WO2016192537A1 - System for establishing product authenticity identification data module by using internet of things - Google Patents

System for establishing product authenticity identification data module by using internet of things Download PDF

Info

Publication number
WO2016192537A1
WO2016192537A1 PCT/CN2016/082664 CN2016082664W WO2016192537A1 WO 2016192537 A1 WO2016192537 A1 WO 2016192537A1 CN 2016082664 W CN2016082664 W CN 2016082664W WO 2016192537 A1 WO2016192537 A1 WO 2016192537A1
Authority
WO
WIPO (PCT)
Prior art keywords
product
client
internet
cloud device
cloud
Prior art date
Application number
PCT/CN2016/082664
Other languages
French (fr)
Chinese (zh)
Inventor
李皞白
陈煜仁
黄祥麟
陈育进
Original Assignee
李皞白
陈煜仁
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201510308451.6A external-priority patent/CN106296063A/en
Priority claimed from CN201510536928.6A external-priority patent/CN106487753B/en
Application filed by 李皞白, 陈煜仁 filed Critical 李皞白
Publication of WO2016192537A1 publication Critical patent/WO2016192537A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management

Definitions

  • the invention relates to a system for cloud service application, in particular to a system for establishing a product authenticity identification data module using the Internet of Things, and the object network system has the function of authenticating the authenticity of the product in real time, and can further query the authentic product.
  • the production experience of the IoT system is not limited to a system for cloud service application, in particular to a system for establishing a product authenticity identification data module using the Internet of Things, and the object network system has the function of authenticating the authenticity of the product in real time, and can further query the authentic product.
  • RFID Radio Frequency Identification
  • the use of the IoT management system to improve the competitiveness of the industry is characterized by efficiency and integrity.
  • efficiency it is not only the delivery of the product to the customer within a certain period of time, but also the integrated delivery method that delivers different products to different customers in the same time.
  • product content information including the production history of the product, whether the product is genuine or not.
  • manufacturers must obtain real-time information of the product itself. Therefore, the Internet of Things can be used to assist consumers, enterprises and partners through the combination of sensing components (eg RFID, electronic label) technology and cloud monitoring system. (Distributor), able to provide real-time information on the product at the first time.
  • the customer's satisfaction with the integrity of the product can be improved.
  • the integrity of a product is not only the integrity of the physical product, but also the provision of information about its product content. And for the product from the original material, the product manufacturing process to the product after the factory, until the customer's hand, in this In the process, the real-time information of the product can be controlled through the Internet of Things, and the product information of the product to be purchased by the consumer can be provided in real time, and the quality or authenticity of the product to be purchased can be further evaluated.
  • the Internet of Things connects all people and everything around them in a network through a highly integrated cloud network; for example: manufacturers, consumers, machines, production materials, product manufacturing processes, logistics management, product sales or It is the consumption habits, etc., all from product manufacturing to product sales, to big data based on the sales status of these products, inferring or estimating the consumer's consumption habits, etc., can be configured by sensing on the product.
  • Components eg RFID, electronic tag
  • software programs are connected to the IoT platform.
  • the Internet of Things is the two most important conditions for efficiency and security. However, efficiency and security are two mutually contradictory indicators. Therefore, how to balance efficiency and safety is the key to the successful application of the logistics management system.
  • the main object of the present invention is to provide a system for establishing a product authenticity identification data module using the Internet of Things, comprising: a product, a product identifier configured on the product; a reading device, a device having a wireless communication function, and having a specific user identifier and coordinate positioning device for reading a product identifier of the product; the cloud device having a function of communicating with the reading device, confirming reading by a specific user identifier
  • the device is a device in the Internet of Things; and a proxy server having a URL or a URI and a password, and capable of communicating with the reading device and the cloud device for using the identifier of the product read by the reading device, the reading time, and The reading position is directly transmitted to the cloud device; wherein, after confirming that the specific user identifier of the reading device is the reading device in the Internet of Things, the reading device reads the product identifier, reading time and reading position The message can only communicate with the proxy server via the URL or
  • the product authenticity identification data module established in the Internet of Things system of the present invention can provide the user with the authenticity of the product query; in addition, the object network system established by using the proxy server device according to the present invention can improve the authenticity identification of the product.
  • Data module security; especially self-repair The intelligent judgment function can increase the stability and security of the system, especially when the system fails due to unknown reasons or when a hacker tampering, stealing or denying in the message transmission process, the security certification of the present invention can be used. Preventing password tampering or misappropriation can ensure the security of the IoT system and reduce the cost of system operation.
  • Another main object of the present invention is to provide a system for establishing a product authenticity identification data module using the Internet of Things, comprising: a product on which a product identifier is configured; and a cloud device, which is a device having wireless communication function and has been established and a production history data module for storing at least one product;
  • the reading device is a device having a wireless communication function, having a specific user identifier and a coordinate positioning device for reading the product identifier of the product and communicating with the cloud device, and Obtaining a path of a product production history data module stored in the cloud device; and a proxy server having a URL or a URI and a password, and capable of communicating with the reading device and the cloud device for identifying the product read by the reading device
  • the path of the symbol, the read time, the read position, and the product production history data module is directly transmitted to the cloud device; wherein, after confirming that the specific user identifier of the reading device is the reading device in the Internet of Things, the reading device will The read product
  • the proxy server can only communicate with the proxy server via the URL or URI and password, and the proxy server communicates with the cloud device, and in the cloud device, the read position corresponding to the read position and the product production history data are loaded according to the product identifier.
  • the product authenticity identification data module can only communicate with the proxy server via the URL or URI and password, and the proxy server communicates with the cloud device, and in the cloud device, the read position corresponding to the read position and the product production history data are loaded according to the product identifier.
  • the product authenticity identification data module established in the Internet of Things system can provide the user with the authenticity of the product, and can further connect with the production history data of the product to provide the production history data of the product;
  • Inventing the Internet of Things system established by using the proxy servo device in addition to improving the security of the product authenticity identification data module; especially the intelligent judgment function with self-repair can increase the stability and security of the system, especially when the system is unknown for unknown reasons.
  • the failure or the hacker's tampering, misappropriation or denial in the message transmission process can prevent the password from being tampered with or stolen by the security authentication of the present invention, thereby ensuring the security of the Internet of Things system and also reducing The cost of system operation.
  • the cloud device can effectively know the location of the product being queried; therefore, when the product to be queried by the client identifies the product via the Internet of Things system
  • the location of the fake product can be known by the Internet of Things system of the present invention, for example, it can be known The coordinates of the counterfeit, or knowing which areas of the fake appear most, so you can find out the location of selling fakes in real time, so as to stop the sale of fakes.
  • the probability of selling increases the profitability of brand manufacturers or original sales.
  • 1A is a schematic diagram showing an Internet of Things connection system in accordance with the disclosed technology.
  • FIG. 1B is a schematic diagram showing an Internet of Things connection system according to the disclosed technology
  • FIG. 2 is a schematic diagram showing the establishment of a production history and product production history query system using an Internet of Things system in accordance with the disclosed technology.
  • 3A is a schematic diagram showing the textual content of a product production history in accordance with the techniques disclosed herein.
  • FIG. 3B is a schematic diagram showing the text and pattern contents of the product production history according to the technology disclosed in the present invention.
  • 3C is a schematic diagram of product warranty data content representing a product production history in accordance with the techniques disclosed herein.
  • FIG. 4 is a flow chart showing the use of the Internet of Things to establish a production history and query production history in accordance with the disclosed technology.
  • FIG. 5 is a flow chart showing another embodiment of establishing a production history and querying a production history using the Internet of Things according to the technology disclosed in the present invention.
  • FIG. 6 is a schematic diagram of a system architecture for performing an anti-counterfeiting function of an Internet of Things system according to the disclosed technology.
  • FIG. 7 is a schematic diagram showing the authenticity identification process of the first product with real-time reply product anti-counterfeiting function according to the technology disclosed by the present invention.
  • FIG. 8 is a schematic diagram showing the process of authenticity identification of a second product having a real-time reply product anti-counterfeiting function according to the disclosed technology.
  • FIG. 9 is a schematic diagram showing the process of authenticity identification of a third product with real-time reply product anti-counterfeiting function according to the disclosed technology.
  • the client device when the client device performs different communication purposes, the client device may have different device names, for example, the client device may be a personal computer, a notebook computer, or a smart phone. , smart portable devices or smart reading devices.
  • FIG. 1A is a schematic diagram of the Internet of Things connection system of the present invention.
  • the Internet of Things connection system is composed of a client device 100, a cloud device 500, and at least one broker device 700.
  • the client device 100 is a client device 100.
  • the client device 100 may have different device names.
  • the client device 100 may be a personal computer, a notebook computer, a smart phone, a smart portable device, or an intelligent reading device.
  • the client device 100 may be a floating IP address (Internet Protocol Address) that changes at any time, or may be a device for fixed IP wireless communication functions (for example, a personal computer or a notebook). a computer, a smart phone, a smart portable device, or a smart reading device, etc., and each client device 100 has a unique identifier (eg, a code set by the manufacturer at the factory; for example : Hardware data such as MAC Address) is used to generate a Universally Unique Identifier (uuid) of the client device 100 for verifying system health, identifying the identity of the client device 100, or preventing hacking.
  • a unique identifier eg, a code set by the manufacturer at the factory; for example : Hardware data such as MAC Address
  • Uuid Universally Unique Identifier
  • the cloud device 500 is a fixed domain name system (DNS), which has a server function and has a function with each client device 100.
  • Wireless communication The function of the cloud device 500 is at least composed of a receiving/transmitting interface module, a data processing module and a memory module; therefore, the cloud device 500 has recorded all the uuids belonging to all clients in the Internet of Things of the present invention and has been stored.
  • the memory module 530 a database is formed.
  • the proxy server 700 is a floating IP that can be changed at any time, and can be transmitted to the client by the cloud device after generating the URL or URI, the account number and the password, and the most important task is to confirm that it is for the Internet of Things.
  • the encoded data string transmitted by the client device 100 must be transmitted by the IP address of the assigned proxy server 700, and after the proxy server 700 receives the encoded data string, it is directly transmitted to the cloud device 500; After receiving the data string transmitted by the client device, the proxy server 700 does not perform any processing, but directly transmits the received data string, so the processing time at the proxy server 700 is very short, about several To tens of milliseconds (ms). After the cloud device 500 receives the data string of the proxy server 700 and decodes it, the data string transmitted by the client device 100 is processed.
  • ms milliseconds
  • the cloud device 500 in the process that the entire client device 100 transmits data to the cloud device 500, the cloud device 500 does not directly expose its own address, so the cloud device can be reduced. The probability of 500 being hacked can greatly improve the security of the Internet of Things.
  • the plurality of client devices 100 can be divided into a plurality of groups, each group corresponding to or paired with a proxy server 700, so that the present invention
  • there may be multiple proxy server devices 700 as shown in FIG. 1B.
  • the proxy server 700 can be selected to be shut down, or the URL or URI and password of a new proxy server 700 can be re-established.
  • the proxy server 700 selects a communication protocol using MQTT (Message Queuing Telemetry Transport) to perform data string transmission.
  • MQTT Message Queuing Telemetry Transport
  • MQTT is a protocol designed for the Internet of Things, especially the lightweight messaging protocol based on the publish/subscribe model, which was invented by Dr. Andy Stanford-Clark of IBM and Dr. Arlen Nipper of Arcom in 1999; A protocol designed with a large amount of computing power and communication between remote sensors and control devices operating in low bandwidth, unreliable networks. Therefore, MQTT has the advantages of small transmission data and light weight, which can have great advantages in bandwidth and speed; also because of the network it needs.
  • the bandwidth is very low, so the hardware resources required are low, so the IoT system or various commercial operating systems using the IoT system (such as logistics management or production history of products) can be established.
  • the efficiency of the query or the identification of the authenticity of the product, etc.) can also effectively reduce the cost of commercial operations.
  • the client device 100 logs in to the cloud device 500 (such as the communication direction indicated by S1 in FIG. 1A).
  • the client device 100 logs in to the cloud device 500 through https to start the Internet of Things. system.
  • the cloud device 500 receives the request from the client device 100 (such as the communication direction indicated by S2 in FIG.
  • the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by the client device 100 has been Stored in the database of the cloud device 500; if it is confirmed that the hardware uuid (such as MAC Address) Address used by the client device 100 is already stored in the database of the cloud device 500, a client uuid is generated; then, the cloud The device 500 generates a pair of keys used by the exclusive client.
  • the key is an Asymmetric Key (RSM); thus, a pair of client_pub_keys can be generated. And client_pri_key; wherein the RSM asymmetric key has a long decoding time, so the security is high.
  • RSM Asymmetric Key
  • the cloud device 500 can also selectively generate a symmetric key (client) key client_share_key specific to the client device 100. Therefore, in the preferred embodiment of the present invention, the RSM asymmetric key and the symmetric key can be selectively used together; since the symmetric key has a short decoding time and relatively low security, The client_share_key needs to be changed at any time to ensure security; for this reason, the cloud device 500 further generates/sets a change time (share_key_expiry date time), and improves the security by changing the share_key_expiry date time from time to time; After detecting that the client_share_key changed at any time has exceeded the time of the change of the share_key_expiry date time setting, the device 500 automatically generates a new client_share_key to ensure security.
  • client symmetric key
  • the cloud device 500 When the cloud device 500 confirms that the hardware uuid (such as MAC Addresses) data of a client device 100 is the same as that stored in the database, it is determined that the client device 100 is a client in the Internet of Things, and then the cloud device 500 will The generated uuid and key information is transmitted back to the client device. 100 (as indicated by the S3 communication direction in FIG. 1A), the messages transmitted back to the client device 100 include: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key; since all client devices 100 use the same pub_key, so Also known as sever_pub_key) and client_pri_key.
  • client_uuid such as MAC Addresses
  • the cloud device 500 receives the request from the client device 100, and the cloud device 500 compares the hardware uuid (such as MAC Address) used by the client device 100 to the database of the cloud device 500, it is determined. If the hardware uuid (such as MAC Address) used by the client device 100 is not the client device 100 in the Internet of Things, the hardware uuid (such as MAC Address) message is stored in another database for subsequent comparison.
  • the hardware uuid such as MAC Address
  • the backhaul mechanism of the S3 communication direction is generally not erroneous, but there is still a mechanism for error; for example, if the server (Server) reflects the time too long and the connection fails, then It will be re-executed by the client device 100 again, but the cloud device 500 at this time determines that the hardware uuid (such as MAC Address) has been recorded in the database, and thus the hardware uuid (such as MAC Address) is still corresponding. The uuid is returned, at this time, a pair of keys generated by the cloud device 500 and transmitted back to the client device 100 are updated. Therefore, even if a fake device uses any method to spoof the hardware uuid (such as MAC Address) of the client device 100, the same key cannot be obtained. In other words, only a certain uuid can survive in the system.
  • the server Server
  • client_uuid ie, client_uuid will be garbled according to sever_pub_key
  • URL of the client_share_key, share_key_expiry date time, MQTT_Broker, or URI is obtained through https "request”.
  • the cloud device 500 when the cloud device 500 receives the cryptographic code client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes client_share_key, share_key_expiry date time, MQTT_Broker's URL or URI, and MQTT_Broker account and password, etc., with client_pub_key, and then transmits it back to client device 100 (as indicated by S5 in Figure 1A).
  • the present invention can further encode the URL or URI, account number and password of another proxy server 700' and send it back to the client device 100 for storage; as a subsequent cloud device 500, the message is delivered to the client.
  • the client device 100 can communicate and communicate with the client device 100 via the path of the proxy server 700'.
  • the URL or URI, account number and password of the MQTT_Broker can be selected to be obtained twice; for example, the first time (the communication direction indicated by S4 in FIG. 1A), the client device 100, after the encoded client_uuid (that is, client_uuid will be garbled according to sever_pub_key), obtain the URL or URI of client_share_key, share_key_expiry date time and MQTT_Broker through https "requirement"; and when the cloud device 500 receives the client_uuid converted into garbled code, it will The sever_pri_key is decoded to confirm whether the client_uuid is correct.
  • the cloud device 500 After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the client_share_key, the share_key_expiry date time, and the URL or URI of the MQTT_Broker with the client_pub_key, and then transmits the result to the client device 100 (for example, The communication direction indicated by S5 in Fig. 1A). The second time (as indicated by the communication direction indicated by S6 in FIG.
  • the client device 100 further obtains the MQTT_Broker account and password through the https "request" by using the encoded client_uuid (ie, client_uuid will be garbled according to sever_pub_key); After receiving the garbled client_uuid, the cloud device 500 decodes according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the MQTT_Broker account and password with the client_pub_key and returns the code. To the client device 100 (the communication direction indicated by S7 in FIG. 1A). In particular, the first and second time to obtain the content, only the MQTT_Broker URL or URI, account number and password are required to be obtained twice, the other is not limited.
  • the https used is a hybrid password security protocol, a secure communication protocol (Secure Sockets Layer (SSL), or a transport layer security protocol (Transport).
  • Layer Security; TLS which is a recognized security protocol itself, and the recognized credentials required by the cloud device 500, can be confirmed by the client device 100 by the digital signature of the authentication center to confirm whether the message is directly transmitted by the cloud device 500. Therefore, when a hacker tampering, misappropriating or denying the message transmission process, these security certificates can be used to prevent password tampering or misappropriation.
  • the complete message includes: 1. Sever_pub_key ; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password;5.client_Share_key;6.Share_key_expiry date time.
  • the client device 100 After the client device 100 confirms receipt of the complete message, it uses the client_share_key to encode the client_uuid and the data content to be transmitted to the cloud by the client device 100, and then uploads it to the proxy server 700 (ie, MQTT Broker). ).
