圍(例如10分鐘)內,處理器23可經由通訊介面21從一個通訊裝置32接收另一配對資訊(亦稱為第二配對資訊)。處理器23可比較第一配對資訊與第二配對資訊。若第一配對資訊與第二配對資訊一致(例如相同),處理器23可將物聯網裝置31加入至通訊裝置32(或使用者301)所指定的用戶群組G(C)。同時,用戶群組G(C)的管理者(例如使用者301)可被賦予存取物聯網裝置31的權限。At a certain point in time, the user 301 can operate the Internet of Things device 31 to trigger the Internet of Things device 31 to send a pairing request to the management system 10. According to the pairing request, the processor 23 can transmit the pairing information (also referred to as the first pairing information) to the IoT device 31 via the communication interface 21. For example, the first pairing information may include an authentication code composed of multiple letters and/or numbers. Then, within a valid time range (for example, 10 minutes) of the first pairing information, the processor 23 can receive another pairing information (also referred to as second pairing information) from a communication device 32 via the communication interface 21. The processor 23 can compare the first pairing information with the second pairing information. If the first pairing information is consistent with the second pairing information (for example, the same), the processor 23 can add the IoT device 31 to the user group G(C) designated by the communication device 32 (or the user 301). At the same time, the administrator of the user group G(C) (for example, the user 301) can be given the authority to access the Internet of Things device 31.

在一實施例中,來自管理系統10的第一配對資訊可被呈現於物聯網裝置31的顯示器。例如,假設第一配對資訊包含6個作為認證碼使用的數字,則物聯網裝置31的顯示器可呈現這6個數字。在一實施例中,使用者301可經由物聯網裝置31的顯示器查看這6個數字(即第一配對資訊)並在一個有效時間範圍(例如10分鐘)內,經由通訊裝置32的輸入介面(例如滑鼠、鍵盤及/或觸控板)輸入這6個數字(即第二配對資訊)。根據使用者301之輸入,通訊裝置32可將包含這6個數字的驗證碼(即第二配對資訊)傳送至管理系統10。In an embodiment, the first pairing information from the management system 10 may be presented on the display of the IoT device 31. For example, assuming that the first pairing information includes 6 numbers used as authentication codes, the display of the Internet of Things device 31 can present these 6 numbers. In one embodiment, the user 301 can view these 6 numbers (i.e. the first pairing information) via the display of the IoT device 31 and within a valid time range (for example, 10 minutes) via the input interface of the communication device 32 ( For example, a mouse, a keyboard and/or a touchpad) input these 6 numbers (ie, the second pairing information). According to the input of the user 301, the communication device 32 can transmit the verification code (ie, the second pairing information) containing these 6 digits to the management system 10.

在一實施例中,若第一配對資訊與在所述有效時間範圍內接收的第二配對資訊一致(例如物聯網裝置31的顯示器呈現的驗證碼與使用者301經由通訊裝置32輸入的驗證碼完全相同),表示使用者301有很高機率確實是物聯網裝置31以及通訊裝置32的擁有者。因此,物聯網裝置31可被加入(或更新)至通訊裝置32(或使用者301)所指定的用戶群組G(C)以供使用者301存取。In one embodiment, if the first pairing information is consistent with the second pairing information received within the valid time range (for example, the verification code displayed on the display of the Internet of Things device 31 is the same as the verification code entered by the user 301 via the communication device 32 Exactly the same), which means that the user 301 has a high probability of actually being the owner of the IoT device 31 and the communication device 32. Therefore, the IoT device 31 can be added (or updated) to the user group G(C) designated by the communication device 32 (or the user 301) for the user 301 to access.

在一實施例中,若未在所述有效時間範圍內接收到第二配對資訊,或者第一配對資訊與所接收到的第二配對資訊不一致(例如物聯網裝置31的顯示器呈現的驗證碼與使用者301經由通訊裝置32輸入的驗證碼不完全相同),表示駭客等惡意使用者可能正在嘗試將他人擁有的物聯網裝置31歸戶至駭客所指定的群組。此時,處理器23可不對物聯網裝置31執行分組,避免駭客取得對於物聯網裝置31的存取權限。In one embodiment, if the second pairing information is not received within the valid time range, or the first pairing information is inconsistent with the received second pairing information (for example, the verification code displayed on the display of the Internet of Things device 31 and The verification code entered by the user 301 via the communication device 32 is not exactly the same), indicating that a malicious user such as a hacker may be trying to return an IoT device 31 owned by another person to the group designated by the hacker. At this time, the processor 23 may not perform grouping of the Internet of Things device 31 to prevent hackers from obtaining access rights to the Internet of Things device 31.