  • the proxy server 700 ie, MQTT Broker.
  • the client device 100 further checks whether the aging of the Share_key_expiry date time has expired (eg, the expiration date is 2015/0501); if the aging of the Share_key_expiry date time has elapsed (eg : The result of the check date is 2015/0502), the client device 100 will re-encode the client_uuid (ie, client_uuid will be garbled according to sever_pub_key), and obtain a new share_key_expiry date time message through https; and when the cloud device 500 After receiving the hacked client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct.
  • the client_uuid ie, client_uuid will be garbled according to sever_pub_key
  • the cloud device 500 After receiving the hacked client_uuid, it will decode according to the sever_pri_key to confirm whether the client_u
  • the cloud device 500 After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the new share_key_expiry date time with the client_pub_key and sends it back to the client. Device 100.
  • the time set by the share_key_expiry date time may be periodic or random, and may be determined by the cloud device 500.
  • the client device 100 After the client device 100 confirms that the complete message has been received, at this time, the client device 100 already knows the URL or URI of the MQTT_Broker of the proxy server 700 and the MQTT_Broker account and password, so the client device 100 can encode the client_uuid and The data string (for example, the production history of the product, etc.) is uploaded to the proxy server 700 (as indicated by S8 in FIG. 1A); then, the proxy server 700 receives the encoded client_uuid and data uploaded by the client device 100. After the string (for example, the production history of the product, etc.), the message uploaded by the client device 100 is directly transmitted (that is, without any processing) to the cloud device 500; obviously, the entire Internet of Things is at the client.
  • the data string for example, the production history of the product, etc.
  • the device 100 forwards its message to the cloud device 500, and the cloud device 500 It does not directly expose its own address, so it can reduce the probability of cloud device 500 failure or hacking. Since the proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, since the time processed by the proxy server 700 is very short, the URL or URI of the MQTT_Broker and the MQTT_Broker account of the proxy server 700 can be reduced. The probability that the password is cracked can increase the security of the IoT communication process.
  • the cloud device 500 receives the data directly transmitted by the proxy server 700 (ie, the encoded client_uuid and the data string), and then uses the client_share_key for decoding (Decode). And will verify that the received client_uuid and data string (for example: product production history, etc.) are complete and correct; if correct, then store it in memory module 530, waiting for the user to receive the received data string (for example : Product production history, etc.) for specific applications; for example: establishing a production history database for at least one product; if the verification of the received client_uuid and the data string is incomplete or incorrect, then the recording is performed.
  • the client_share_key for decoding
  • the purpose of verifying an incorrect message is to prevent or reduce the chances of being successfully succeeded by the IoT system through artificial intelligence for deep learning or artificially added, modified or modified verification mechanisms.
  • the incorrect message includes, for example: (1) crawling the news by the web crawler to find the fake product of the current product; or (2) setting the same client_uuid at the beginning of the program. At the same time, it appears in two completely different places. At this time, the Internet of Things system will notify the company's inspectors or provide warnings, and the methods that the inspectors can make at least observe or ignore actions to achieve advance warning and prevention.
  • the cloud device 500 may choose to turn off the proxy server 700 (such as the communication direction indicated by S10 in FIG. 1A) if it is faulty or hacked.
  • the client_share_key encoding mode can be combined with a hash function to prevent tampering, wherein the hash function can select MD5, SHA-1, SHA-256, and the like.
  • client_share_key can also cooperate with different decoding methods, such as: block cipher, stream cipher, ECB mode or the aforementioned hybrid method, in addition to more effective to improve the cracking difficulty, without loss of decoding time.
  • FIG. 1B is a schematic diagram of another embodiment of the Internet of Things connection system of the present invention.
  • the Internet of Things connection system is composed of a plurality of client devices 100, a cloud device 500 and at least one proxy device 700; wherein each client device 100 has a wireless communication function and has a specific The device of the user identifier; the cloud device 500 has a function of communicating with each client device 100, and confirms that the client device 100 is in the Internet of Things by a specific user identifier unique to each client device 100.
  • One of the client devices 100; the proxy server 700 has its URL or URI and password, and can communicate with the cloud device 500. Since the embodiment of FIG. 1B is the same as the embodiment of FIG.
  • the cloud device 500 provides the URL or URI, account number and password of each proxy server 700.
  • the paired client devices 100 can only communicate with the paired proxy server 700, and then the proxy server 700 communicates with the cloud device 500 to The data string on each client device 100 is transmitted to the cloud device 500. Therefore, the process of actually completing the connection of the Internet of Things in FIG. 1B is briefly described as follows.
  • each client device 100 logs in to the cloud device 500 via https. Then, after the cloud device 500 receives the request of each client device 100, the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by each client device 100 has been stored in the database of the cloud device 500. If it is confirmed that the hardware uuid (such as MAC Address) used by each client device 100 has been stored in the database of the cloud device 500, each client's respective dialect code (client uuid) is generated; then, the cloud The device 500 generates a pair of keys used by the exclusive client according to each client device 100.
  • the hardware uuid such as MAC Address
  • the cloud device 500 After the cloud device 500 determines that each client device 100 is a client in the Internet of Things, the cloud device 500 will generate each of the generated devices.
  • the information such as uuid and key is transmitted back to each of the corresponding client devices 100, and the messages transmitted back to each client device 100 include: client_uuid, sever_pub_key, and client_pri_key.
  • each client device 100 can obtain the client_share_key, share_key_expiry date time, MQTT_Broker URL or URI, and MQTT_Broker account and password (username/password) through the https "request" of the encoded client_uuid; and when the cloud device 500 receives After turning into garbled client_uuid, it will be based on the respective sever_pri_key Decoding to confirm whether each client_uuid received is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the client_share_key, the share_key_expiry date time, the URL or URI of the MQTT_Broker, and the MQTT_Broker account and password with the client_pub_key.
  • Transfer to the client device 100 For example: return the URL or URI, account number and password of the proxy device (Broker-1) to Client-1 to Client-5; return the URL or URI, account number and password of the proxy device (Broker-2) to the client- 6 ⁇ Client-15; return the URL or URI, account number and password of the proxy device (Broker-3) to Client-16 ⁇ Client-50; obviously, the Internet of Things has 50 separate client devices 100
  • the pairing is performed by the three proxy server devices 700 to communicate with the cloud device 500.
  • the client device 100 will then connect with the paired proxy server 700 obtained by the client device 100; meanwhile, when each client device 100 confirms its
  • the message received by the cloud device 500 already includes: 1.Sever_pub_key; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password; 5.Client_Share_key; 6.Share_key_expiry date time, will use client_share_key
  • the client_uuid and the data content to be transmitted to the cloud by the client device 100 are encoded and then uploaded to the proxy server 700 (ie, the MQTT Broker).
  • each client device 100 confirms that the complete message has been received, at this time, the client device 100 already knows the URL or URI of the MQTT_Broker and the MQTT_Broker account and password of the proxy server 700 it is paired with, so the client The device 100 may upload the encoded client_uuid and the message string (for example, the production history of the product, etc.) to the paired proxy server 700; then, each proxy server 700 receives the encoded client_uuid uploaded by the paired client device 100 and After the message string (for example, the production history of the product, etc.), the message uploaded by the client device 100 is directly transmitted (that is, without any processing) to the cloud device 500; obviously, the entire Internet of Things is in the client.
  • the message string for example, the production history of the product, etc.
  • the cloud device 500 When the end device 100 passes the message to the cloud device 500, the cloud device 500 does not directly expose its own address, so the probability that the cloud device 500 is damaged or hacked can be reduced. Since each proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, since the time processed by the proxy server 700 is very short, the URL or URI of the MQTT_Broker of the proxy server 700 can be reduced. The probability of the MQTT_Broker account and password being cracked can increase the security of the IoT communication process.
  • the cloud device 500 After receiving the data directly transmitted by each proxy server 700 (ie, the encoded client_uuid and the data string), the cloud device 500 then decodes each client_share_key and verifies the received client_uuid and Whether the data string (for example, the production history of the product, etc.) is complete and correct; if it is correct, it is stored in the memory module 530, waiting for the user to perform the specific application of the received data string; for example, establishing at least one product
  • the production history database; if the received client_uuid and the data string are incomplete or incorrect, the recording is performed; in this embodiment, the generation of the incorrect message may include: the frequency of each client publishing information has a certain regularity.
  • the proxy server 700 If the information published by the client is abnormal or excessive frequency is generated, it is regarded as an incorrect message; or the proxy server 700 itself publishes the information without the MQTT method, and attempts to connect to the cloud device 500, etc.; When the message continues to appear, it is judged that the proxy server 700 may be damaged or hacked; then the cloud device 5 00 can optionally turn off this proxy server 700.
  • the main technical means of the Internet of Things connection system of the present invention is that after the cloud device 500 confirms that each client device 100 is a user of the Internet of Things, the cloud device 500 will use the URL or URI of the MQTT_Broker of the proxy server 700.
  • the MQTT_Broker account number and password are transmitted back to each client device 100.
  • each client device 100 is connected to the proxy server 700 according to the received URL or URI of the MQTT_Broker, the MQTT_Broker account and the password, and each client is connected.
  • the data string to be transmitted by the end device 100 (for example, the production history of the product, etc.) is encoded and uploaded together to the proxy server 700; then, the proxy server 700 does not transmit the data string to the client device 100 (for example, production of the product)
  • the data string transmitted from the client device 100 is directly transmitted to the cloud device 500 for decoding and processing.
  • the Internet of Things connection system of the present invention is connected in two stages, and after the identification of the client device 100 is completed in the first stage, the client device 100 can only interact with the proxy server 700 in the second phase.
  • connection since the first phase is completed before the client device 100 performs the connection, when the client device 100 officially transmits the data string, it can only connect and communicate with the proxy server 700; therefore, the cloud device 500 It will not directly expose its own address, so it can reduce the probability of cloud device 500 failure or being hacked, which can effectively improve the Internet of Things. Connect the security of the system.
  • the IoT connection system of the present invention also has the self-checking intelligent judgment function, thereby increasing system stability and security; for example, especially when the system fails due to a nameless or when a hacker is in the message
  • the security authentication of the present invention can be used to prevent the password from being tampered with or stolen; thus, the security of the Internet of Things system can be ensured.
  • FIG. 2 is a schematic diagram of an embodiment of establishing a production history and product production history query system using the Internet of Things system according to the present invention.
  • the client device 100 can be a manufacturer-side reading device, which can take the entire production and delivery process of the product from the manufacturing step to the delivery to the store, and use the time axis as the production history of the product. After the item is recorded, after the confirmation of S1-S7 in FIG. 1A or FIG.
  • each of the client devices 100 is one of the client devices 100 in the Internet of Things, and each of the client devices 100 has already
  • the client device 100 can encode the content data of the production process and then transmit the content data to the proxy server 700, and the proxy server 700 receives the messages.
  • the proxy server 700 directly transmits the data string transmitted by the client device 100 to the cloud device 500 for decoding and processing without processing the data string (for example, the production history of the product) transmitted by the client device 100.
  • the production history database can record each product from A manufacturing process continues until the entire production process of the delivery to the store; since the client device 100 transmits the data of the production history to the cloud device 500, it can only connect and communicate with the paired proxy server 700; therefore, the entire production history During the process of establishing the database, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the security of the production history database can be effectively improved. Also.
  • the reading device of the present invention may communicate with the cloud device 500 in the form of a gateway, and the communication mode is connected to the cloud device 500 by a dynamic communication mode of the http hybrid proxy server (MQTT); Reduce the chances of the cloud device 500 failing or being successfully attacked by a hacker, thus ensuring communication security, stability, privacy, and speed.
  • MQTT http hybrid proxy server
  • the cloud device 500 can be based on the user's request (the user has confirmed that the user is logged in, for example: Smart phone), the production history of the product to be queried, the type of production history data (ie, select text, picture, voice or video) or warranty data, through the communication direction indicated by S11, by another agent servo
  • the device 700' is delivered to the user's communication device 100 for display.
  • the cloud device 500 Since the cloud device 500 has transmitted the URL or URI, account number and password of the proxy server 700' to the user's communication device 100, when the cloud device 500 wants to transmit the production history or warranty data of the product to the user, the same Each of them can only connect and communicate with the proxy server 700' via the URL or URI, account number and password of the proxy server 700'; therefore, the cloud device 500 will record the production history or warranty data of the product to be queried by the user. During the whole process of transmitting the message to the user's smart phone, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the Internet of Things production history database can be effectively improved. Security.
  • the client device 100 will only query the product data to be queried only after the specific user identifier confirms that the client device 100 is one of the client devices 100 in the Internet of Things.
  • the proxy server 700 can communicate with the proxy server 700' via the URL or URI and password of the proxy server 700, and the proxy server 700 directly communicates with the cloud device 500 to view the product data and products to be queried by the client device 100 in the cloud device 500.
  • the cloud device 500 and the message in the product production history database can communicate with the proxy server 700' via the URL or URI and password of the other proxy server 700' so that the proxy server 700 can be used. 'Transfer the message in the product production history database to the client device 100.
  • a detailed content type record may be further established in the key record of the product history content as the product time, and the detailed content type may be used in FIG. 3A.
  • the displayed text, or the text and picture as shown in FIG. 3B, or voice or video, is built in the production history database of the cloud device 500.
  • a database formed by product warranty data may be created, wherein the product warranty data includes at least the product number of the product, The product's shelf date, product release date, origin, product manufacturer and manufacturer address, and product material are shown in Figure 3C.
  • connection method and process of establishing and querying the production history of the Internet of Things connection system of the present invention will be described in detail.
  • the innovation of using the proxy servo device 700 of the present invention can be more clearly understood. point.
  • FIG. 4 is a flowchart of a method for establishing a product production history and a product production history query method using the Internet of Things disclosed in the present invention.
  • the method for inspecting the production history of the product using the Internet of Things and the product production history query method includes:
  • Step 1 The client device 100 logs in to the cloud device 500.
  • the client device 100 logs in to the cloud device 500 through https to start the Internet of Things system.
  • Step 2 After the cloud device 500 receives the request from the client device 100, the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by the client device 100 has been stored in the database of the cloud device 500.
  • the hardware uuid such as MAC Address
  • Step 3 When the cloud device 500 confirms that the hardware uuid (such as MAC Address) used by the client device 100 is already stored in the database of the cloud device 500, it is determined that the data of the client device 100 is correct, which is the client device in the Internet of Things. 100, the cloud device 500 generates a client uuid, a key used by a pair of exclusive clients.
  • the key is a highly secure RSM asymmetric key (Asymmetric Key); therefore, a pair of client_pub_key and client_pri_key can be generated; and the generated uuid and key are returned.
  • the client device 100 the message of the backhaul client device 100 includes: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key.
  • the cloud device 500 compares the client.
  • the hardware uuid such as MAC Address
  • the hardware uuid such as MAC Address
  • This hardware uuid such as MAC Address
  • Step 4 The client device 100 determines whether the information such as the uuid and the key generated by the cloud device 500 has been correctly received; when the client device 100 confirms that the uuid and the key have been correctly received. After that, the client device 100 will request the client_share_key, the URL or URI of the MQTT_Broker of the proxy server 700, and the MQTT_Broker account and password (username) to the cloud device 500 through the https with the encoded client_uuid (ie, the client_uuid will be garbled according to the sever_pub_key). /password).
  • Step 5 When the cloud device 500 receives the garbled client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key and the proxy server 700.
  • the URL or URI of the MQTT_Broker and the MQTT_Broker account and password are encoded in the client_pub_key and transmitted back to the client device 100.
  • Step 6 After the client device 100 obtains relevant data from the cloud device 500, the client device 100 will use the client_pri_key to decode and confirm that the received message must be complete.
  • the complete message includes: 1.Sever_pub_key; .Client_pri_key; 3.MQTT_Broker's URL or URI; 4.MQTT_Broker username/password;5.client_Share_key.
  • the client device 100 confirms receipt of the complete message, it will connect with the proxy server 700; if the client device 100 determines that the received message is incomplete, it will return to step 4 to re-request to the cloud device. 500 requests the client_share_key, the URL or URI of the MQTT_Broker of the proxy server 700, and the MQTT_Broker account and password (username/password).
  • Step 7 The client device 100 connects to the proxy server 700 using the URL or URI of the MQTT_Broker and the MQTT_Broker account and password. Meanwhile, the client_share_key is also used to transmit the client_uuid and the data content of the client device 100 to the cloud device 500 (for example: product The production history and the like are encoded and then uploaded to the proxy server 700.
  • the cloud device 500 for example: product The production history and the like are encoded and then uploaded to the proxy server 700.
  • Step 8 After receiving the encoded client_uuid and the message string (for example, the production history of the product, etc.) uploaded by the client device 100, the proxy server 700 immediately sends the message uploaded by the client device 100 directly (that is, does not Do any processing) to the cloud device 500.
  • the proxy server 700 After receiving the encoded client_uuid and the message string (for example, the production history of the product, etc.) uploaded by the client device 100, the proxy server 700 immediately sends the message uploaded by the client device 100 directly (that is, does not Do any processing) to the cloud device 500.
  • Step 9 After receiving the data directly transmitted by the proxy server 700, the cloud device 500 decodes the client_share_key and verifies that the received client_uuid and the data string (for example, the production history of the product, etc.) are complete. correct.
  • Step 10 When the cloud device 500 determines that the received client_uuid and the data string are complete and correct, the decoded client data string (for example, the production history of the product, etc.) is stored in the memory module 530, waiting for the user to The received data string is used for a specific application, for example, the establishment of a production history database of the product is completed in the cloud device 500; if the received client_uuid and the data string are incomplete or incorrect, the recording is performed;
  • the incorrect message includes: (1) if the client_uuid corresponding to a certain website is incorrect, there may be a theft problem; (2) if a client_uuid has a data corresponding to the location (Geo Location), Verify by verifying the reasonableness of the GeoLocation (whether a client_uuid is in Asia, the next minute is in North America); when an incorrect message persists, it is determined that the proxy server 700 may be malfunctioning or being hacked.
  • the cloud device 500 can choose to turn off
  • the connection is completed with the cloud device 500 before each client device 100 leaves the factory, that is, after each client device 100 is shipped from the factory,
  • the complete message has been obtained from the cloud device 500: 1.Sever_pub_key; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password; 5.client_Share_key.
  • the data string to be transmitted by each client device 100 to the cloud device 500 is transmitted to the proxy server 700 according to the URL or URI of the MQTT_Broker, and the client device 100 is directly used by the proxy server 700.
  • the data string is transmitted to the cloud device 500.
  • the cloud device 500 does not directly expose its own address, so that the cloud device 500 can be reduced or hacked.
  • the consumer can first establish a program for the identity recognition of the smart phone used by the user and the Internet of Things of the present invention; for example, downloading the APP software of the Internet of Things of the present invention, and letting the consumption through the process of steps 1 to 6 of FIG.
  • the smart phone used by the user has completed the identity recognition process in the Internet of Things of the present invention, that is, the hardware uuid (such as MAC Address) of the consumer using the smart phone has been stored in the database of the cloud device 500; then, when the consumer You can use the smart phone you are using, the product number (item number) or QR Code you want to query, and the data history of the product's production history or warranty data, which will be viewed through step 7, according to MQTT_Broker
  • the URL or URI is transmitted to the proxy server 700, and then, via the step 8, the proxy server 700 directly transmits the data string that the consumer wants to query to the cloud device 500.
  • the cloud device 500 determines that the received client_uuid and the data string are complete and correct, and then, according to the decoded consumer data string, the comparison to the product production history database is performed in step 11. Whether the product number (item number) or QR Code has been established; if the product number (item number) or QR Code that the consumer wants to inquire is compared, the cloud device 500 further checks the production of the product that the consumer wants to query.
  • the profile of the resume or warranty data exists; if there is a production history or a warranty data type that matches the product that the consumer wants to query, since the consumer (ie, the client device 100) has stored the smart phone, The URL or URI, account number and password code required for the proxy server 700' to connect, the cloud device 500 will be connected to the proxy server 700' via step 12, and the production history of the product to be queried by the consumer or The type of the warranty data is transmitted to the proxy server 700', and the proxy servo 700' directly directs the production history of the product or the warranty data. Teleportation to the consumer smart phone, so that consumers can see the product you want to buy or warranty history through the display data on a smart phone.
  • the cloud device 500 can set the URL or URI, account number and password of the proxy server 700', when the cloud device 500 wants to transmit the production history or warranty data of the product to the user (ie, step 12), the same is true. All of them can only connect and communicate with the proxy server 700' through the URL or URI, account number and password of the proxy server 700'; therefore, the cloud device 500 transmits the production history or warranty data of the product to be queried by the user. In the whole process of the user's smart phone, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the cloud device 500 and the Internet of Things can be effectively improved. The security of the production history database.
  • the IoT connection system of the present invention also has a self-checking intelligent judgment function to increase system stability and security; for example, especially when the system fails due to unknown reasons or when a hacker is in the message transmission process
  • the security authentication of the present invention can be used to prevent password tampering or misappropriation; thus, the security of the Internet of Things system can be ensured.
  • FIG. 5 is a flowchart of another embodiment of the present invention for establishing a product production history and a product production history query method using the Internet of Things.
  • the method for establishing a product production history and product production history query using the Internet of Things of the present invention includes:
  • Step 1 The client device 100 logs in to the cloud device 500.
  • the client device 100 logs in to the cloud device 500 through https to start the Internet of Things system.
  • Step 2 After the cloud device 500 receives the request from the client device 100, the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by the client device 100 has been stored in the database of the cloud device 500.
  • the hardware uuid such as MAC Address
  • Step 3 When the cloud device 500 confirms that the hardware uuid (such as MAC Address) used by the client device 100 is already stored in the database of the cloud device 500, it is determined that the data of the client device 100 is correct, which is the client device in the Internet of Things. 100, the cloud device 500 generates a client uuid, a key used by a pair of exclusive clients.
  • the key is a highly secure RSM asymmetric key (Asymmetric Key); therefore, a pair of client_pub_key and client_pri_key can be generated; and the generated uuid and key are returned.
  • the client device 100 the messages of the backhaul client device 100 include: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key).
  • the cloud device 500 compares the hardware uuid (such as MAC Address) used by the client device 100 to the database of the cloud device 500, and determines this. If the hardware uuid (such as MAC Address) used by the client device 100 is not the client device 100 in the Internet of Things, the hardware uuid (such as MAC Address) message is stored in another database for subsequent comparison.
  • the hardware uuid such as MAC Address
  • Step 4 The client device 100 determines whether the uuid and the key generated by the cloud device 500 are correctly received; when the client device 100 confirms that the uuid and the key have been correctly received. After that, the client device 100 will request the client_share_key, share_key_expiry date time, the URL or URI of the MQTT_Broker of the proxy server 700, and the MQTT_Broker account to the cloud device 500 through the https with the encoded client_uuid (ie, the client_uuid will be garbled according to the sever_pub_key). And password (username/password).
  • the key is an Asymmetric Key; therefore, a pair of client_pub_key and client_pri_key can be generated; wherein the RSM asymmetric key has a long decoding time, so High security.
  • the cloud device 500 can also selectively generate a symmetric key (client) key client_share_key specific to the client device 100. Therefore, in the preferred embodiment of the present invention, the RSM asymmetric key and the symmetric key can be selectively used together; since the symmetric key has a short decoding time and relatively low security, Client_share_key needs to be changed at any time to ensure security.
  • the cloud device 500 further generates a share_key_expiry date time that changes at any time, and improves the security by changing the client_share_key from time to time; therefore, when the cloud device 500 detects that it changes at any time. After the client_share_key has exceeded the set change time, a new client_share_key is automatically generated to ensure security.
  • Step 5 After receiving the garbled client_uuid, the cloud device 500 decodes according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key, share_key_expiry date time, and proxy.
  • the URL or URI of the MQTT_Broker of the server 700 and the MQTT_Broker account and password are encoded in the client_pub_key and transmitted back to the client device 100.
  • Step 6 After the client device 100 obtains relevant data from the cloud device 500, the client device 100 will use the client_pri_key to decode and confirm that the received message must be complete.
  • the complete message includes: 1.Sever_pub_key; .Client_pri_key;3.MQTT_Broker's URL or URI; 4.MQTT_Broker username/password;5.client_Share_key;6.share_key_expiry date time.
  • the client device 100 confirms receipt of the complete message, it will connect with the proxy server 700; if the client device 100 determines the received message If the information is incomplete, it will return to step 4 and request the acquisition to the cloud device 500 again.
  • Step 7 The client device 100 connects to the proxy server 700 using the URL or URI of the MQTT_Broker and the MQTT_Broker account and password. Meanwhile, the client_share_key is also used to transmit the client_uuid and the data content of the client device 100 to the cloud device 500 (for example: product The production history and the like are encoded and then uploaded to the proxy server 700.
  • the cloud device 500 for example: product The production history and the like are encoded and then uploaded to the proxy server 700.
  • Step 8 The client device 100 checks whether the aging of the Share_key_expiry date time has expired; if the check result has not expired, the encoded client_uuid and the data string (for example, the production history of the product, etc.) are uploaded to the proxy server 700. If the check result is an expired state, it will return to step 4 and request to request the cloud device 500 to obtain a new Share_key_expiry date time.
  • the client device 100 when the expiration date is 2015/0501; if the check result has expired by Share_key_expiry date time (for example, the result of the check date is 2015/0502), the client device 100 will re-encode the client_uuid (ie The client_uuid will be garbled according to the sever_pub_key. The new share_key_expiry date time is obtained through the https request.
  • the cloud device 500 receives the garbled client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct.
  • the cloud device 500 After confirming that client_uuid is correct, the cloud device 500 encodes the new share_key_expiry date time with the client_pub_key and transmits it back to the client device 100.
  • the time set by the share_key_expiry date time may be periodic or random, and may be determined by the cloud device 500.
  • Step 9 After receiving the encoded client_uuid and the message string (for example, the production history of the product, etc.) uploaded by the client device 100, the proxy server 700 immediately sends the message uploaded by the client device 100 directly (that is, does not Do any processing) to the cloud device 500.
  • the proxy server 700 After receiving the encoded client_uuid and the message string (for example, the production history of the product, etc.) uploaded by the client device 100, the proxy server 700 immediately sends the message uploaded by the client device 100 directly (that is, does not Do any processing) to the cloud device 500.
  • Step 10 After receiving the data directly transmitted by the proxy server 700, the cloud device 500 decodes the client_share_key and verifies that the received client_uuid and the data string (for example, the production history of the product, etc.) are complete. correct.
  • Step 11 When the cloud device 500 determines that the received client_uuid and the data string (for example, the production history of the product, etc.) are complete and correct, the decoded client data string is stored in the memory module 530, waiting for the user to The received data string (for example, the production history of the product, etc.) is specified If the client_uuid and the data string are incomplete or incorrect, the error is recorded. There is a problem of misappropriation (2) If a client_uuid cooperates to upload the data of its location (Geo Location), it can be verified by verifying the reasonableness of GeoLocation (whether a client_uuid is in Asia, the next minute is in North America) . When the incorrect message continues to occur, it is determined that the proxy server 700 may be malfunctioning or hacked; then the cloud device 500 may choose to turn off the proxy server 700.
  • GeoLocation whether a client_uuid is in Asia, the next minute is in North America
  • the connection is completed with the cloud device 500 before each client device 100 leaves the factory, that is, after each client device 100 is shipped from the factory,
  • the complete message has been obtained from the cloud device 500 including: 1.Sever_pub_key; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password; 5.client_Share_key; 6.share_key_expiry date time.
  • the data string to be transmitted by each client device 100 to the cloud device 500 is transmitted to the proxy server 700 according to the URL or URI of the MQTT_Broker, and the client device 100 is directly used by the proxy server 700.
  • the data string is transmitted to the cloud device 500. Therefore, the cloud device 500 does not directly expose its own address during the message transmission process from step 7 to step 10, so that the probability of the cloud device 500 being faulty or being hacked can be reduced. Since the proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, the URL or URI of the MQTT_Broker of the proxy server 700 and the probability that the MQTT_Broker account and password are cracked can be reduced, and the Internet of Things communication can be further increased. Process security.
  • the Internet of Things connection system of the present invention also has a self-checking intelligent judgment function to increase system stability and security; for example, especially when the system fails due to unknown reasons or when a hacker is in the message
  • the security authentication of the present invention can be used to prevent the password from being tampered with or stolen; thus, the security of the Internet of Things system can be ensured.
  • the process of obtaining the URL or URI, MQTT_Broker account, and MQTT_Broker password of the MQTT_Broker of the proxy server 700 from the client device 100 to the cloud device 500 may be performed in two steps; For example: the first time is the client installation Set 100 to encode the client_uuid (that is, client_uuid will be garbled according to sever_pub_key). Obtain the URL or URI of client_share_key and MQTT_Broker through https. When the cloud device 500 receives the client_uuid that is garbled, it will decode according to sever_pri_key.
  • the cloud device 500 encodes the URL or URI of the client_share_key and the MQTT_Broker with the client_pub_key and transmits it back to the client device 100; the second time is that the client device 100
  • the encoded client_uuid that is, client_uuid will be garbled according to sever_pub_key
  • obtain the MQTT_Broker account and password through https request; and when the cloud device 500 receives the hacked client_uuid, it will decode according to sever_pri_key to confirm whether client_uuid is Correctly; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the MQTT_Broker account and password and the like with the client_pub_key and transmits the result back to the client device 100.
  • the first and second time to obtain the content only the MQTT_Broker
  • the query process is as follows.
  • each consumer can first establish the program of the smart phone used by the user and the Internet of Things of the present invention to complete the identity recognition; for example, each consumer has downloaded the APP software of the invention of the invention, via FIG. 4
  • the process of steps 1 to 6 allows each consumer to use the smart phone to complete the identity recognition process in the Internet of Things of the present invention, that is, the hardware uuid (such as MAC) of each consumer using the smart phone.
  • the cloud device 500 further checks the production history of the product that the consumer wants to query or Whether the type of the warranty data exists; if there is a production history or a warranty data type conforming to the product that the consumer wants to inquire, since the consumer (ie, the client device 100) has stored the agent in the smart phone
  • the URL or URI, account number and password code required for the connection of the server 700' are connected, so the cloud device 500 is connected to the proxy server 700' via step 13 and the production history of the product to be queried by each consumer or
  • the type of warranty data is transferred to another proxy server 700', and the proxy servo 700' directly directs the production history or warranty data of the product.
  • the type is transmitted to each consumer's smart phone, so that each consumer can see the product production history or warranty data of the product to be purchased through the display on the smart phone.
  • the cloud device 500 can also communicate with a plurality of proxy servers 700', and each proxy server 700' can form a pair with a plurality of consumers.
  • the cloud device 500 can set the URL or URI, account number and password of the proxy server 700', when the cloud device 500 wants to transmit the production history or warranty data of the product to the user, the same can only be done through the proxy.
  • the URL or URI, account number and password of the server device 700' are connected and communicated with the proxy server 700'; therefore, the cloud device 500 transmits a message such as a production history or warranty data of the product to be queried by the user to the user's smart phone.
  • the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the security of the cloud device 500 and the Internet of Things production history database can be effectively improved.
  • the Internet of Things connection system of the present invention also has a self-checking intelligent judgment function to increase system stability and security; for example, especially when the system fails due to unknown reasons or when there is a hacker
  • the security authentication of the present invention can be used to prevent password tampering or misappropriation; thus, the security of the Internet of Things system can be ensured.
  • FIG. 6 is a schematic diagram of a system architecture of the anti-counterfeiting function of the Internet of Things system of the present invention.
  • the Internet of Things system of the present invention performs the function of product anti-counterfeiting
  • the electronic label 12 of the uuid disposed on each product 10 may be Bar Code, QR Code, RFID (Radio Frequency Identification), NFC (Near Field Communications), BLE (Bluetooth Low Energy), iBeacon, ZigBee or Zwave or a chip that simply records this uuid, the present invention does not limit other forms of uuid.
  • the purpose of configuring uuid for each product 10 is to ensure that the uuid of a
  • the client is one or more reading devices 100 disposed on the sales base, and the user must have direct or indirect wireless communication or The function of network communication, therefore, has the ability to communicate or connect with the cloud device 500 through wireless communication or network; for example, the reading device 100 of the present invention is itself configured with a wireless module (eg, WiFi) or a wired network module.
  • the system can be connected or communicated with the cloud device 500 by means of communication such as 3G/4G/5G.
  • the reading device 100 also has a wireless/wired system capable of bridging the cloud device 500 such as BLE, ZigBee or Zwave.
  • the reading device 100 disposed at the sales site itself must have the sensing and recording capability of time and position (including latitude/longitude); for example, a positioning device (Global Positioning System, GPS) is disposed on the reading device 100; After the reading device 100 disposed at the sales location reads the uuid on the product 10, the reading device 100 transmits the information such as the time at which the product 10 is read and the latitude and longitude of the location thereof to the cloud device 500.
  • the cloud device 500 records the uuid of each product 10 and the time and location of reading the one product 10 into a record, and then stores it in the memory module of the cloud device 500 to establish a product authenticity identification database. It will be apparent that a communicable system must be established between the product 10 and the reading device 100; for example, the following table:
  • RFID RFID reader NFC NFC reader Zigbee Zigbee Receiver Zwave Zwave Receiver BLE BLE Receiver iBeacon iBeacon Receiver
  • the processor may be configured in the reading apparatus 100.
  • a memory module or the like enabling the reading device 100 to have a function of performing an editing annotation; for example, in the memory of the reading device 100, the product 10 previously stored in the memory 530 of the cloud device 500 by the manufacturer has been obtained.
  • the path of the production history database is generated. Therefore, when the reading device 100 disposed at the sales site reads the uuid of the product 10, the time and location of the reading device 100 and the content of the production process of the editing annotation are read.
  • the package is collected to form a complete product 10 production content, the complete product 10 production content can be in the cloud device 500 and the product authenticity identification data module is established; wherein the process of establishing the production history data module is already in the foregoing FIG.
  • the details of the embodiments are not described herein.
  • the reading device 100 of the present invention reads the uuid time of the product 10, and after the wireless communication method is transmitted to the cloud device 500 and is stored in the memory module 530, the time message is set to be unchangeable. .
  • the process of establishing the product authenticity identification data module during the operation of the above-mentioned product 10 and the reading device 100 disposed at the sales base is as follows.
  • One RFID is configured on each product 10;
  • the reading device 100 disposed at the sales site has acquired the path of the production history database of the product 10 stored in advance in the memory 530 of the cloud device 500 by the manufacturer;
  • the RFID on the product 10 is sensed by a reading device 100 disposed at the point of sale, which is an electromagnetic wave emitted by the reading device 100 to activate the RFID such that the RFID on the product 10 transmits its own uuid to the reading device 100. ;
  • the reading device 100 configured at the sales site receives the uuid on the product 10, it will read Taking information such as the time read by the device 100 itself and its location is encapsulated and stored in the memory module;
  • the processor of the reading device 100 disposed at the sales site aggregates the information of the path and time of the production history database acquired in advance and the location thereof into an unencoded complete product production content;
  • the processor configured in the reading device 100 of the sales base encodes the complete product production content, and then completes the encoded complete with a pre-acquired proxy server (MQTT) URL or URI, account number and password.