在一實施例中,在判定第一配對資訊與第二配對資訊一致後,處理器23可經由通訊介面21發送一個互動驗證請求至通訊裝置32並發送相應於此互動驗證請求的驗證動作資訊至物聯網裝置31。在此互動驗證請求的一個有效時間範圍(例如10分鐘)內,處理器23可經由通訊介面21從通訊裝置32接收一個用戶行為資訊。此用戶行為資訊可反映使用者(例如使用者301)對於通訊裝置32的操作行為。接著,處理器23可根據此用戶行為資訊將31物聯網裝置加入至通訊裝置32(或使用者301)所指定的用戶群組G(C)。In one embodiment, after determining that the first pairing information is consistent with the second pairing information, the processor 23 may send an interactive verification request to the communication device 32 via the communication interface 21 and send the verification action information corresponding to the interactive verification request to IoT device 31. Within a valid time range (for example, 10 minutes) of the interactive verification request, the processor 23 can receive user behavior information from the communication device 32 via the communication interface 21. The user behavior information may reflect the operation behavior of the user (for example, the user 301) on the communication device 32. Then, the processor 23 can add 31 IoT devices to the user group G(C) designated by the communication device 32 (or the user 301) according to the user behavior information.

在一實施例中,物聯網裝置31可根據所述驗證動作資訊將一個互動導引訊息呈現於物聯網裝置31的顯示器,以指示使用者301根據此互動導引訊息來操作通訊裝置32。例如,此互動導引訊息可包括對畫面中顯示的驗證碼的6個數字中的某些數字進行標記或類似帶有互動驗證動作之引導的相關訊息。例如,此互動導引訊息可包含圖形化的互動引導訊息。In one embodiment, the Internet of Things device 31 may present an interactive guidance message on the display of the Internet of Things device 31 according to the verification action information, so as to instruct the user 301 to operate the communication device 32 according to the interactive guidance information. For example, the interactive guidance message may include marking some of the 6 digits of the verification code displayed on the screen or similar related messages with guidance for interactive verification actions. For example, the interactive guidance message may include a graphical interactive guidance message.

在一實施例中,所述互動導引訊息可根據使用者301在物聯網裝置31上的一個預設操作行為而呈現於物聯網裝置31的顯示器。例如,在物聯網裝置31接收到所述驗證動作資訊後,物聯網裝置31可暫不呈現此互動導引訊息。在經由物聯網裝置31的輸入介面(例如滑鼠、鍵盤及/或觸控板)來偵測使用者執行的預設操作行為(例如使用者控制顯示器中的游標滑過畫面中包含前述6個數字的驗證碼)後,響應於此預設操作行為,物聯網裝置31可將所述互動導引訊息呈現於物聯網裝置31的顯示器。In one embodiment, the interactive guidance message may be presented on the display of the Internet of Things device 31 according to a preset operation behavior of the user 301 on the Internet of Things device 31. For example, after the Internet of Things device 31 receives the verification action information, the Internet of Things device 31 may temporarily not present this interactive guidance message. The input interface (e.g., mouse, keyboard and/or touchpad) of the IoT device 31 is used to detect the user's preset operation behavior (e.g., the user controls the cursor in the display to slide across the screen, including the aforementioned 6 After the digital verification code), in response to the preset operation behavior, the Internet of Things device 31 can present the interactive guidance message on the display of the Internet of Things device 31.

圖8是根據本新型創作的一實施例所繪示的呈現互動導引訊息的示意圖。請參照圖8,在一實施例中,在使用者控制物聯網裝置31的顯示器中的游標滑過畫面81中包含前述6個數字的驗證碼後,互動導引訊息801可呈現於畫面81中。此互動導引訊息801可對此驗證碼中的特定數字進行標記。以標記此驗證碼中的第2個、第4個及第5個數字為例,此互動導引訊息801可改變此驗證碼中的第2個、第4個及第5個數字的底色。FIG. 8 is a schematic diagram of presenting interactive guidance messages according to an embodiment of the creation of the present invention. Referring to FIG. 8, in one embodiment, after the user controls the cursor on the display of the Internet of Things device 31 to slide over the verification code containing the aforementioned 6 digits in the screen 81, the interactive guidance message 801 may be displayed on the screen 81 . The interactive guide message 801 can mark the specific number in the verification code. Take marking the second, fourth and fifth digits of the verification code as an example. This interactive guide message 801 can change the background color of the second, fourth and fifth digits in the verification code .