  • MQTT proxy server
  • the product production content is transferred to the cloud device 500 via a proxy server (MQTT);
  • the reading device 100 disposed at the sales base communicates with the cloud device 500 as a gateway, and the communication method is dynamic communication of the http hybrid agent servo device 700 (MQTT).
  • MQTT http hybrid agent servo device 700
  • the cloud device 500 of the present invention can be divided into a plurality of functional platform systems, which can parallelly process user data input and confirmation of the Internet of Things system, product history record and query, and product anti-counterfeiting processing and product warehousing, sales, and parity data. Processing and so on.
  • the cloud device 500 has established uuid of all clients in the memory module 530, and receives the client at the processor (for example, wireless communication through the App program on the mobile phone)
  • the cloud device 500 provides the URL or URI of the proxy server 700, the account number and the password to at least one client device in the Internet of Things, and forms a pair.
  • Each client device can only communicate with the paired proxy server 700, and then the proxy server 700 communicates with the cloud device 500 to transmit the request message on each client device (at least including identity identification, product authenticity). Identification, product production history inquiry, product location inquiry or product sales status inquiry, etc.) to the cloud device.
  • the cloud device 500 confirms the requesting client (for example, a reading device 100 configured at a product manufacturing factory uploads by the app through wireless communication or web through the network) After being the client in the Internet of Things, since the reading device 100 itself has the sensing and recording capability of time and location (including latitude and longitude), when the reading device 100 reads the uuid of the product, it will read The time and location of the reading device 100 are combined with the content of the production history path of the editing annotation to form a complete product production content, and the complete product production content can be used as a subsequent production history or comparison and verification.
  • the requesting client for example, a reading device 100 configured at a product manufacturing factory uploads by the app through wireless communication or web through the network
  • the reading device 100 since the reading device 100 itself has the sensing and recording capability of time and location (including latitude and longitude), when the reading device 100 reads the uuid of the product, it will read
  • the time and location of the reading device 100 are combined with the content of the production history path of
  • the data of the product production program is then encoded, and then sent to the proxy server 700 (MQTT), and then directly transferred to the cloud device 500 by the proxy server 700 (MQTT).
  • MQTT proxy server 700
  • MQTT the product production content to be received is decoded, and then stored in the memory module 530 of the cloud device 500.
  • the cloud device 500 similarly, after the cloud device 500 confirms that the requesting client (for example, uploading by the app through wireless communication or web through the network) is the client in the Internet of Things
  • the processor and the memory module 530 establish various data modules in the cloud device 500 for the entire data information of various products from manufacturing, shipping, warehousing, sales and inventory to serve as a basis for big data analysis, so that the cloud Device 500 can provide data for decision maker decisions.
  • the establishment of various data modules in the cloud device 500 includes at least: a production history data module, a product authenticity identification data module, a sales and parity data module, and a user evaluation data module.
  • the processor on the reading device 100 of the present invention aggregates the pre-acquired product production history path and the reading time and the location thereof into a complete product production content
  • the message is sent via the proxy servo.
  • the device 700 MQTT
  • the device 700 is transmitted to the cloud device 500, and a time series-based product authenticity identification data module is established in the cloud device 500; the content in the product authenticity identification data module includes the time when the product is delivered to the store. And location and production history data of these products.
  • the cloud device 500 requests the authenticity identification of a product by the client (for example, the client uses the app on the mobile phone used by the client to upload the uuid of the product to the cloud device via the proxy server device.
  • the cloud device 500 will make an evaluation of the authenticity of the product according to the time and location information transmitted by the client and the timing and location established in the product authenticity identification data module, via another proxy server 700' (MQTT) ) to the customer
  • the evaluation result of the authenticity of the product is displayed at the end; in addition, the cloud device 500 also establishes the new time and location in the product authenticity identification data module, and the information is not allowed to be modified.
  • FIG. 7 is a first authenticity identification process of the product with real-time reply product anti-counterfeiting function.
  • the first authenticity identification process of the product with the real-time reply product anti-counterfeiting function of the present invention is as follows:
  • the intelligent handheld device 100 of the client in the process of performing the anti-counterfeiting function, the client is an intelligent handheld device as an example, after obtaining the uuid of the product 10, the encoded query packet is sent to the cloud device 500.
  • This packet includes: the uuid of the product 10, the time the query was issued, and the location where the query was issued, etc.); of course, the packets required by these queries are transmitted to the cloud device 500 via the proxy server 700 (MQTT).
  • the cloud device 500 After the cloud device 500 receives the encoded query packet and decodes it, the cloud device 500 compares whether the uuid of the product 10 to be queried has been established in the product authenticity identification data module.
  • the cloud device 500 determines that the product 10 is a fake product and gives a judgment score of a fake product, for example: 90 points; It is transmitted to the client by another proxy server 700' (MQTT) and displays the evaluation result of the authenticity of the product after decoding. It should be noted that the reason for not giving 100 points may be due to the poor quality of the reciprocating or communication transmission process.
  • the processor of the cloud device 500 compares the location (ie, the current location) of the time required to check the authenticity of the product; the cloud device The 500 processor will have a reasonable relationship between the current position of the product 10 and the product location already established in the product identification data module (eg air transport at 550 km / h, ground transport at 100 km / h, sea transport at 60) Km/h).
  • the processor of the cloud device 500 determines that the product is genuine and gives a judgment score of a genuine product, for example: 80 points; after that, by another proxy server 700' (MQTT)
  • the smart handheld device 100 is transmitted to the client and displays the evaluation result of the authenticity of the product after decoding.
  • the processor of the cloud device 500 determines whether there is a reasonable relationship between the time difference and the distance difference between the two; for example, when querying the current location information of the product uuid and establishing the product.
  • the processor of the cloud device 500 determines that the product 10 is a fake and gives a judgment score of a fake product. For example: 70 points; after that, the other agent servo device 700' (MQTT) transmits to the smart handheld device 100 of the client and displays the evaluation result of the authenticity of the product after decoding.
  • MQTT agent servo device 700'
  • the cloud device 500 may be selected to query the product 10 Whether a record of the movement has occurred; if the movement record has occurred, indicating that the storage position of the product 10 has been replaced, when the product 10 is re-stocked, a time series, that is, a position record, is generated again; then the processor of the cloud device 500 There is a reasonable relationship between the current position of the product 10 and the position of the product 10 re-established in the product identification data module.
  • the processing of the cloud device 500 is performed.
  • the device will judge that the product 10 is genuine and give a judgment score of a genuine product, for example: 80 points. If the location of the uuid product of the query product 10 and the location re-established in the product authenticity identification data module are outside the error range (for example, more than 1 km), the processor of the cloud device 500 determines that the product is Counterfeit and give a judgment score for a fake, for example: 70 points. Thereafter, the authentication result of the authenticity of the product is transmitted to the smart handheld device 100 of the client by another proxy server 700' (MQTT) for decoding and display.
  • MQTT proxy server 700'
  • FIG. 8 is a second authenticity identification process of a product with real-time reply product anti-counterfeiting function according to the present invention.
  • the difference between the authenticity identification process and the first product is to further determine whether other time series records have been established in the time series of the product authenticity identification data module, so as to be more accurate.
  • the authenticity of the product 10, the authenticity identification process is as follows:
  • the encoded query packet is sent to the cloud device 500 (this packet includes: the uuid of the product 10, the time when the query is issued, and the location where the query is issued, etc. Requirements; of course, the packets requested by these queries are through proxy servos.
  • the device 700 (MQTT) is transmitted to the cloud device 500.
  • the cloud device 500 After the cloud device 500 receives the encoded query packet and decodes it, the cloud device 500 compares whether the uuid of the product 10 to be queried has been established in the product authenticity identification data module.
  • the cloud device 500 determines that the product 10 is a fake product and gives a judgment score of a fake product, for example: 90 points;
  • the smart handheld device 100 is transmitted to the client by another proxy server 700' (MQTT) and displays the evaluation result of the authenticity of the product after decoding.
  • the processor of the cloud device 500 compares the location (ie, the current location) of the time required to query the authenticity of the product with the product location that has been established in the product identification data module. Is there a reasonable relationship?
  • the processor of the cloud device 500 determines that the product 10 is a fake and gives a The judgment score of the fake product, for example: 70 points. Thereafter, the evaluation result of the authenticity of the product is transmitted to the smart handheld device 100 of the client by another proxy server 700' (MQTT) for decoding and display.
  • MQTT proxy server 700'
  • the processor of the cloud device 500 compares the current location with the location of the product that has been established in the product identification data module.
  • the processor of the cloud device 500 determines that the product 10 is a fake and gives a judgment score of a fake, for example: 80 points; this means that the same Product 10 appears in different locations on different time series, so the probability of counterfeiting is higher.
  • the service device 700' transmits the evaluation result of the authenticity of the product to the smart handheld device 100 of the client for decoding and display.
  • the processor of the cloud device 500 has a reasonable relationship between the current location and the location of the product already established in the product authenticity identification data module.
  • the current location information of the uuid of the query product 10 is the same as the other product location established in the product authenticity identification data module or within a certain reasonable error range (reasonable or not by the system according to the product type, historical displacement mode, the location of the plant The condition and the like are calculated, and when the distance is the main factor related to determining the authenticity of the product, for example, 100 to 500 meters, the processor of the cloud device 500 queries the modules that have been established in the product authenticity identification data module.
  • the authenticity evaluation record of the product location is used to make the authenticity judgment of the product, for example, when the authenticity evaluation records that the product 10 is genuine, the judgment score of a genuine product is given; and when the authenticity evaluation records the product 10 as a pseudo At the time of the product, a judgment score of a fake is given. Thereafter, the authentication result of the authenticity of the product 10 is transmitted to the smart handheld device 100 of the client for decoding and display by another proxy server 700' (MQTT).
  • MQTT proxy server 700'
  • the cloud device 500 may be selected to query whether the product 10 has moved. Recording; if a mobile recording has occurred, indicating that the storage location of the product 10 has been replaced, when the product 10 is re-stocked, a time series, that is, a position record, is generated again; then the processor of the cloud device 500 re-aligns the product. 10 Is there a reasonable relationship between the current position and the product location re-established in the product identification data module?
  • the processor of the cloud device 500 determines that the product 10 is genuine and gives a The judgment score of the authenticity, for example: 80 points.
  • the processor of the cloud device 500 determines the product 10 It is a fake and gives a judgment score of a fake, for example: 70 points.
  • the identification process of the anti-counterfeiting function of the real-time reply product of the present invention has been According to the electronic tag (Tag) 12 message of the product 10 transmitted by the client 100, the score of the authenticity of the product can be replied in real time; wherein the higher the score, the credibility of the judgment of the authenticity of the product by the Internet of Things system of the present invention.
  • the cloud device 500 determines that the product 10 must be a fake ( The judgment score of the fake product: 90 points), but the reason for not giving 100% is that it may be caused by factors such as poor signal transmission or decoding error during the message transmission; if the user has doubts about the judgment result received If the query result of the uuid of the same product 10 is still not established in the product authenticity identification data module, the processor of the cloud device 500 will further confirm that the product 10 is Counterfeit, and re-submit a judgment score of a fake, for example: 95 points.
  • the processor of the cloud device 500 further confirms that the product 10 is a fake and gives a judgment score of the fake product, for example, :80 points.
  • a judgment score of the fake product for example, :80 points.
  • Other different judgment principles and judgment scores may be changed according to the designer of the Internet of Things system.
  • the present invention does not limit the level of judgment scores, and the purpose is to respond to the client's query in real time and immediately give a judgment result as a client. Whether to buy 10 references.
  • the IoT system can give extra points or electronic tags that recognize different security levels.
  • the result of the judgment of the subtraction for example, when the Internet of Things system recognizes that the electronic tag of the product is RFID or NFC, the judgment result obtained according to the foregoing embodiment is added 5 points; for example: when the Internet of Things When the system recognizes that the electronic tag of the product is Bar Code or QR Code, the judgment result obtained according to the foregoing embodiment is reduced by 5 points; the above is only the embodiment of the present invention, and for other different electronic
  • the number of points added or subtracted by the tag is not limited.
  • the client can further query the product production history that is desired to be purchased, that is, request the query again, for example, a product that requires further inquiry of the authenticity of the product.
  • Production process ie production history
  • This process is also The request is sent by the smart device 100 of the client, and the request is transmitted to the cloud device 500 via the proxy server 700 (MQTT).
  • the cloud device 500 encodes the product production history stored in the production history data module and transmits the code through another
  • the proxy server 700' (MQTT) is transmitted back to the client, and after being decoded by the client, the user can see the production history data of the genuine product to be purchased through the display on the smart device 100, and the content includes at least the figure. 3A - Fig. 3C; in addition, for example, knowing the country or region of manufacture of the genuine product, the materials used, etc. through the production history data; if the authentic product is a high-priced product, the designer of the product can also be known through the production history data. Or design company, etc.; these messages can be shared by the client and the sales side through the IoT system, in addition to effectively combating the chances of copying or counterfeiting, increasing the brand or original sales. Profit.
  • the cloud device 500 can effectively know the location of the queried product 10; therefore, when the product 10 to be queried by the client passes through the Internet of Things system After identifying that the product 10 is a fake product, the location of the fake product can be known by the Internet of Things system of the present invention, for example, the coordinates of the fake product can be known, or the area in which the fake product appears is the most. Therefore, it is possible to find out the location of selling counterfeit goods in real time, so as to stop the sale of counterfeit goods. Similarly, in addition to effectively attacking the probability of counterfeit goods or counterfeit goods, the profit of brand manufacturers or original manufacturers can be increased.

Abstract

A system for establishing a product authenticity identification data module by using the Internet of Things comprises: at least one product, wherein a product identifier is configured on each product; a reading device, having a specific user identifier and a coordinates positioning device, so as to read a product identifier of a product; a cloud device, having a function of communicating with the reading device; and an agent servo device, having a URL and a password, and being capable of communicating with the reading device and the cloud device, so as to directly transmit, to the cloud device, the production identifier read by the reading device as well as reading time and a reading position. In the cloud device, the product authenticity identification data module that has a relationship in which the reading time is corresponding to the reading position is established according to the production identifier.

Description

使用物联网建立产品真伪辨识数据模块的系统System for establishing product authenticity identification data module using Internet of Things 技术领域Technical field
本发明是有关于一种云端服务应用的系统,特别是有关于一种使用物联网建立产品真伪辨识数据模块的系统,以及物联网系统具有实时回复产品真伪的功能,同时可以进一步查询真品的生产履历的物联网系统。The invention relates to a system for cloud service application, in particular to a system for establishing a product authenticity identification data module using the Internet of Things, and the object network system has the function of authenticating the authenticity of the product in real time, and can further query the authentic product. The production experience of the IoT system.
背景技术Background technique
随着科技的快速发展与经济的结构巨变,传统「企业对企业」的竞争形态已演变为「供应链对供应链」的竞争局面。提升供应链信息整合功能,以改善物流效率及降低物流成本,是现今企业创造竞争力的重要课题。随着「无线射频识别」(Radio Frequency Identification,RFID)技术的进步,RFID已逐渐被采用于供应链活动与流程改造。With the rapid development of technology and the dramatic changes in the structure of the economy, the traditional "business-to-business" competition has evolved into a "supply chain to supply chain" competition. Improving the information integration function of the supply chain to improve logistics efficiency and reduce logistics costs is an important issue for companies to create competitiveness today. With the advancement of "Radio Frequency Identification (RFID) technology, RFID has gradually been adopted in supply chain activities and process transformation.
使用物联网的管理系统,有助于提高产业竞争力的两种特性因子分别为效率性与完整性。首先,就效率性而言,不只是在一定时间内把产品送至客户手中而已,还要加上在同时间内把不同的产品送至不同的客户手中的整合性配送方式。其次,就完整性而言,不只有提供产品的实体完整性,还要提供产品内容信息,包括产品的生产履历、产品是否为真品等。厂商为了提升这两种特性,必须要取得产品本身的实时信息,因此藉由物联网结合感测组件(例如:RFID、电子卷标)技术配合云端监控系统,即可协助消费者、企业与其伙伴(经销商),能够在第一时间提供产品的实时信息。The use of the IoT management system to improve the competitiveness of the industry is characterized by efficiency and integrity. First of all, in terms of efficiency, it is not only the delivery of the product to the customer within a certain period of time, but also the integrated delivery method that delivers different products to different customers in the same time. Secondly, in terms of completeness, not only the integrity of the product is provided, but also the product content information, including the production history of the product, whether the product is genuine or not. In order to improve these two characteristics, manufacturers must obtain real-time information of the product itself. Therefore, the Internet of Things can be used to assist consumers, enterprises and partners through the combination of sensing components (eg RFID, electronic label) technology and cloud monitoring system. (Distributor), able to provide real-time information on the product at the first time.
藉由配置在产品上的感测组件与云端监控系统所提供的实时信息,可提高顾客对于产品的完整性的满意度。产品的完整性不单只有实体产品的完整性,其产品内容的信息的提供,也是产品完整性的考虑方面。而且针对产品从原物料取得、产品制造过程至产品出厂之后,一直到顾客的手中,在这个 过程中,可以透过物联网对产品实时信息的掌控,实时提供消费者对所要购买的产品信息,可以对所要购买的产品质量或是真伪作进一步的评估。By providing real-time information provided by the sensing component and the cloud monitoring system on the product, the customer's satisfaction with the integrity of the product can be improved. The integrity of a product is not only the integrity of the physical product, but also the provision of information about its product content. And for the product from the original material, the product manufacturing process to the product after the factory, until the customer's hand, in this In the process, the real-time information of the product can be controlled through the Internet of Things, and the product information of the product to be purchased by the consumer can be provided in real time, and the quality or authenticity of the product to be purchased can be further evaluated.