在一實施例中,使用者301可在對應於所述互動驗證請求的有效時間範圍(例如10分鐘)內,根據顯示於物聯網裝置31的互動導引訊息來操作通訊裝置32的輸入介面(例如滑鼠、鍵盤及/或觸控板)執行相應的操作行為(例如“點擊所輸入的驗證碼的6個數字中的第2個、第4個及第5個數字”)。然後,通訊裝置32可將反映此操作行為的用戶行為資訊傳送至管理系統10。In one embodiment, the user 301 can operate the input interface of the communication device 32 according to the interactive guidance message displayed on the IoT device 31 within the valid time range (for example, 10 minutes) corresponding to the interactive verification request ( For example, a mouse, keyboard, and/or touchpad) perform corresponding operation behaviors (for example, "click the second, fourth, and fifth digits of the 6 digits of the entered verification code"). Then, the communication device 32 can transmit the user behavior information reflecting this operation behavior to the management system 10.

在一實施例中,在對應於所述互動驗證請求的有效時間範圍(例如10分鐘)內,若來自通訊裝置32的用戶行為資訊所反映的用戶行為與所述互動驗證請求所要求的用戶行為一致,表示使用者301有很高的機率確實是物聯網裝置31的擁有者。因此,物聯網裝置31可被加入至通訊裝置32(或使用者301)所指定的用戶群組G(C)以供使用者301存取。In one embodiment, within the effective time range (for example, 10 minutes) corresponding to the interactive verification request, if the user behavior reflected by the user behavior information from the communication device 32 is the same as the user behavior required by the interactive verification request Consistent, it means that the user 301 has a high probability that it is indeed the owner of the IoT device 31. Therefore, the IoT device 31 can be added to the user group G(C) designated by the communication device 32 (or the user 301) for the user 301 to access.

在一實施例中,若未在對應於所述互動驗證請求的有效時間範圍(例如10分鐘)內接收到用戶行為資訊,或者所接收到的用戶行為資訊所反映的用戶行為與所述互動驗證請求所指示的用戶行為不一致,表示駭客等惡意使用者可能是透過特定手法(例如藉由安裝於物聯網裝置31中的惡意程式)來嘗試通過先前的配對資訊之驗證機制。此時,處理器23可不對物聯網裝置31執行分組,避免駭客取得對於物聯網裝置31的存取權限。In an embodiment, if the user behavior information is not received within the effective time range (for example, 10 minutes) corresponding to the interactive verification request, or the user behavior reflected by the received user behavior information is consistent with the interactive verification The user behavior indicated by the request is inconsistent, which means that a malicious user such as a hacker may try to pass the previous verification mechanism of the pairing information through a specific method (for example, by a malicious program installed in the IoT device 31). At this time, the processor 23 may not perform grouping of the Internet of Things device 31 to prevent hackers from obtaining access rights to the Internet of Things device 31.

換言之,在一實施例中,當使用者301嘗試將當前屬於系統群組G(S)的物聯網裝置31加入特定的用戶群組G(C)時,管理系統10可對使用者301執行雙重驗證。例如,所述比對第一配對資訊與第二配對資訊之操作是屬於雙重驗證中的第一階段驗證,而比對用戶行為資訊所反映的用戶行為與所述互動驗證請求所請求的用戶行為則是屬於雙重驗證中的第二階段驗證。只有當使用者301通過此雙重驗證時,處理器23才會將物聯網裝置31加入至使用者301所指定的用戶群組G(C)。藉此,可有效避免駭客等惡意使用者取得系統群組G(S)中當前尚未歸戶的物聯網裝置的存取權限。In other words, in one embodiment, when the user 301 tries to add the IoT device 31 that currently belongs to the system group G(S) to the specific user group G(C), the management system 10 can perform the dual operation on the user 301 verify. For example, the operation of comparing the first pairing information with the second pairing information belongs to the first stage verification in two-step verification, and the user behavior reflected by the user behavior information is compared with the user behavior requested by the interactive verification request It belongs to the second stage of two-step verification. Only when the user 301 passes the two-step verification, the processor 23 will add the IoT device 31 to the user group G(C) designated by the user 301. In this way, malicious users such as hackers can be effectively prevented from gaining access rights to IoT devices in the system group G(S) that have not yet returned to their homes.

在一實施例中,在物聯網裝置出廠後,一個代理程式可被安裝於物聯網裝置中。爾後,此代理程式即可自動執行例如發送所述帶有時效性的識別資訊、發送配對請求、接收並呈現第一配對資訊、接收互動驗證請求等操作行為,以配合管理系統10對物聯網裝置進行驗證與歸戶(即分組)。In one embodiment, after the IoT device is shipped from the factory, an agent can be installed in the IoT device. Thereafter, the agent can automatically perform operations such as sending the time-sensitive identification information, sending a pairing request, receiving and presenting the first pairing information, and receiving an interactive verification request, etc., so as to cooperate with the management system 10 for the Internet of Things device Perform verification and return (ie grouping).