能够形成上述这些应用,是因为物联网(Internet of Things;IOT)连接系统的建立。物联网是藉由一个高度整合的云端网络,将每个人与周遭的事物全部连接在一个网络内;例如:制造者、消费者、机器、生产原料、产品生产过程、物流管理、产品销售状况或者是消费习惯等,所有从产品制造到产品销售,进而到根据这些产品销售状况的大数据(big data),推断或预估出消费者的消费习惯等,都可以通过配置在产品上的感测组件(例如:RFID、电子卷标)与软件程序连接到物联网平台。同样的,物联网在效率和安全是最重要的二个关键条件,然而,效率和安全却是两个互相抵触的指标。因此,如何兼顾效率和安全是物流管理系统能否成功应用的关键。These applications can be formed because of the establishment of the Internet of Things (IOT) connection system. The Internet of Things connects all people and everything around them in a network through a highly integrated cloud network; for example: manufacturers, consumers, machines, production materials, product manufacturing processes, logistics management, product sales or It is the consumption habits, etc., all from product manufacturing to product sales, to big data based on the sales status of these products, inferring or estimating the consumer's consumption habits, etc., can be configured by sensing on the product. Components (eg RFID, electronic tag) and software programs are connected to the IoT platform. Similarly, the Internet of Things is the two most important conditions for efficiency and security. However, efficiency and security are two mutually contradictory indicators. Therefore, how to balance efficiency and safety is the key to the successful application of the logistics management system.
发明内容Summary of the invention
为了将上述的需求实际运用在企业运营上,本发明的主要目的在于提供一种使用物联网建立产品真伪辨识数据模块的系统,包括:产品,产品上配置一个产品标识符;读取装置,为具有无线通信功能的装置,且具有特定用户标识符及坐标定位装置,用以读取产品的产品标识符;云端装置,具有与读取装置通信的功能,藉由特定用户标识符确认读取装置为物联网中的装置;以及代理伺服装置,具有URL或URI及密码,并能与读取装置及云端装置通信,用以将读取装置所读取的产品的标识符、读取时间及读取位置直接传送至云端装置;其中,于确认读取装置的特定用户标识符为物联网中的读取装置后,读取装置将所读取的产品标识符、读取时间及读取位置讯息,只能经由URL或URI及密码与代理伺服装置通信,再由代理伺服装置与云端装置通信,并于云端装置中,根据产品标识符建立读取时间所对应的读取位置关系的产品真伪辨识数据模块。In order to practically apply the above requirements to enterprise operations, the main object of the present invention is to provide a system for establishing a product authenticity identification data module using the Internet of Things, comprising: a product, a product identifier configured on the product; a reading device, a device having a wireless communication function, and having a specific user identifier and coordinate positioning device for reading a product identifier of the product; the cloud device having a function of communicating with the reading device, confirming reading by a specific user identifier The device is a device in the Internet of Things; and a proxy server having a URL or a URI and a password, and capable of communicating with the reading device and the cloud device for using the identifier of the product read by the reading device, the reading time, and The reading position is directly transmitted to the cloud device; wherein, after confirming that the specific user identifier of the reading device is the reading device in the Internet of Things, the reading device reads the product identifier, reading time and reading position The message can only communicate with the proxy server via the URL or URI and password, and then the proxy server communicates with the cloud device and is in the cloud device. And establishing a product authenticity identification data module corresponding to the read position relationship corresponding to the reading time according to the product identifier.
经由本发明在物联网系统中所建立的产品真伪辨识数据模块,可以提供用户查询产品的真伪;此外,经由本发明使用代理伺服装置所建立的物联网系统,除了可以提高产品真伪辨识数据模块的安全性外;特别具备自我检修 的智能判断功能可增加系统稳定性及安全性,特别是当系统因不明原因故障或是在当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由本发明的安全认证来防止密码遭窜改或盗用,故可以确保物联网系统的安全性,也同时降低了系统运营的成本。The product authenticity identification data module established in the Internet of Things system of the present invention can provide the user with the authenticity of the product query; in addition, the object network system established by using the proxy server device according to the present invention can improve the authenticity identification of the product. Data module security; especially self-repair The intelligent judgment function can increase the stability and security of the system, especially when the system fails due to unknown reasons or when a hacker tampering, stealing or denying in the message transmission process, the security certification of the present invention can be used. Preventing password tampering or misappropriation can ensure the security of the IoT system and reduce the cost of system operation.
本发明的另一主要目的在于提供一种使用物联网建立产品真伪辨识数据模块的系统,包括:产品,其上配置一个产品标识符;云端装置,为具有无线通信功能的装置并已建立及储存至少一个产品的生产履历数据模块;读取装置,为具有无线通信功能的装置,具有特定用户标识符及坐标定位装置,用以读取产品的产品标识符并与云端装置通信,同时,已取得储存在云端装置中的产品生产履历数据模块的路径;以及代理伺服装置,具有URL或URI及密码,并能与读取装置及云端装置通信,用以将读取装置所读取的产品标识符、读取时间、读取位置及产品生产履历数据模块的路径直接传送至云端装置;其中,于确认读取装置的特定用户标识符为物联网中的读取装置后,读取装置将所读取的产品标识符、读取时间、读取位置及产品生产履历数据模块的路径讯息,只能经由该URL或URI及密码与代理伺服装置通信,再由代理伺服装置与云端装置通信,并于云端装置中,根据产品标识符建立以读取时间对应读取位置并加载产品生产履历数据的产品真伪辨识数据模块。Another main object of the present invention is to provide a system for establishing a product authenticity identification data module using the Internet of Things, comprising: a product on which a product identifier is configured; and a cloud device, which is a device having wireless communication function and has been established and a production history data module for storing at least one product; the reading device is a device having a wireless communication function, having a specific user identifier and a coordinate positioning device for reading the product identifier of the product and communicating with the cloud device, and Obtaining a path of a product production history data module stored in the cloud device; and a proxy server having a URL or a URI and a password, and capable of communicating with the reading device and the cloud device for identifying the product read by the reading device The path of the symbol, the read time, the read position, and the product production history data module is directly transmitted to the cloud device; wherein, after confirming that the specific user identifier of the reading device is the reading device in the Internet of Things, the reading device will The read product identifier, read time, read position, and path information of the product production history data module. The proxy server can only communicate with the proxy server via the URL or URI and password, and the proxy server communicates with the cloud device, and in the cloud device, the read position corresponding to the read position and the product production history data are loaded according to the product identifier. The product authenticity identification data module.
经由本发明在物联网系统中所建立的产品真伪辨识数据模块,可以提供用户查询产品的真伪外,还可以进一步与产品的生产履历数据连接,提供产品的生产履历数据;此外,经由本发明使用代理伺服装置所建立的物联网系统,除了可以提高产品真伪辨识数据模块的安全性外;特别具备自我检修的智能判断功能可增加系统稳定性及安全性,特别是当系统因不明原因故障或是在当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由本发明的安全认证来防止密码遭窜改或盗用,故可以确保物联网系统的安全性,也同时降低了系统运营的成本。同时,由于本物联网的系统可以经由可户的对产品真伪的查询过程中,云端装置可以有效地得知被查询产品的位置;因此,当客户端所要查询的产品经由物联网系统辨识出产品为伪品的评价后,即可以通过本发明的本物联网的系统知道此伪品所在的位置,例如:可以知道 伪品的坐标,或是知道此伪品在哪些区域出现最多,故可以实时的找出贩卖伪品的位置,让即制止伪品的贩卖,同样地,除可以有效的打击仿品或伪品贩卖的机率,增加品牌厂商或原厂销售的获利。The product authenticity identification data module established in the Internet of Things system according to the present invention can provide the user with the authenticity of the product, and can further connect with the production history data of the product to provide the production history data of the product; Inventing the Internet of Things system established by using the proxy servo device, in addition to improving the security of the product authenticity identification data module; especially the intelligent judgment function with self-repair can increase the stability and security of the system, especially when the system is unknown for unknown reasons. The failure or the hacker's tampering, misappropriation or denial in the message transmission process can prevent the password from being tampered with or stolen by the security authentication of the present invention, thereby ensuring the security of the Internet of Things system and also reducing The cost of system operation. At the same time, since the system of the Internet of Things can be in the process of querying the authenticity of the product, the cloud device can effectively know the location of the product being queried; therefore, when the product to be queried by the client identifies the product via the Internet of Things system After the evaluation of the fake product, the location of the fake product can be known by the Internet of Things system of the present invention, for example, it can be known The coordinates of the counterfeit, or knowing which areas of the fake appear most, so you can find out the location of selling fakes in real time, so as to stop the sale of fakes. Similarly, in addition to effectively copying fakes or fakes The probability of selling increases the profitability of brand manufacturers or original sales.
附图说明DRAWINGS
图1A是根据本发明所揭露的技术,表示物联网连接系统示意图;。1A is a schematic diagram showing an Internet of Things connection system in accordance with the disclosed technology.
图1B是根据本发明所揭露的技术,表示系物联网连接系统示意图;。FIG. 1B is a schematic diagram showing an Internet of Things connection system according to the disclosed technology; FIG.
图2是根据本发明所揭露的技术,表示使用物联网系统建立生产履历与产品生产履历查询系统的示意图。2 is a schematic diagram showing the establishment of a production history and product production history query system using an Internet of Things system in accordance with the disclosed technology.
图3A是根据本发明所揭露的技术,表示产品生产履历的文字内容示意图。3A is a schematic diagram showing the textual content of a product production history in accordance with the techniques disclosed herein.
图3B是根据本发明所揭露的技术,表示产品生产履历的文字与图案内容示意图。FIG. 3B is a schematic diagram showing the text and pattern contents of the product production history according to the technology disclosed in the present invention. FIG.
图3C是根据本发明所揭露的技术,表示产品生产履历的产品保固数据内容示意图。3C is a schematic diagram of product warranty data content representing a product production history in accordance with the techniques disclosed herein.
图4是根据本发明所揭露的技术,表示使用物联网建立生产履历及查询生产履历的流程图。4 is a flow chart showing the use of the Internet of Things to establish a production history and query production history in accordance with the disclosed technology.
图5是根据本发明所揭露的技术,表示使用物联网建立生产履历及查询生产履历的另一实施例流程图。FIG. 5 is a flow chart showing another embodiment of establishing a production history and querying a production history using the Internet of Things according to the technology disclosed in the present invention.
图6是根据本发明所揭露的技术,表示物联网系统在进行产品防伪功能的系统架构示意图。FIG. 6 is a schematic diagram of a system architecture for performing an anti-counterfeiting function of an Internet of Things system according to the disclosed technology.
图7是根据本发明所揭露的技术,表示第一种具有实时回复产品防伪功能的产品真伪辨识流程示意图。FIG. 7 is a schematic diagram showing the authenticity identification process of the first product with real-time reply product anti-counterfeiting function according to the technology disclosed by the present invention.
图8是根据本发明所揭露的技术,表示第二种具有实时回复产品防伪功能的产品真伪辨识流程示意图。FIG. 8 is a schematic diagram showing the process of authenticity identification of a second product having a real-time reply product anti-counterfeiting function according to the disclosed technology.
图9是根据本发明所揭露的技术,表示第三种具有实时回复产品防伪功能的产品真伪辨识流程示意图。FIG. 9 is a schematic diagram showing the process of authenticity identification of a third product with real-time reply product anti-counterfeiting function according to the disclosed technology.
具体实施方式 detailed description
为使本发明之目的、技术特征及优点,能更为相关技术领域人员所了解并得以实施本发明,在此配合所附图式,于后续之说明书阐明本发明的技术特征与实施方式,并列举较佳实施例进一步说明,然以下实施例说明并非用以限定本发明,且以下文中所对照的图式,系表达与本发明特征有关的示意。此外,在本发明如下的物联网架构说明中,客户端装置在执行不同的通讯目的时,客户端装置会有不同的装置名称,例如:客户端装置可以是个人计算机、笔记本计算机、智能型手机、智能型便携设备或者是智能型读取装置等。The present invention will be understood by those skilled in the relevant art, and the present invention will be described in the following description. The invention is further illustrated by the following examples, but the following examples are not intended to limit the invention, and the following drawings are intended to be illustrative of the features of the invention. In addition, in the following description of the Internet of Things architecture of the present invention, when the client device performs different communication purposes, the client device may have different device names, for example, the client device may be a personal computer, a notebook computer, or a smart phone. , smart portable devices or smart reading devices.
首先,请参考图1A,是本发明的物联网连接系统示意图。如图1A所示,物联网连接系统是由客户端装置(client device)100、云端装置(cloud device)500及至少一个代理装置(broker device)700所组成;其中,客户端装置100为一种具有无线或有线通信功能且具有特定用户标识符的装置;云端装置500,具有与客户端100通信的功能,藉由客户端100的特定用户标识符确认客户端装置100为物联网中的其中之一个客户端装置100;以及代理伺服装置700,具有其Uniform Resource Location(以下简称URL或网址)或Universal Resource Identifier(以下简称URI)及密码,并能与云端装置500通信;其中,本发明的物联网连接系统中,客户端装置100会有不同的装置名称,例如:客户端装置100可以是个人计算机、笔记本计算机、智能型手机、智能型便携设备或者是智能型读取装置等。First, please refer to FIG. 1A, which is a schematic diagram of the Internet of Things connection system of the present invention. As shown in FIG. 1A, the Internet of Things connection system is composed of a client device 100, a cloud device 500, and at least one broker device 700. The client device 100 is a client device 100. A device having a wireless or wired communication function and having a specific user identifier; the cloud device 500 having a function of communicating with the client 100, and confirming the client device 100 as one of the Internet of Things by the specific user identifier of the client 100 a client device 100; and a proxy server 700 having a Uniform Resource Location (hereinafter referred to as a URL or a web address) or a Universal Resource Identifier (hereinafter referred to as a URI) and a password, and capable of communicating with the cloud device 500; wherein the present invention In the networked connection system, the client device 100 may have different device names. For example, the client device 100 may be a personal computer, a notebook computer, a smart phone, a smart portable device, or an intelligent reading device.
在本发明的物联网连接系统中,客户端装置100可以是一种随时变动的浮动IP地址(Internet Protocol Address),也可以是一种固定IP的无线通信功能的装置(例如:个人计算机、笔记本计算机、智能型手机、智能型便携设备或者是智能型读取装置等),并且每一个客户端装置100都具有独特性的标识符(例如:制造厂商于出厂时所设定的编码;又例如:MAC Address等硬件数据),以便用来产生客户端装置100的通用唯一标识符(Universally Unique Identifier;缩写为uuid),用以检验系统健康程度、辨识客户端装置100身份或防止黑客侵入等。此外,在本发明的物联网连接系统中,云端装置500是一种固定式域名系统(Domain Name System;缩写为DNS),其具有服务器(sever)的功能并且具有与每一个客户端装置100进行无线通信 的功能,同时云端装置500至少是由接收/发射接口模块、数据处理模块及内存模块等装置所组成;因此,云端装置500已经记录着所有属于本发明物联网中的所有客户端的uuid并已储存在内存模块530中,形成数据库。再者,代理伺服装置700是一种可随时变动的浮动IP,其可以由云端装置产生URL或URI、账号及密码后,传递给客户端,其最主要的工作是将确认是为物联网中的客户端装置100所传送的编码数据串必须由所赋予的代理伺服装置700的IP网址传递,并在代理伺服装置700接收编码数据串后,直接传送出至云端装置500;特别要说明的是,代理伺服装置700在收到客户端装置所传送的数据串后,不做任何处理,而是将接收到的资料串直接传送出去,因而在代理伺服装置700处理的时间非常短,约为几个到几十个毫秒(ms)。在云端装置500收到代理伺服装置700的数据串后,再经过解碼后,才会对客户端装置100所传送的数据串进行处理。很明显的,在本发明的物联网连接系统中,在整个客户端装置100将数据串递给云端装置500的过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500被黑客攻击的机率,可以大幅度的提高物联网的安全性。In the Internet of Things connection system of the present invention, the client device 100 may be a floating IP address (Internet Protocol Address) that changes at any time, or may be a device for fixed IP wireless communication functions (for example, a personal computer or a notebook). a computer, a smart phone, a smart portable device, or a smart reading device, etc., and each client device 100 has a unique identifier (eg, a code set by the manufacturer at the factory; for example : Hardware data such as MAC Address) is used to generate a Universally Unique Identifier (uuid) of the client device 100 for verifying system health, identifying the identity of the client device 100, or preventing hacking. Further, in the Internet of Things connection system of the present invention, the cloud device 500 is a fixed domain name system (DNS), which has a server function and has a function with each client device 100. Wireless communication The function of the cloud device 500 is at least composed of a receiving/transmitting interface module, a data processing module and a memory module; therefore, the cloud device 500 has recorded all the uuids belonging to all clients in the Internet of Things of the present invention and has been stored. In the memory module 530, a database is formed. Furthermore, the proxy server 700 is a floating IP that can be changed at any time, and can be transmitted to the client by the cloud device after generating the URL or URI, the account number and the password, and the most important task is to confirm that it is for the Internet of Things. The encoded data string transmitted by the client device 100 must be transmitted by the IP address of the assigned proxy server 700, and after the proxy server 700 receives the encoded data string, it is directly transmitted to the cloud device 500; After receiving the data string transmitted by the client device, the proxy server 700 does not perform any processing, but directly transmits the received data string, so the processing time at the proxy server 700 is very short, about several To tens of milliseconds (ms). After the cloud device 500 receives the data string of the proxy server 700 and decodes it, the data string transmitted by the client device 100 is processed. Obviously, in the Internet of Things connection system of the present invention, in the process that the entire client device 100 transmits data to the cloud device 500, the cloud device 500 does not directly expose its own address, so the cloud device can be reduced. The probability of 500 being hacked can greatly improve the security of the Internet of Things.
而在本发明的物联网连接系统的较佳实施例中,可以将多个客户端装置100分为多个群组,每一个群组分别对应或配对至一个代理伺服装置700,故在本发明的物联网连接系统中,可以有多个代理伺服装置700,如图1B所示。当云端装置500判断其中一个代理伺服装置700遭受黑客攻击后,可以选择将被攻击的代理伺服装置700关闭,或再重新建立一个新的代理伺服装置700的URL或URI及密码,可以更确保本发明物联网的安全性。此外,在本发明的实施例中,代理伺服装置700是选择使用MQTT(Message Queuing Telemetry Transport)的通信标准(protocol)来做数据串的传送。由于MQTT是为了物联网而设计的协议,特别是基于发布/订阅模式的轻量级消息传输协议,其为IBM的Andy Stanford-Clark博士及Arcom公司的Arlen Nipper博士于1999年发明;最初是为大量计算能力有限且工作在低带宽、不可靠的网络的远程传感器和控制设备之间的通讯而设计的协议。因此,MQTT具有传输资料小且轻巧的优点,可以在带宽及速度上都有极大优势;也由于其所需要的网 络带宽是很低的,因而使得其所需要的硬件资源也是低的,故可以将物联网系统或是使用此物联网系统的各种商业运营系统(例如物流管理或是产品的生产履历的建立与查询或是产品真伪度的辨识等)之效率性提升;也因此可以有效地降低商业运营的成本。In the preferred embodiment of the Internet of Things connection system of the present invention, the plurality of client devices 100 can be divided into a plurality of groups, each group corresponding to or paired with a proxy server 700, so that the present invention In the Internet of Things connection system, there may be multiple proxy server devices 700, as shown in FIG. 1B. When the cloud device 500 determines that one of the proxy server devices 700 has been hacked, the proxy server 700 can be selected to be shut down, or the URL or URI and password of a new proxy server 700 can be re-established. Invent the security of the Internet of Things. Further, in the embodiment of the present invention, the proxy server 700 selects a communication protocol using MQTT (Message Queuing Telemetry Transport) to perform data string transmission. Because MQTT is a protocol designed for the Internet of Things, especially the lightweight messaging protocol based on the publish/subscribe model, which was invented by Dr. Andy Stanford-Clark of IBM and Dr. Arlen Nipper of Arcom in 1999; A protocol designed with a large amount of computing power and communication between remote sensors and control devices operating in low bandwidth, unreliable networks. Therefore, MQTT has the advantages of small transmission data and light weight, which can have great advantages in bandwidth and speed; also because of the network it needs. The bandwidth is very low, so the hardware resources required are low, so the IoT system or various commercial operating systems using the IoT system (such as logistics management or production history of products) can be established. The efficiency of the query or the identification of the authenticity of the product, etc.) can also effectively reduce the cost of commercial operations.
接着,详细说明本发明的物联网实际完成连接的过程及其方法。Next, the process and method of actually completing the connection of the Internet of Things of the present invention will be described in detail.
请继续参考图1A,首先,由客户端装置100向云端装置500进行登录(如图1A中的S1标示的通信方向),例如:客户端装置100通过https向云端装置500登录,以便启动物联网系统。接着,当云端装置500收到客户端装置100的请求后(如图1A中的S2标示的通信方向),云端装置500会先验证客户端装置100所使用的硬件uuid(如MAC Address)是否已经储存在云端装置500的数据库中;若确认客户端装置100所使用的硬件uuid(如MAC Address)Address已经储存在云端装置500的数据库时,则产生一个客户辩证码(client uuid);接着,云端装置500产生一对专属客户使用的密钥;在本发明的较佳实施例中,此密钥是使用RSM(Route Switch Module)非对称式密钥(Asymmetric Key);故可以产生出一对client_pub_key及client_pri_key;其中,RSM非对称式密钥具有解碼时间长,所以安全性高。此外,在另一较佳实施例中,云端装置500还可以选择性的产生一个客户端装置100专属的对称式密钥(Symmetric Key)client_share_key。故在本发明的较佳实施例中,可以选择性的将RSM非对称式密钥及对称式密钥配合使用;由于,对称式密钥具有译码时间短,相对地安全性较低,因此需要随时变动client_share_key,以确保安全性;为此,云端装置500还会进一步产生/设定一个变动的时间(share_key_expiry date time),藉由不定时的更改share_key_expiry date time来提升安全性;故当云端装置500侦测到随时变动的client_share_key已经超过了share_key_expiry date time设定变动的时间后,即会自动产生新的client_share_key,以确保安全性。当云端装置500在确认一个客户端装置100的硬件uuid(如MAC Addresss)数据与储存在数据库中相同时,则判断此客户端装置100为本物联网中的客户端,之后,云端装置500会将所产生的uuid及密钥等讯息回传至客户端装置 100(如图1A中的S3标示的标通信方向),这些回传至客户端装置100的讯息包括:client_uuid、sever_pub_key(此sever_pub_key即是client_pub_key;因为所有客户端装置100都会使用同一个pub_key,所以又可称为sever_pub_key)及client_pri_key。Referring to FIG. 1A, first, the client device 100 logs in to the cloud device 500 (such as the communication direction indicated by S1 in FIG. 1A). For example, the client device 100 logs in to the cloud device 500 through https to start the Internet of Things. system. Then, when the cloud device 500 receives the request from the client device 100 (such as the communication direction indicated by S2 in FIG. 1A), the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by the client device 100 has been Stored in the database of the cloud device 500; if it is confirmed that the hardware uuid (such as MAC Address) Address used by the client device 100 is already stored in the database of the cloud device 500, a client uuid is generated; then, the cloud The device 500 generates a pair of keys used by the exclusive client. In the preferred embodiment of the present invention, the key is an Asymmetric Key (RSM); thus, a pair of client_pub_keys can be generated. And client_pri_key; wherein the RSM asymmetric key has a long decoding time, so the security is high. In addition, in another preferred embodiment, the cloud device 500 can also selectively generate a symmetric key (client) key client_share_key specific to the client device 100. Therefore, in the preferred embodiment of the present invention, the RSM asymmetric key and the symmetric key can be selectively used together; since the symmetric key has a short decoding time and relatively low security, The client_share_key needs to be changed at any time to ensure security; for this reason, the cloud device 500 further generates/sets a change time (share_key_expiry date time), and improves the security by changing the share_key_expiry date time from time to time; After detecting that the client_share_key changed at any time has exceeded the time of the change of the share_key_expiry date time setting, the device 500 automatically generates a new client_share_key to ensure security. When the cloud device 500 confirms that the hardware uuid (such as MAC Addresses) data of a client device 100 is the same as that stored in the database, it is determined that the client device 100 is a client in the Internet of Things, and then the cloud device 500 will The generated uuid and key information is transmitted back to the client device. 100 (as indicated by the S3 communication direction in FIG. 1A), the messages transmitted back to the client device 100 include: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key; since all client devices 100 use the same pub_key, so Also known as sever_pub_key) and client_pri_key.
另外,若当云端装置500收到客户端装置100的请求后,云端装置500比对出客户端装置100所使用的硬件uuid(如MAC Address)并不在云端装置500的数据库中时,即判断此客户端装置100所使用的硬件uuid(如MAC Address)并非本物联网中的客户端装置100,则将此硬件uuid(如MAC Address)讯息储存在另一个数据库中,以便后续比对。特别要说明,S3通信方向的回传机制,一般而言,是不会有错误的,但是还是有发生错误的机制;例如,等待伺服器(Server)反映时间过久导致此次联机失败,则会再由客户端装置100重新执行一次,但是此时的云端装置500会判定此次的硬件uuid(如MAC Address)已经在数据库中被记录,因而还是会将此硬件uuid(如MAC Address)对应的uuid回传,此时,云端装置500所产生并回传给客户端装置100的一对密钥会更新。因此,即便有假的装置使用任何方法仿冒此客户端装置100的硬件uuid(如MAC Address)也无法取得相同密钥。换句话说,只会有一个确定的uuid能存活在系统中。In addition, if the cloud device 500 receives the request from the client device 100, and the cloud device 500 compares the hardware uuid (such as MAC Address) used by the client device 100 to the database of the cloud device 500, it is determined. If the hardware uuid (such as MAC Address) used by the client device 100 is not the client device 100 in the Internet of Things, the hardware uuid (such as MAC Address) message is stored in another database for subsequent comparison. In particular, the backhaul mechanism of the S3 communication direction is generally not erroneous, but there is still a mechanism for error; for example, if the server (Server) reflects the time too long and the connection fails, then It will be re-executed by the client device 100 again, but the cloud device 500 at this time determines that the hardware uuid (such as MAC Address) has been recorded in the database, and thus the hardware uuid (such as MAC Address) is still corresponding. The uuid is returned, at this time, a pair of keys generated by the cloud device 500 and transmitted back to the client device 100 are updated. Therefore, even if a fake device uses any method to spoof the hardware uuid (such as MAC Address) of the client device 100, the same key cannot be obtained. In other words, only a certain uuid can survive in the system.
接着,如图1A中的S4标示的通信方向,当客户端装置100以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https“要求”取得client_share_key、share_key_expiry date time、MQTT_Broker的URL或URI及MQTT_Broker账号及密码(username/password);而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将client_share_key、share_key_expiry date time、MQTT_Broker的URL或URI及MQTT_Broker账号及密码等以client_pub_key编码后回传至客户端装置100(如图1A中的S5标示的通信方向)。此外,本发明可以进一步将另一个代理伺服装置700’的URL或URI、账号及密码编码后回传至客户端装置100中储存;以作为后续云端装置500将讯息传递给客 户端装置100时,即可以经过此代理伺服装置700’的路径与客户端装置100连接及通信。Next, as shown in the communication direction indicated by S4 in FIG. 1A, when the client device 100 uses the encoded client_uuid (ie, client_uuid will be garbled according to sever_pub_key), the URL of the client_share_key, share_key_expiry date time, MQTT_Broker, or URI is obtained through https "request". And the MQTT_Broker account and password (username/password); and when the cloud device 500 receives the cryptographic code client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes client_share_key, share_key_expiry date time, MQTT_Broker's URL or URI, and MQTT_Broker account and password, etc., with client_pub_key, and then transmits it back to client device 100 (as indicated by S5 in Figure 1A). In addition, the present invention can further encode the URL or URI, account number and password of another proxy server 700' and send it back to the client device 100 for storage; as a subsequent cloud device 500, the message is delivered to the client. The client device 100 can communicate and communicate with the client device 100 via the path of the proxy server 700'.
此外,在本发明的一个较佳实施例中,MQTT_Broker的URL或URI、账号及密码可以选择分两次取得;例如,第一次(如图1A中的S4标示的通信方向),客户端装置100以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https“要求”取得client_share_key、share_key_expiry date time及MQTT_Broker的URL或URI;而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将client_share_key、share_key_expiry date time及MQTT_Broker的URL或URI等以client_pub_key编码后回传至客户端装置100(如图1A中的S5标示的通信方向)。第二次(如图1A中的S6标示的通信方向),客户端装置100再以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码),通过https“要求”取得MQTT_Broker账号及密码;而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将MQTT_Broker账号及密码等以client_pub_key编码后回传至客户端装置100(如图1A中的S7标示的通信方向)。特别要说明的,第一次及第二次所要取得的内容中,只要求将MQTT_Broker的URL或URI、账号及密码分两次取得,其他并不加以限制。In addition, in a preferred embodiment of the present invention, the URL or URI, account number and password of the MQTT_Broker can be selected to be obtained twice; for example, the first time (the communication direction indicated by S4 in FIG. 1A), the client device 100, after the encoded client_uuid (that is, client_uuid will be garbled according to sever_pub_key), obtain the URL or URI of client_share_key, share_key_expiry date time and MQTT_Broker through https "requirement"; and when the cloud device 500 receives the client_uuid converted into garbled code, it will The sever_pri_key is decoded to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the client_share_key, the share_key_expiry date time, and the URL or URI of the MQTT_Broker with the client_pub_key, and then transmits the result to the client device 100 (for example, The communication direction indicated by S5 in Fig. 1A). The second time (as indicated by the communication direction indicated by S6 in FIG. 1A), the client device 100 further obtains the MQTT_Broker account and password through the https "request" by using the encoded client_uuid (ie, client_uuid will be garbled according to sever_pub_key); After receiving the garbled client_uuid, the cloud device 500 decodes according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the MQTT_Broker account and password with the client_pub_key and returns the code. To the client device 100 (the communication direction indicated by S7 in FIG. 1A). In particular, the first and second time to obtain the content, only the MQTT_Broker URL or URI, account number and password are required to be obtained twice, the other is not limited.
很明显地,在客户端装置100与云端装置500进行辨识与确认的过程中,所使用的https是属于混合型密码防骇、安全通讯协议(Secure Sockets Layer;SSL)或传输层安全协议(Transport Layer Security;TLS),其本身属于公认的安全协议,且云端装置500端所需要有的公认凭证,可以由客户端装置100端藉由认证中心的数字签名来确认讯息是否由云端装置500直接传出;因此,当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由这些安全认证来防止密码遭窜改或盗用。Obviously, in the process of identifying and confirming the client device 100 and the cloud device 500, the https used is a hybrid password security protocol, a secure communication protocol (Secure Sockets Layer (SSL), or a transport layer security protocol (Transport). Layer Security; TLS), which is a recognized security protocol itself, and the recognized credentials required by the cloud device 500, can be confirmed by the client device 100 by the digital signature of the authentication center to confirm whether the message is directly transmitted by the cloud device 500. Therefore, when a hacker tampering, misappropriating or denying the message transmission process, these security certificates can be used to prevent password tampering or misappropriation.
接着,如图1A中的S8标示的通信方向,当客户端装置100自云端装置 500取得相关数据后,客户端装置100随即会与代理伺服装置700进行连接;但在进行与连接代理伺服装置700前,必须确认所收到的讯息必须完整,此完整的讯息包括:1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker的URL或URI;4.MQTT_Broker username/password;5.client_Share_key;6.Share_key_expiry date time。当客户端装置100在确认收到完整的讯息后,会使用client_share_key将client_uuid及客户端装置100所要传给云端的数据内容(data involved)进行编码后,再上传至代理伺服装置700(即MQTT Broker)。Next, the communication direction indicated by S8 in FIG. 1A, when the client device 100 is from the cloud device After obtaining the relevant data, the client device 100 will then connect with the proxy server 700; however, before proceeding with the proxy server 700, it must be confirmed that the received message must be complete. The complete message includes: 1. Sever_pub_key ; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password;5.client_Share_key;6.Share_key_expiry date time. After the client device 100 confirms receipt of the complete message, it uses the client_share_key to encode the client_uuid and the data content to be transmitted to the cloud by the client device 100, and then uploads it to the proxy server 700 (ie, MQTT Broker). ).
在本发明的较佳实施例中,客户端装置100会进一步检查Share_key_expiry date time的时效是否已经到期(例如:到期日为2015/0501);如果已经过了Share_key_expiry date time的时效时(例如:检查期日的结果为2015/0502),则客户端装置100会重新以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码),通过https要求取得新的share_key_expiry date time讯息;而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将新的share_key_expiry date time以client_pub_key编码后回传至客户端装置100。此外,为增加安全性,share_key_expiry date time所设定的时间可以是周期性的,也可以是随机变量的,可以由云端装置500决定。In a preferred embodiment of the present invention, the client device 100 further checks whether the aging of the Share_key_expiry date time has expired (eg, the expiration date is 2015/0501); if the aging of the Share_key_expiry date time has elapsed (eg : The result of the check date is 2015/0502), the client device 100 will re-encode the client_uuid (ie, client_uuid will be garbled according to sever_pub_key), and obtain a new share_key_expiry date time message through https; and when the cloud device 500 After receiving the hacked client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the new share_key_expiry date time with the client_pub_key and sends it back to the client. Device 100. In addition, for increasing security, the time set by the share_key_expiry date time may be periodic or random, and may be determined by the cloud device 500.
当客户端装置100在确认已收到完整的讯息后,此时客户端装置100已经知道代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码,故客户端装置100可以将编码的client_uuid及数据串(例如:产品的生产履历等)上传至代理伺服装置700(如图1A中的S8标示的通信方向);接着,代理伺服装置700在收到客户端装置100所上传的编码client_uuid及数据串(例如:产品的生产履历等)后,随即将客户端装置100所上传的讯息直接(也就是说,不做任何处理)传送给云端装置500端;很明显地,整个物联网在客户端装置100将其讯息串递给云端装置500的过程中,云端装置500 并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率。由于代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500,由于在代理伺服装置700处理的时间非常短,故可以降低代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码被破解的机率,可以更增加物联网通信过程的安全性。After the client device 100 confirms that the complete message has been received, at this time, the client device 100 already knows the URL or URI of the MQTT_Broker of the proxy server 700 and the MQTT_Broker account and password, so the client device 100 can encode the client_uuid and The data string (for example, the production history of the product, etc.) is uploaded to the proxy server 700 (as indicated by S8 in FIG. 1A); then, the proxy server 700 receives the encoded client_uuid and data uploaded by the client device 100. After the string (for example, the production history of the product, etc.), the message uploaded by the client device 100 is directly transmitted (that is, without any processing) to the cloud device 500; obviously, the entire Internet of Things is at the client. The device 100 forwards its message to the cloud device 500, and the cloud device 500 It does not directly expose its own address, so it can reduce the probability of cloud device 500 failure or hacking. Since the proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, since the time processed by the proxy server 700 is very short, the URL or URI of the MQTT_Broker and the MQTT_Broker account of the proxy server 700 can be reduced. The probability that the password is cracked can increase the security of the IoT communication process.