圖4是根據本新型創作的一實施例所繪示的物聯網裝置的管理方法的流程圖。請參照圖4,在步驟S401中,從物聯網裝置接收帶有時效性的識別資訊。在步驟S402中,根據所述識別資訊驗證所述物聯網裝置。在步驟S403中,判斷所述物聯網裝置是否通過驗證。若所述物聯網裝置未通過驗證,在步驟S404中,判定所述物聯網裝置為非法裝置,且不對其進行歸戶(即分組)。Fig. 4 is a flowchart of a method for managing an Internet of Things device according to an embodiment of the creation of the present invention. Referring to FIG. 4, in step S401, time-sensitive identification information is received from the Internet of Things device. In step S402, the IoT device is verified according to the identification information. In step S403, it is determined whether the Internet of Things device passes the verification. If the Internet of Things device fails the verification, in step S404, it is determined that the Internet of Things device is an illegal device, and the Internet of Things device is not homed (ie, grouped).

若所述物聯網裝置通過驗證,在步驟S405中,根據群組清單判斷所述物聯網裝置是否屬於預設群組。若所述物聯網裝置屬於某一預設群組,在步驟S406中,將所述物聯網裝置加入至所述預設群組並賦予所述預設群組的管理者存取所述物聯網裝置的權限。此外,若所述物聯網裝置不屬於任一預設群組,在步驟S407中,將所述物聯網裝置加入至系統群組,以等待歸戶(即分組)。If the Internet of Things device passes the verification, in step S405, it is determined whether the Internet of Things device belongs to a preset group according to the group list. If the Internet of Things device belongs to a certain preset group, in step S406, the Internet of Things device is added to the preset group and the administrator of the preset group is given access to the Internet of Things Device permissions. In addition, if the Internet of Things device does not belong to any preset group, in step S407, the Internet of Things device is added to the system group to wait for return (ie, grouping).

圖5是根據本新型創作的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。請參照圖5,在步驟S501中,物聯網裝置51可從其內部儲存空間讀取裝置識別碼SN。物聯網裝置51可以是圖1的物聯網裝置11~13中的任一者。在步驟S502中,物聯網裝置51可根據裝置識別碼SN與時間參數T(0)產生驗證碼AN(0)(即第一驗證碼)。時間參數T(0)可反映物聯網裝置51端當前的系統時間。在步驟S503中,物聯網裝置51可將裝置識別碼SN與驗證碼AN(0)傳送至管理系統10。在步驟S504中,管理系統10可根據裝置識別碼SN與時間參數T(1)產生驗證碼AN(1)(即第二驗證碼)。時間參數T(1)可反映管理系統10端當前的系統時間。在步驟S505中,管理系統10可比對驗證碼AN(0)與AN(1)。若驗證碼AN(0)與AN(1)一致(例如相同),在步驟S506中,管理系統10可將表示物聯網裝置51通過驗證的認證資訊CT傳送至物聯網裝置51。然而,在一實施例中,若驗證碼AN(0)與AN(1)不一致(例如不相同),則步驟S506可不被執行。FIG. 5 is a schematic diagram of a sequence diagram of the management operation of the Internet of Things device according to an embodiment of the creation of the present invention. 5, in step S501, the Internet of Things device 51 can read the device identification code SN from its internal storage space. The Internet of Things device 51 may be any one of the Internet of Things devices 11 to 13 in FIG. 1. In step S502, the IoT device 51 can generate the verification code AN(0) (ie, the first verification code) according to the device identification code SN and the time parameter T(0). The time parameter T(0) can reflect the current system time of the IoT device 51. In step S503, the IoT device 51 may transmit the device identification code SN and the verification code AN(0) to the management system 10. In step S504, the management system 10 can generate the verification code AN(1) (ie, the second verification code) according to the device identification code SN and the time parameter T(1). The time parameter T(1) can reflect the current system time at the end of the management system 10. In step S505, the management system 10 can compare the verification codes AN(0) with AN(1). If the verification code AN(0) and AN(1) are the same (for example, the same), in step S506, the management system 10 may transmit the authentication information CT indicating that the Internet of Things device 51 has passed the verification to the Internet of Things device 51. However, in one embodiment, if the verification codes AN(0) and AN(1) are not identical (for example, they are not the same), step S506 may not be executed.

此外,在判定物聯網裝置51通過驗證後,在步驟S507中,管理系統10可根據裝置識別碼SN查詢群組清單(例如圖2的群組清單201)。在步驟S508中,管理系統10可根據查詢結果將物聯網裝置51加入至某一預設群組。然而,在一實施例中,若所述群組清單中未記載與裝置識別碼SN(或物聯網裝置51)有關的分組資訊,則步驟S508可不被執行。In addition, after determining that the IoT device 51 passes the verification, in step S507, the management system 10 can query the group list (for example, the group list 201 in FIG. 2) according to the device identification code SN. In step S508, the management system 10 may add the Internet of Things device 51 to a predetermined group according to the query result. However, in one embodiment, if the grouping information related to the device identification code SN (or the Internet of Things device 51) is not recorded in the group list, step S508 may not be executed.

圖6是根據本新型創作的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。請參照圖6,在步驟S601中,物聯網裝置51可觸發一個配對程序。在步驟S602中,響應於此配對程序,物聯網裝置51可傳送配對請求至管理系統10。在步驟S603中,響應於此配對請求,管理系統10可產生配對資訊PI(1)(即第一配對資訊)。在步驟S604中,管理系統10可將配對資訊PI(1)傳送至物聯網裝置51。同時,在步驟S605中,管理系統10可啟動一個計時器。FIG. 6 is a schematic diagram of a time sequence of the management operation of the Internet of Things device according to an embodiment of the creation of the present invention. Please refer to FIG. 6, in step S601, the IoT device 51 may trigger a pairing procedure. In step S602, in response to the pairing procedure, the IoT device 51 may transmit a pairing request to the management system 10. In step S603, in response to the pairing request, the management system 10 may generate pairing information PI(1) (ie, first pairing information). In step S604, the management system 10 may transmit the pairing information PI(1) to the IoT device 51. At the same time, in step S605, the management system 10 may start a timer.

另一方面,在接收到配對資訊PI(1)後,在步驟S606中,物聯網裝置51可經由顯示器呈現配對資訊PI(1)。在步驟S607中,通訊裝置61可傳送配對資訊PI(2)(即第二配對資訊)至管理系統10。例如,通訊裝置61可以是圖3的通訊裝置32。若管理系統10在配對資訊PI(1)的有效時間範圍內接收到配對資訊PI(2),在步驟S608中,管理系統10可比對配對資訊PI(1)與PI(2)。若配對資訊PI(1)與PI(2)一致(例如相同),在步驟S609中,管理系統10可將物聯網裝置51加入至通訊裝置61(或其使用者)所指定的用戶群組。然而,在一實施例中,若管理系統10未在配對資訊PI(1)的有效時間範圍內接收到配對資訊PI(2)或配對資訊PI(1)與PI(2)不一致(例如不相同),步驟S609可不執行。On the other hand, after receiving the pairing information PI(1), in step S606, the IoT device 51 can present the pairing information PI(1) via the display. In step S607, the communication device 61 can transmit the pairing information PI(2) (ie, the second pairing information) to the management system 10. For example, the communication device 61 may be the communication device 32 of FIG. 3. If the management system 10 receives the pairing information PI(2) within the valid time range of the pairing information PI(1), in step S608, the management system 10 can compare the pairing information PI(1) and PI(2). If the pairing information PI(1) and PI(2) are the same (for example, the same), in step S609, the management system 10 can add the IoT device 51 to the user group designated by the communication device 61 (or its user). However, in one embodiment, if the management system 10 does not receive the pairing information PI(2) within the valid time range of the pairing information PI(1) or the pairing information PI(1) and PI(2) are inconsistent (for example, they are not the same) ), step S609 may not be executed.

圖7是根據本新型創作的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。請參照圖7,接續於圖6的實施例,在一實施例中,在判定配對資訊PI(1)與PI(2)一致(例如相同)後,圖6的步驟S609可不執行。取而代之的是,在步驟S701中,管理系統10可傳送一個互動驗證請求至通訊裝置32。同時,在步驟S702中,管理系統10可傳送一個驗證動作資訊至物聯網裝置51。接著,在步驟S703中,管理系統10可啟動一個計時器。FIG. 7 is a time sequence diagram of the management operation of the Internet of Things device according to an embodiment of the creation of the present invention. Please refer to FIG. 7, which is continued from the embodiment of FIG. 6. In one embodiment, after determining that the pairing information PI(1) and PI(2) are consistent (for example, the same), step S609 of FIG. 6 may not be performed. Instead, in step S701, the management system 10 may send an interactive verification request to the communication device 32. At the same time, in step S702, the management system 10 may send a verification action information to the Internet of Things device 51. Next, in step S703, the management system 10 may start a timer.