接着,如图1A中的S9标示的通信方向,云端装置500在接收到代理伺服装置700所直接传送的数据(即经过编码后的client_uuid及数据串)后,随即使用client_share_key进行译码(Decode),并且会验证所收到的client_uuid及数据串(例如:产品的生产履历等)是否完整及正确;如果正确时,则再储存至内存模块530中,等待用户将这些收到的数据串(例如:产品的生产履历等)进行特定的应用;例如:建立至少一个产品的生产履历数据库;若验证所收到的client_uuid及数据串不完整或不正确时,则进行记录。要说明的是,要验证出不正确的讯息的目的,是可以由物联网系统藉着人工智能作深度学习或人为增加、更改或修正的验证机制,来防止或降低被骇成功的机率。在本实施例中,不正确的讯息包括,例如:(1)由网络爬虫抓取新闻发现当下某些商品的伪品猖獗;又亦或是(2)程序一开始便设定的同一个client_uuid,竟然在同一时间出现在两个完全不同的地方,此时物联网系统会通知公司稽查人员或提出警告,而稽查人员可做出的处置方式至少有观察或忽略等动作,达到事先预警及防骇的功效;又亦或是(3)装置500本身持续受到某特定代理伺服装置700传送可疑信息时,例如:不明的client_uuid信息时;当不正确的讯息持续出现时,则判断代理伺服装置700可能故障或被黑客攻击,则云端装置500可以选择关闭此代理伺服装置700(如第1A图中的S10标示的通信方向)。Next, as shown in the communication direction indicated by S9 in FIG. 1A, the cloud device 500 receives the data directly transmitted by the proxy server 700 (ie, the encoded client_uuid and the data string), and then uses the client_share_key for decoding (Decode). And will verify that the received client_uuid and data string (for example: product production history, etc.) are complete and correct; if correct, then store it in memory module 530, waiting for the user to receive the received data string (for example : Product production history, etc.) for specific applications; for example: establishing a production history database for at least one product; if the verification of the received client_uuid and the data string is incomplete or incorrect, then the recording is performed. It should be noted that the purpose of verifying an incorrect message is to prevent or reduce the chances of being successfully succeeded by the IoT system through artificial intelligence for deep learning or artificially added, modified or modified verification mechanisms. In this embodiment, the incorrect message includes, for example: (1) crawling the news by the web crawler to find the fake product of the current product; or (2) setting the same client_uuid at the beginning of the program. At the same time, it appears in two completely different places. At this time, the Internet of Things system will notify the company's inspectors or provide warnings, and the methods that the inspectors can make at least observe or ignore actions to achieve advance warning and prevention. The effect of the device; or (3) when the device 500 itself continues to be transmitted by the specific proxy server 700, for example, when the client_uuid message is unknown; when the incorrect message continues to occur, the proxy server 700 is determined. The cloud device 500 may choose to turn off the proxy server 700 (such as the communication direction indicated by S10 in FIG. 1A) if it is faulty or hacked.
在本发明的实施例中,client_share_key编码方式可以配合哈希函数来防止窜改,其中哈希函数可以选择MD5、SHA-1或SHA-256等。同时,client_share_key也可以配合不同的译码(decode)方式,例如:区块密码、串流密码、ECB模式或是前述的混合方法等,除了可以更有效的提高破解难度外,还可以不损失解碼时间。 In the embodiment of the present invention, the client_share_key encoding mode can be combined with a hash function to prevent tampering, wherein the hash function can select MD5, SHA-1, SHA-256, and the like. At the same time, client_share_key can also cooperate with different decoding methods, such as: block cipher, stream cipher, ECB mode or the aforementioned hybrid method, in addition to more effective to improve the cracking difficulty, without loss of decoding time.
请参考图1B,是本发明的物联网连接系统的另一个实施例的示意图。如图1B所示,物联网连接系统是由多个客户端装置100所组成、云端装置500及至少一个代理装置700所组成;其中,每一个客户端装置100均为具有无线通信功能且具有特定用户标识符的装置;云端装置500,具有与每一个客户端装置100通信的功能,藉由每一个客户端装置100各自独有的特定用户标识符来确认客户端装置100为物联网中的其中之一个客户端装置100;代理伺服装置700,具有其URL或URI及密码,并能与云端装置500通信。由于图1B的实施例与图1A的实施例在基本连接的系统是相同的,而两者之间的差异仅在于,云端装置500提供每一个代理伺服装置700的URL或URI、账号及密码予至少一个物联网中的客户端装置100并形成配对后,这些被配对后的客户端装置100只能与配对的代理伺服装置700通信,并再由代理伺服装置700与云端装置500通信,以便将每一个客户端装置100上的数据串传至云端装置500中。故图1B的物联网实际完成连接的过程简要说明如下。Please refer to FIG. 1B, which is a schematic diagram of another embodiment of the Internet of Things connection system of the present invention. As shown in FIG. 1B, the Internet of Things connection system is composed of a plurality of client devices 100, a cloud device 500 and at least one proxy device 700; wherein each client device 100 has a wireless communication function and has a specific The device of the user identifier; the cloud device 500 has a function of communicating with each client device 100, and confirms that the client device 100 is in the Internet of Things by a specific user identifier unique to each client device 100. One of the client devices 100; the proxy server 700 has its URL or URI and password, and can communicate with the cloud device 500. Since the embodiment of FIG. 1B is the same as the embodiment of FIG. 1A in the basically connected system, the only difference between the two is that the cloud device 500 provides the URL or URI, account number and password of each proxy server 700. After the client devices 100 in at least one Internet of Things are paired, the paired client devices 100 can only communicate with the paired proxy server 700, and then the proxy server 700 communicates with the cloud device 500 to The data string on each client device 100 is transmitted to the cloud device 500. Therefore, the process of actually completing the connection of the Internet of Things in FIG. 1B is briefly described as follows.
请继续参考图1B,首先,每一个客户端装置100各自经过https向云端装置500进行登录。接着,当云端装置500分别收到每一个客户端装置100的请求后,云端装置500会先验证每一个客户端装置100所使用的硬件uuid(如MAC Address)是否已经储存在云端装置500的数据库中;若确认每一个客户端装置100所使用的硬件uuid(如MAC Address)都已经储存在云端装置500的数据库时,则分别产生每一位客户各自的辩证码(client uuid);接着,云端装置500根据每一个客户端装置100产生一对专属客户使用的密钥;当云端装置500判断每一个客户端装置100均为本物联网中的客户端之后,云端装置500会将所产生的每一个uuid及密钥等讯息回传至相应的每一个客户端装置100中,这些回传至每一个客户端装置100的讯息包括:client_uuid、sever_pub_key及client_pri_key。Referring to FIG. 1B, first, each client device 100 logs in to the cloud device 500 via https. Then, after the cloud device 500 receives the request of each client device 100, the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by each client device 100 has been stored in the database of the cloud device 500. If it is confirmed that the hardware uuid (such as MAC Address) used by each client device 100 has been stored in the database of the cloud device 500, each client's respective dialect code (client uuid) is generated; then, the cloud The device 500 generates a pair of keys used by the exclusive client according to each client device 100. After the cloud device 500 determines that each client device 100 is a client in the Internet of Things, the cloud device 500 will generate each of the generated devices. The information such as uuid and key is transmitted back to each of the corresponding client devices 100, and the messages transmitted back to each client device 100 include: client_uuid, sever_pub_key, and client_pri_key.
接着,每一个客户端装置100可以将其编码后的client_uuid通过https“要求”取得client_share_key、share_key_expiry date time、MQTT_Broker的URL或URI及MQTT_Broker账号及密码(username/password);而当云端装置500收到转成乱码的client_uuid后,即会根据各自的sever_pri_key 进行译码,以确认收到的每一个client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将client_share_key、share_key_expiry date time、MQTT_Broker的URL或URI及MQTT_Broker账号及密码等以client_pub_key编码后回传至客户端装置100。例如:将代理装置(Broker-1)的URL或URI、账号及密码回传给Client-1~Client-5;将代理装置(Broker-2)的URL或URI、账号及密码回传给Client-6~Client-15;将代理装置(Broker-3)的URL或URI、账号及密码回传给Client-16~Client-50;很明显的,本物联网已经将50个各别的客户端装置100分别配对由3个代理伺服装置700来与云端装置500通信。接着,当每一个客户端装置100各自透过云端装置500取得相关数据后,客户端装置100随即会与其所获得的配对的代理伺服装置700进行连接;同时,当每一个客户端装置100确认其由云端装置500所收到的讯息已包括:1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker的URL或URI;4.MQTT_Broker username/password;5.Client_Share_key;6.Share_key_expiry date time后,会使用client_share_key将client_uuid及此客户端装置100所要传给云端的数据内容进行编码后,再上传至代理伺服装置700(即MQTT Broker)。Then, each client device 100 can obtain the client_share_key, share_key_expiry date time, MQTT_Broker URL or URI, and MQTT_Broker account and password (username/password) through the https "request" of the encoded client_uuid; and when the cloud device 500 receives After turning into garbled client_uuid, it will be based on the respective sever_pri_key Decoding to confirm whether each client_uuid received is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the client_share_key, the share_key_expiry date time, the URL or URI of the MQTT_Broker, and the MQTT_Broker account and password with the client_pub_key. Transfer to the client device 100. For example: return the URL or URI, account number and password of the proxy device (Broker-1) to Client-1 to Client-5; return the URL or URI, account number and password of the proxy device (Broker-2) to the client- 6~Client-15; return the URL or URI, account number and password of the proxy device (Broker-3) to Client-16~Client-50; obviously, the Internet of Things has 50 separate client devices 100 The pairing is performed by the three proxy server devices 700 to communicate with the cloud device 500. Then, after each client device 100 obtains relevant data through the cloud device 500, the client device 100 will then connect with the paired proxy server 700 obtained by the client device 100; meanwhile, when each client device 100 confirms its The message received by the cloud device 500 already includes: 1.Sever_pub_key; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password; 5.Client_Share_key; 6.Share_key_expiry date time, will use client_share_key The client_uuid and the data content to be transmitted to the cloud by the client device 100 are encoded and then uploaded to the proxy server 700 (ie, the MQTT Broker).
由于,当每一个客户端装置100在确认已收到完整的讯息后,此时客户端装置100已经知道其所配对的代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码,故客户端装置100可以将编码client_uuid及讯息串(例如:产品的生产履历等)上传至配对的代理伺服装置700;接着,每一个代理伺服装置700在收到配对的客户端装置100所上传的编码client_uuid及讯息串(例如:产品的生产履历等)后,随即将客户端装置100所上传的讯息直接(也就是说,不做任何处理)传送给云端装置500端;很明显地,整个物联网在客户端装置100将其讯息串递给云端装置500的过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500被故障或黑客攻击的机率。由于每一个代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500,由于在代理伺服装置700处理的时间非常短,故可以降低代理伺服装置700的MQTT_Broker的URL或URI及 MQTT_Broker账号及密码被破解的机率,可以更增加物联网通信过程的安全性。接着,云端装置500在接收到每一个代理伺服装置700所直接传送的数据(即经过编码后的client_uuid及数据串)后,随即使用每一个client_share_key进行译码,并且会验证所收到的client_uuid及数据串(例如:产品的生产履历等)是否完整及正确;如果正确时,则再储存至内存模块530中,等待用户将这些收到的数据串进行特定的应用;例如:建立至少一个产品的生产履历数据库;若验证所收到的client_uuid及数据串不完整或不正确时,则进行记录;在本实施例中,不正确讯息的产生可能包括:每一个client发布信息频率有一定的规律性,如若产生某client以不正常或过多频率来发布的信息,则视为不正确的讯息;或代理伺服装置700本身频率发布信息非经MQTT方式,而试图连接云端装置500等;当不正确的讯息持续出现时,则判断代理伺服装置700可能被故障或黑客攻击;则云端装置500可以选择关闭此一代理伺服装置700。Because, when each client device 100 confirms that the complete message has been received, at this time, the client device 100 already knows the URL or URI of the MQTT_Broker and the MQTT_Broker account and password of the proxy server 700 it is paired with, so the client The device 100 may upload the encoded client_uuid and the message string (for example, the production history of the product, etc.) to the paired proxy server 700; then, each proxy server 700 receives the encoded client_uuid uploaded by the paired client device 100 and After the message string (for example, the production history of the product, etc.), the message uploaded by the client device 100 is directly transmitted (that is, without any processing) to the cloud device 500; obviously, the entire Internet of Things is in the client. When the end device 100 passes the message to the cloud device 500, the cloud device 500 does not directly expose its own address, so the probability that the cloud device 500 is damaged or hacked can be reduced. Since each proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, since the time processed by the proxy server 700 is very short, the URL or URI of the MQTT_Broker of the proxy server 700 can be reduced. The probability of the MQTT_Broker account and password being cracked can increase the security of the IoT communication process. Then, after receiving the data directly transmitted by each proxy server 700 (ie, the encoded client_uuid and the data string), the cloud device 500 then decodes each client_share_key and verifies the received client_uuid and Whether the data string (for example, the production history of the product, etc.) is complete and correct; if it is correct, it is stored in the memory module 530, waiting for the user to perform the specific application of the received data string; for example, establishing at least one product The production history database; if the received client_uuid and the data string are incomplete or incorrect, the recording is performed; in this embodiment, the generation of the incorrect message may include: the frequency of each client publishing information has a certain regularity. If the information published by the client is abnormal or excessive frequency is generated, it is regarded as an incorrect message; or the proxy server 700 itself publishes the information without the MQTT method, and attempts to connect to the cloud device 500, etc.; When the message continues to appear, it is judged that the proxy server 700 may be damaged or hacked; then the cloud device 5 00 can optionally turn off this proxy server 700.
综合上述,本发明之物联网连接系统的主要技术手段,是在云端装置500确认每一个客户端装置100均为本物联网的用户后,云端装置500会将代理伺服装置700的MQTT_Broker的URL或URI、MQTT_Broker账号及密码回传给每一个客户端装置100,之后,每一个客户端装置100根据所收到的MQTT_Broker的URL或URI、MQTT_Broker账号及密码与代理伺服装置700连接,并且将每一个客户端装置100所要传送的数据串(例如:产品的生产履历等)编码后,一起上传至代理伺服装置700;接着,代理伺服装置700在不对客户端装置100传送的数据串(例如:产品的生产履历等)进行处理的状况下,直接将客户端装置100传送的数据串传递至云端装置500进行译码及处理。很明显的,本发明的物联网连接系统分为两个阶段进行连接,并且在第一阶段完成客户端装置100的辨识后,客户端装置100在第二阶段中,只能与代理伺服装置700连接;由于第一阶段是在客户端装置100进行连接之前就已完成,故当客户端装置100正式的传递数据串时,均只能与代理伺服装置700连接及通信;因此,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率,可以有效的提高物联网连 接系统的安全性。很明显的,本发明的物联网连接系统也具备了自我检修的智能判断功能,因此可以增加系统稳定性及安全性;例如:特别是当系统因不名原因故障或是在当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由本发明的安全认证来防止密码遭窜改或盗用;故可以确保物联网系统的安全性。In summary, the main technical means of the Internet of Things connection system of the present invention is that after the cloud device 500 confirms that each client device 100 is a user of the Internet of Things, the cloud device 500 will use the URL or URI of the MQTT_Broker of the proxy server 700. The MQTT_Broker account number and password are transmitted back to each client device 100. Thereafter, each client device 100 is connected to the proxy server 700 according to the received URL or URI of the MQTT_Broker, the MQTT_Broker account and the password, and each client is connected. The data string to be transmitted by the end device 100 (for example, the production history of the product, etc.) is encoded and uploaded together to the proxy server 700; then, the proxy server 700 does not transmit the data string to the client device 100 (for example, production of the product) In the case where the processing is performed, the data string transmitted from the client device 100 is directly transmitted to the cloud device 500 for decoding and processing. It is obvious that the Internet of Things connection system of the present invention is connected in two stages, and after the identification of the client device 100 is completed in the first stage, the client device 100 can only interact with the proxy server 700 in the second phase. Connection; since the first phase is completed before the client device 100 performs the connection, when the client device 100 officially transmits the data string, it can only connect and communicate with the proxy server 700; therefore, the cloud device 500 It will not directly expose its own address, so it can reduce the probability of cloud device 500 failure or being hacked, which can effectively improve the Internet of Things. Connect the security of the system. Obviously, the IoT connection system of the present invention also has the self-checking intelligent judgment function, thereby increasing system stability and security; for example, especially when the system fails due to a nameless or when a hacker is in the message When the transfer process is falsified, stolen or denied, the security authentication of the present invention can be used to prevent the password from being tampered with or stolen; thus, the security of the Internet of Things system can be ensured.
再接着,进一步说明本发明使用物联网系统建立产品生产履历与产品生产履历查询系统的实施方式。Next, the implementation of the product production history and product production history query system using the Internet of Things system of the present invention will be further described.