在接收到驗證動作資訊後,在步驟S704中,物聯網裝置51可呈現對應於此驗證動作資訊的互動導引訊息。在步驟S705中,通訊裝置32可接收一個用戶操作。例如,此用戶操作可以是使用者根據物聯網裝置51所呈現的互動引導訊息而對通訊裝置32執行的操作行為。在步驟S706中,通訊裝置32可傳送反映此用戶操作的用戶行為資訊至管理系統10。若在此互動驗證請求的有效時間範圍內有接收到此用戶行為資訊,且此用戶行為資訊所反映的用戶行為與所述互動驗證請求所請求的用戶行為一致,在步驟S707中,管理系統10可將物聯網裝置51加入至通訊裝置61(或其使用者)所指定的用戶群組。然而,在一實施例中,若在此互動驗證請求的有效時間範圍內未接收到此用戶行為資訊或此用戶行為資訊所反映的用戶行為與所述互動驗證請求所請求的用戶行為不一致,則步驟S707可不執行。After receiving the verification action information, in step S704, the IoT device 51 may present an interactive guidance message corresponding to the verification action information. In step S705, the communication device 32 may receive a user operation. For example, this user operation may be an operation behavior performed by the user on the communication device 32 according to the interactive guidance message presented by the Internet of Things device 51. In step S706, the communication device 32 may transmit user behavior information reflecting the user operation to the management system 10. If the user behavior information is received within the effective time range of the interactive verification request, and the user behavior reflected by the user behavior information is consistent with the user behavior requested by the interactive verification request, in step S707, the management system 10 The IoT device 51 can be added to a user group designated by the communication device 61 (or its user). However, in one embodiment, if the user behavior information is not received within the effective time range of the interactive verification request or the user behavior reflected by the user behavior information is inconsistent with the user behavior requested by the interactive verification request, then Step S707 may not be executed.

然而,圖4至圖7中各步驟已詳細說明如上,在此便不再贅述。值得注意的是,圖4至圖7中各步驟可以實作為多個程式碼或是電路,本新型創作不加以限制。此外,圖4至圖7的方法可以搭配以上實施例使用,也可以單獨使用,本新型創作不加以限制。However, each step in FIG. 4 to FIG. 7 has been described in detail as above, and will not be repeated here. It is worth noting that each step in FIG. 4 to FIG. 7 can be implemented as multiple program codes or circuits, and the creation of the present invention is not limited. In addition, the methods in FIGS. 4 to 7 can be used in conjunction with the above embodiments, or can be used alone, and the creation of the present invention is not limited.

綜上所述,在使用帶有時效性的識別資訊來驗證物聯網裝置後,若此物聯網裝置的分組資訊已事先記載於管理系統中,則此物聯網裝置可自動被歸戶(即分組)至預設群組,從而完成全自動化的歸戶作業與存取權限分配。此外,即便某一物聯網裝置的分組資訊未記載於管理系統中,也可以透過後續的單階段驗證或雙重驗證來將此物聯網裝置歸戶至使用者所指定的用戶群組。藉此,可便捷且安全地對物聯網裝置進行群組與存取權限的分配。In summary, after the identification information with timeliness is used to verify the IoT device, if the grouping information of the IoT device has been recorded in the management system in advance, the IoT device can be automatically assigned (ie grouped) ) To the preset group to complete the fully automated home assignment and access permission assignment. In addition, even if the grouping information of a certain Internet of Things device is not recorded in the management system, the Internet of Things device can be assigned to the user group designated by the user through subsequent single-phase verification or double verification. In this way, it is possible to conveniently and safely assign groups and access permissions to IoT devices.

雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何所屬技術領域中具有通常知識者,在不脫離本揭露的精神和範圍內,當可作些許的更動與潤飾,故本揭露的保護範圍當視後附的申請專利範圍所界定者為準。Although the present disclosure has been disclosed in the above embodiments, it is not intended to limit the present disclosure. Anyone with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of this disclosure. Therefore, The scope of protection of this disclosure shall be subject to those defined by the attached patent scope.

10:管理系統 11~13,31,51:物聯網裝置 101,102:管理者 G(A),G(B),G(C),G(S):群組 21:通訊介面 22:儲存電路 23:處理器 201:群組清單 301:使用者 32,61:通訊裝置 S401~S407,S501~S508,S601~S609,S701~S705:步驟 81:畫面 801:互動引導訊息10: Management system 11~13, 31, 51: IoT devices 101, 102: managers G(A), G(B), G(C), G(S): group 21: Communication interface 22: storage circuit 23: processor 201: Group List 301: User 32, 61: Communication device S401~S407, S501~S508, S601~S609, S701~S705: steps 81: Screen 801: Interactive Guidance Message

圖1是根據本新型創作的一實施例所繪示的管理物聯網裝置的示意圖。 圖2是根據本新型創作的一實施例所繪示的物聯網裝置的管理系統的概要方塊圖。 圖3是根據本新型創作的一實施例所繪示的對屬於系統群組的物聯網裝置進行分組的示意圖。 圖4是根據本新型創作的一實施例所繪示的物聯網裝置的管理方法的流程圖。 圖5是根據本新型創作的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。 圖6是根據本新型創作的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。 圖7是根據本新型創作的一實施例所繪示的物聯網裝置的管理操作的時序示意圖。 圖8是根據本新型創作的一實施例所繪示的呈現互動導引訊息的示意圖。 FIG. 1 is a schematic diagram of managing an Internet of Things device according to an embodiment of the creation of the present invention. Fig. 2 is a schematic block diagram of a management system of an Internet of Things device according to an embodiment of the present invention. Fig. 3 is a schematic diagram of grouping IoT devices belonging to a system group according to an embodiment of the present invention. Fig. 4 is a flowchart of a method for managing an Internet of Things device according to an embodiment of the creation of the present invention. FIG. 5 is a schematic diagram of a sequence diagram of the management operation of the Internet of Things device according to an embodiment of the creation of the present invention. FIG. 6 is a schematic diagram of a time sequence of the management operation of the Internet of Things device according to an embodiment of the creation of the present invention. FIG. 7 is a time sequence diagram of the management operation of the Internet of Things device according to an embodiment of the creation of the present invention. FIG. 8 is a schematic diagram of presenting interactive guidance messages according to an embodiment of the creation of the present invention.

10:管理系統 10: Management system

11~13:物聯網裝置 11~13: IoT devices

101,102:管理者 101, 102: managers

G(A),G(B):群組 G(A), G(B): group

Claims (7)

一種物聯網裝置的管理系統,包括: 一通訊介面; 一儲存裝置,儲存一群組清單;以及 一處理器,耦接至該通訊介面與該儲存裝置並且用以: 經由該通訊介面從一物聯網裝置接收帶有時效性的一識別資訊; 根據該識別資訊驗證該物聯網裝置; 若該物聯網裝置通過驗證,根據該群組清單判斷該物聯網裝置是否屬於一預設群組;以及 若該物聯網裝置屬於該預設群組,將該物聯網裝置加入至該預設群組並賦予該預設群組的一管理者存取該物聯網裝置的權限。 A management system for Internet of Things devices, including: A communication interface; A storage device to store a group list; and A processor coupled to the communication interface and the storage device and used to: Receiving time-sensitive identification information from an IoT device via the communication interface; Verify the Internet of Things device according to the identification information; If the Internet of Things device passes the verification, determine whether the Internet of Things device belongs to a preset group according to the group list; and If the Internet of Things device belongs to the preset group, the Internet of Things device is added to the preset group and an administrator of the preset group is given the permission to access the Internet of Things device. 如請求項1所述的物聯網裝置的管理系統,其中該識別資訊包括該物聯網裝置的一裝置識別碼與一第一驗證碼,且該第一驗證碼屬於基於時間的一次性密碼。The management system of the Internet of Things device according to claim 1, wherein the identification information includes a device identification code and a first verification code of the Internet of Things device, and the first verification code belongs to a time-based one-time password. 如請求項2所述的物聯網裝置的管理系統,其中該第一驗證碼是該物聯網裝置基於對該裝置識別碼與一時間參數進行編碼而產生。The management system of the Internet of Things device according to claim 2, wherein the first verification code is generated by the Internet of Things device based on encoding the device identification code and a time parameter. 如請求項2所述的物聯網裝置的管理系統,其中該處理器更用以: 根據該裝置識別碼產生一第二驗證碼; 比較該第一驗證碼與該第二驗證碼;以及 若該第一驗證碼與該第二驗證碼一致,判定該物聯網裝置通過驗證。 The management system of the Internet of Things device according to claim 2, wherein the processor is further used for: Generate a second verification code according to the device identification code; Compare the first verification code with the second verification code; and If the first verification code is consistent with the second verification code, it is determined that the Internet of Things device passes verification. 如請求項1所述的物聯網裝置的管理系統,其中該處理器更用以: 根據該識別資訊中的一裝置識別碼查詢該群組清單;以及 根據一查詢結果判斷物聯網裝置是否屬於該預設群組。 The management system of the Internet of Things device according to claim 1, wherein the processor is further used for: Query the group list according to a device identification code in the identification information; and According to a query result, it is determined whether the Internet of Things device belongs to the preset group. 如請求項1所述的物聯網裝置的管理系統,其中該處理器更用以: 若該物聯網裝置不屬於該預設群組,經由該通訊介面從該物聯網裝置接收一配對請求; 根據該配對請求,經由該通訊介面將一第一配對資訊傳送至該物聯網裝置; 在該第一配對資訊的一有效時間範圍內,經由該通訊介面從一通訊裝置接收一第二配對資訊;以及 若該第一配對資訊與該第二配對資訊一致,將該物聯網裝置加入至該通訊裝置所指定的一用戶群組。 The management system of the Internet of Things device according to claim 1, wherein the processor is further used for: If the Internet of Things device does not belong to the preset group, receive a pairing request from the Internet of Things device through the communication interface; According to the pairing request, transmitting a first pairing information to the Internet of Things device via the communication interface; Within a valid time range of the first pairing information, receiving a second pairing information from a communication device via the communication interface; and If the first pairing information is consistent with the second pairing information, the Internet of Things device is added to a user group designated by the communication device. 如請求項6所述的物聯網裝置的管理系統,其中該處理器更用以: 在判定該第一配對資訊與該第二配對資訊一致後,經由該通訊介面發送一互動驗證請求至該通訊裝置; 在該互動驗證請求的一有效時間範圍內,經由該通訊介面從該通訊裝置接收一用戶行為資訊;以及 根據該用戶行為資訊將該物聯網裝置加入至該通訊裝置所指定的該用戶群組。 The management system of the Internet of Things device according to claim 6, wherein the processor is further used for: After determining that the first pairing information is consistent with the second pairing information, send an interactive verification request to the communication device via the communication interface; Receive a user behavior information from the communication device via the communication interface within a valid time range of the interactive verification request; and Add the Internet of Things device to the user group designated by the communication device according to the user behavior information.
TW110201185U 2021-01-29 2021-01-29 Management system for iot devices TWM615402U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110201185U TWM615402U (en) 2021-01-29 2021-01-29 Management system for iot devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110201185U TWM615402U (en) 2021-01-29 2021-01-29 Management system for iot devices

Publications (1)

Publication Number Publication Date
TWM615402U true TWM615402U (en) 2021-08-11

Family

ID=78285573

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110201185U TWM615402U (en) 2021-01-29 2021-01-29 Management system for iot devices

Country Status (1)

Country Link
TW (1) TWM615402U (en)

Similar Documents

Publication Publication Date Title
US10735428B2 (en) Data access and ownership management
CN108293045B (en) Single sign-on identity management between local and remote systems
US10956614B2 (en) Expendable access control
US9081978B1 (en) Storing tokenized information in untrusted environments
US9432358B2 (en) System and method of authenticating user account login request messages
US20200218815A1 (en) Systems and methods for distributed ledger management
US10389693B2 (en) Keys for encrypted disk partitions
US20100214062A1 (en) Verification apparatus and authentication apparatus
US8898318B2 (en) Distributed services authorization management
US9053343B1 (en) Token-based debugging of access control policies
US11244040B2 (en) Enforcement of password uniqueness
US11063922B2 (en) Virtual content repository
TW202008206A (en) Methods and apparatus for authenticating a firmware settings input file
JP6099384B2 (en) Information communication system, authentication apparatus, information communication system access control method, and access control program
US20190325130A1 (en) Password Reset for Multi-Domain Environment
JP5845973B2 (en) Service use management method, program, and information processing apparatus
CN116325844A (en) Techniques for managing smart home configuration
JP6523581B2 (en) INFORMATION PROVIDING DEVICE, INFORMATION PROVIDING SYSTEM, INFORMATION PROVIDING METHOD, AND INFORMATION PROVIDING PROGRAM
CN109871715B (en) Access method and device of distributed storage file and storage medium
US20160028718A1 (en) Information processing apparatus, information processing method, and non-transitory computer readable medium
US20220121769A1 (en) System and method for facilitating multi-level security of data in distributed environment
WO2015062266A1 (en) System and method of authenticating user account login request messages
CN113544665A (en) Execution of measurements on trusted agents in resource-constrained environments using proof of operation
TWM615402U (en) Management system for iot devices
US10659483B1 (en) Automated agent for data copies verification