请参考图2,为本发明所揭露的使用物联网系统建立生产履历与产品生产履历查询系统的实施例示意图。如图2所示,客户端装置100可以是制造商端的读取装置,可以将产品的从每一个制造步骤一直到运送到卖场的整个生产及运送历程,以时间轴作为产品生产履历内容的要项记录之后,在完成图1A或图1B中的S1-S7的确认后(即已经确认每一个客户端装置100均为物联网中的其中一个客户端装置100,并且每一个客户端装置100已经取得所要连接的代理伺服装置700的URL或URI及密码),客户端装置100即可以将生产历程的内容数据经过编码后,传递至代理伺服装置700,而代理伺服装置700在收到这些讯息后,代理伺服装置700在不对客户端装置100传送的数据串(例如:产品的生产履历等)进行处理的状况下,直接将客户端装置100传送的数据串传递至云端装置500进行译码及处理,以便在云端装置500的内存模块530中建立一个生产履历数据库,此生产履历数据库可以记载每一个产品从每一个制造步骤一直到运送到卖场的整个生产历程;由于客户端装置100在传递生产履历的数据至云端装置500时,均只能与配对的代理伺服装置700连接及通信;因此,在整个生产履历数据库建立的过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率,可以有效的提高物联网建立生产履历数据库的安全性。此外。本发明的读取装置可以是以网关(Gateway)身分与云端装置500通信,其通信的方式是以http混合代理伺服装置(MQTT)的动态通信模式与云端装置500连接;藉此方式,用以降低云端装置500故障或被黑客攻击成功的机会,因此可以确保达到通信安全、稳定、隐私及快速等目的。 Please refer to FIG. 2 , which is a schematic diagram of an embodiment of establishing a production history and product production history query system using the Internet of Things system according to the present invention. As shown in FIG. 2, the client device 100 can be a manufacturer-side reading device, which can take the entire production and delivery process of the product from the manufacturing step to the delivery to the store, and use the time axis as the production history of the product. After the item is recorded, after the confirmation of S1-S7 in FIG. 1A or FIG. 1B is completed (ie, it has been confirmed that each of the client devices 100 is one of the client devices 100 in the Internet of Things, and each of the client devices 100 has already After obtaining the URL or URI and password of the proxy server 700 to be connected, the client device 100 can encode the content data of the production process and then transmit the content data to the proxy server 700, and the proxy server 700 receives the messages. The proxy server 700 directly transmits the data string transmitted by the client device 100 to the cloud device 500 for decoding and processing without processing the data string (for example, the production history of the product) transmitted by the client device 100. In order to establish a production history database in the memory module 530 of the cloud device 500, the production history database can record each product from A manufacturing process continues until the entire production process of the delivery to the store; since the client device 100 transmits the data of the production history to the cloud device 500, it can only connect and communicate with the paired proxy server 700; therefore, the entire production history During the process of establishing the database, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the security of the production history database can be effectively improved. Also. The reading device of the present invention may communicate with the cloud device 500 in the form of a gateway, and the communication mode is connected to the cloud device 500 by a dynamic communication mode of the http hybrid proxy server (MQTT); Reduce the chances of the cloud device 500 failing or being successfully attacked by a hacker, thus ensuring communication security, stability, privacy, and speed.
接着,说明本发明所揭露的物联网产品生产履历的查询系统的实施方式。请再参考图2,当物联网已在云端装置500的内存模块530中建立了产品生产履历数据库后,云端装置500可以根据用户的要求(此使用者已经过确认为登录的使用者,例如:智能型手机),将其所要查询产品的生产履历、生产履历数据的类型(即选择文字、图片、语音或是影片等)或是保固数据,透过S11标示的通信方向,由另一个代理伺服装置700’传递至用户的通讯装置100上显示。由于云端装置500已经将代理伺服装置700’的的URL或URI、账号及密码传送至用户的通讯装置100,故当云端装置500要将产品的生产履历或是保固数据传递给用户时,同样的,其均只能经过代理伺服装置700’的的URL或URI、账号及密码与代理伺服装置700’连接及通信;因此,在云端装置500将用户所要查询的产品的生产履历或是保固数据等讯息传送到用户的智能型手机上的整个过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率,可以有效的提高物联网生产履历数据库的安全性。Next, an embodiment of an inquiry system for the production history of the Internet of Things product disclosed in the present invention will be described. Referring to FIG. 2, after the Internet of Things has established the product production history database in the memory module 530 of the cloud device 500, the cloud device 500 can be based on the user's request (the user has confirmed that the user is logged in, for example: Smart phone), the production history of the product to be queried, the type of production history data (ie, select text, picture, voice or video) or warranty data, through the communication direction indicated by S11, by another agent servo The device 700' is delivered to the user's communication device 100 for display. Since the cloud device 500 has transmitted the URL or URI, account number and password of the proxy server 700' to the user's communication device 100, when the cloud device 500 wants to transmit the production history or warranty data of the product to the user, the same Each of them can only connect and communicate with the proxy server 700' via the URL or URI, account number and password of the proxy server 700'; therefore, the cloud device 500 will record the production history or warranty data of the product to be queried by the user. During the whole process of transmitting the message to the user's smart phone, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the Internet of Things production history database can be effectively improved. Security.
很明显的,本发明的物联网产品生产履历的查询系统在特定用户标识符确认客户端装置100为物联网中的其中之一个客户端装置100后,客户端装置100将所要查询的产品数据只能经由代理伺服装置700的URL或URI及密码与代理伺服装置700’通信,再由代理伺服装置700直接与云端装置500通信,以便在云端装置500将客户端装置100所要查询的产品数据与产品生产履历数据库进行比对后,云端装置500并将产品生产履历数据库中的讯息只能经由另一个代理伺服装置700’的URL或URI及密码与代理伺服装置700’通信,以便由代理伺服装置700’将产品生产履历数据库中的讯息传送至客户端装置100。Obviously, after the specific user identifier confirms that the client device 100 is one of the client devices 100 in the Internet of Things, the client device 100 will only query the product data to be queried only after the specific user identifier confirms that the client device 100 is one of the client devices 100 in the Internet of Things. The proxy server 700 can communicate with the proxy server 700' via the URL or URI and password of the proxy server 700, and the proxy server 700 directly communicates with the cloud device 500 to view the product data and products to be queried by the client device 100 in the cloud device 500. After the production history database is compared, the cloud device 500 and the message in the product production history database can communicate with the proxy server 700' via the URL or URI and password of the other proxy server 700' so that the proxy server 700 can be used. 'Transfer the message in the product production history database to the client device 100.
而在本发明的一较佳实施例中,还可以进一步在以时间轴作为产品生产履历内容的要项记录中,建立详细的内容型态记录,此详细的内容型态可以使用如图3A所示的文字,或是如图3B所示的文字与图片,或是语音或是影像等,建立在云端装置500的生产履历数据库中。此外,也可以建立一个产品保固数据所形成的数据库,其中,产品保固数据至少包括产品的货品编号、 产品的上架日期、产品出厂日期、产地、产品制造商及制造商地址及产品材质等数据,如图3C所示。In a preferred embodiment of the present invention, a detailed content type record may be further established in the key record of the product history content as the product time, and the detailed content type may be used in FIG. 3A. The displayed text, or the text and picture as shown in FIG. 3B, or voice or video, is built in the production history database of the cloud device 500. In addition, a database formed by product warranty data may be created, wherein the product warranty data includes at least the product number of the product, The product's shelf date, product release date, origin, product manufacturer and manufacturer address, and product material are shown in Figure 3C.
再接着,详细说明本发明的物联网连接系统的生产履历建立及查询的连接方法及过程,透过本物联网连接系统的连接方法及过程,可以更清楚的理解本发明使用代理伺服装置700的创新点。Next, the connection method and process of establishing and querying the production history of the Internet of Things connection system of the present invention will be described in detail. Through the connection method and process of the Internet of Things connection system, the innovation of using the proxy servo device 700 of the present invention can be more clearly understood. point.
请参考图4,是本发明所揭露的使用物联网建立产品生产履历及产品生产履历查询方法的流程图。如图4所示,本发明的使用物联网建立产品生产履历及产品生产履历查询方法包括:Please refer to FIG. 4 , which is a flowchart of a method for establishing a product production history and a product production history query method using the Internet of Things disclosed in the present invention. As shown in FIG. 4, the method for inspecting the production history of the product using the Internet of Things and the product production history query method includes:
步骤1:由客户端装置100向云端装置500进行登录,例如:客户端装置100通过https向云端装置500登录,以便启动物联网系统。Step 1: The client device 100 logs in to the cloud device 500. For example, the client device 100 logs in to the cloud device 500 through https to start the Internet of Things system.
步骤2:当云端装置500收到客户端装置100的请求后,云端装置500会先验证客户端装置100所使用的硬件uuid(如MAC Address)是否已经储存在云端装置500的数据库中。Step 2: After the cloud device 500 receives the request from the client device 100, the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by the client device 100 has been stored in the database of the cloud device 500.
步骤3:当云端装置500确认客户端装置100所使用的硬件uuid(如MAC Address)已经储存在云端装置500的数据库时,则判断客户端装置100数据正确,其为本物联网中的客户端装置100,则云端装置500会产生一个客户辩证码(client uuid)、一对专属客户使用的密钥。在本实施例中,此密钥是使用安全性高的RSM非对称式密钥(Asymmetric Key);故可以产生出一对client_pub_key及client_pri_key;并且将其所产生的uuid及密钥等讯息回传客户端装置100,这些回传客户端装置100的讯息包括:client_uuid、sever_pub_key(此sever_pub_key即是client_pub_key。此外,若当云端装置500收到客户端装置100的请求后,云端装置500比对出客户端装置100所使用的硬件uuid(如MAC Address)并不在云端装置500的数据库中时,及判断此客户端装置100所使用的硬件uuid(如MAC Address)并非本物联网中的客户端装置100,则将此硬件uuid(如MAC Address)讯息储存在另一个数据库中,以便后续比对。Step 3: When the cloud device 500 confirms that the hardware uuid (such as MAC Address) used by the client device 100 is already stored in the database of the cloud device 500, it is determined that the data of the client device 100 is correct, which is the client device in the Internet of Things. 100, the cloud device 500 generates a client uuid, a key used by a pair of exclusive clients. In this embodiment, the key is a highly secure RSM asymmetric key (Asymmetric Key); therefore, a pair of client_pub_key and client_pri_key can be generated; and the generated uuid and key are returned. The client device 100, the message of the backhaul client device 100 includes: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key. In addition, if the cloud device 500 receives the request from the client device 100, the cloud device 500 compares the client. When the hardware uuid (such as MAC Address) used by the end device 100 is not in the database of the cloud device 500, and determining that the hardware uuid (such as MAC Address) used by the client device 100 is not the client device 100 in the Internet of Things, This hardware uuid (such as MAC Address) message is stored in another database for subsequent comparison.
步骤4:客户端装置100判断云端装置500所产生的uuid及密钥等讯息是否已正确收到;当客户端装置100确认已经正确地收到uuid及密钥等讯息 后,客户端装置100随即会以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https向云端装置500要求取得client_share_key、代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码(username/password)。Step 4: The client device 100 determines whether the information such as the uuid and the key generated by the cloud device 500 has been correctly received; when the client device 100 confirms that the uuid and the key have been correctly received. After that, the client device 100 will request the client_share_key, the URL or URI of the MQTT_Broker of the proxy server 700, and the MQTT_Broker account and password (username) to the cloud device 500 through the https with the encoded client_uuid (ie, the client_uuid will be garbled according to the sever_pub_key). /password).
步骤5:当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将client_share_key、代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码等以client_pub_key编码后回传至客户端装置100。Step 5: When the cloud device 500 receives the garbled client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key and the proxy server 700. The URL or URI of the MQTT_Broker and the MQTT_Broker account and password are encoded in the client_pub_key and transmitted back to the client device 100.
步骤6:当客户端装置100自云端装置500取得相关数据后,客户端装置100随即会使用client_pri_key进行译码,并确认所收到的讯息必须完整,此完整的讯息包括:1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker的URL或URI;4.MQTT_Broker username/password;5.client_Share_key。当客户端装置100在确认收到完整的讯息后,即会与代理伺服装置700进行连接;若客户端装置100判断所收到的讯息不完整时,会回到步骤4,重新要求向云端装置500要求取得client_share_key、代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码(username/password)。Step 6: After the client device 100 obtains relevant data from the cloud device 500, the client device 100 will use the client_pri_key to decode and confirm that the received message must be complete. The complete message includes: 1.Sever_pub_key; .Client_pri_key; 3.MQTT_Broker's URL or URI; 4.MQTT_Broker username/password;5.client_Share_key. When the client device 100 confirms receipt of the complete message, it will connect with the proxy server 700; if the client device 100 determines that the received message is incomplete, it will return to step 4 to re-request to the cloud device. 500 requests the client_share_key, the URL or URI of the MQTT_Broker of the proxy server 700, and the MQTT_Broker account and password (username/password).
步骤7:客户端装置100使用MQTT_Broker的URL或URI及MQTT_Broker账号及密码连接代理伺服装置700;同时,也使用client_share_key将client_uuid及客户端装置100所要传给云端装置500的数据内容(例如:产品的生产履历等)进行编码后,再上传至代理伺服装置700。Step 7: The client device 100 connects to the proxy server 700 using the URL or URI of the MQTT_Broker and the MQTT_Broker account and password. Meanwhile, the client_share_key is also used to transmit the client_uuid and the data content of the client device 100 to the cloud device 500 (for example: product The production history and the like are encoded and then uploaded to the proxy server 700.
步骤8:代理伺服装置700在收到客户端装置100所上传的编码client_uuid及讯息串(例如:产品的生产履历等)后,随即将客户端装置100所上传的讯息直接(也就是说,不做任何处理)传送给云端装置500端。Step 8: After receiving the encoded client_uuid and the message string (for example, the production history of the product, etc.) uploaded by the client device 100, the proxy server 700 immediately sends the message uploaded by the client device 100 directly (that is, does not Do any processing) to the cloud device 500.
步骤9:云端装置500在接收到代理伺服装置700所直接传送的数据后,随即使用client_share_key进行译码,并且会验证所收到的client_uuid及数据串(例如:产品的生产履历等)是否完整及正确。 Step 9: After receiving the data directly transmitted by the proxy server 700, the cloud device 500 decodes the client_share_key and verifies that the received client_uuid and the data string (for example, the production history of the product, etc.) are complete. correct.
步骤10:云端装置500判断所收到的client_uuid及数据串完整及正确时,则将译码后的客户端数据串(例如:产品的生产履历等)储存至内存模块530中,等待用户将这些收到的数据串进行特定的应用,例如,在云端装置500中完成了产品的生产履历数据库的建立;若验证所收到的client_uuid及数据串不完整或不正确时,则进行记录;在本实施例中,不正确的讯息包括(1)某网址对应到的client_uuid不正确,则可能有盗用问题;(2)若某client_uuid有配合上其所在的位置(Geo Location)的数据上传后,可以藉由验证GeoLocation的合理性来验证(是否某个client_uuid这一分钟在亚洲,下一分钟在北美);当不正确的讯息持续出现时,则判断代理伺服装置700可能故障或被黑客攻击,则云端装置500可以选择关闭此代理伺服装置700。Step 10: When the cloud device 500 determines that the received client_uuid and the data string are complete and correct, the decoded client data string (for example, the production history of the product, etc.) is stored in the memory module 530, waiting for the user to The received data string is used for a specific application, for example, the establishment of a production history database of the product is completed in the cloud device 500; if the received client_uuid and the data string are incomplete or incorrect, the recording is performed; In the embodiment, the incorrect message includes: (1) if the client_uuid corresponding to a certain website is incorrect, there may be a theft problem; (2) if a client_uuid has a data corresponding to the location (Geo Location), Verify by verifying the reasonableness of the GeoLocation (whether a client_uuid is in Asia, the next minute is in North America); when an incorrect message persists, it is determined that the proxy server 700 may be malfunctioning or being hacked. The cloud device 500 can choose to turn off the proxy server 700.
很明显地,在整个物联网系统的连接方法过程中,从步骤1至步骤6都是在每一个客户端装置100出厂前就与云端装置500完成连接,即每一个客户端装置100出厂后,就已经自云端装置500获得完整的讯息包括:1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker的URL或URI;4.MQTT_Broker username/password;5.client_Share_key。当物联网系统启动后,每一个客户端装置100所要传送给云端装置500处理的数据串,都会根据MQTT_Broker的URL或URI传送至代理伺服装置700,再由代理伺服装置700直接将客户端装置100数据串传送给云端装置500。故自步骤7至步骤10之间的讯息传递过程中(即产品生产履历数据库的建立过程中),云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率。由于代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500,故可以降低代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码被破解的机率,可以更增加物联网通信过程的安全性。Obviously, in the connection method of the entire Internet of Things system, from step 1 to step 6, the connection is completed with the cloud device 500 before each client device 100 leaves the factory, that is, after each client device 100 is shipped from the factory, The complete message has been obtained from the cloud device 500: 1.Sever_pub_key; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password; 5.client_Share_key. After the Internet of Things system is started, the data string to be transmitted by each client device 100 to the cloud device 500 is transmitted to the proxy server 700 according to the URL or URI of the MQTT_Broker, and the client device 100 is directly used by the proxy server 700. The data string is transmitted to the cloud device 500. Therefore, during the message transfer process between step 7 and step 10 (that is, during the establishment of the product production history database), the cloud device 500 does not directly expose its own address, so that the cloud device 500 can be reduced or hacked. The chance. Since the proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, the URL or URI of the MQTT_Broker of the proxy server 700 and the probability that the MQTT_Broker account and password are cracked can be reduced, and the Internet of Things communication can be further increased. Process security.
接着,当一位消费者使用智能型手机在网络上看到某一个产品,并且想要购买此产品时,消费者可以透过网络上所标示的产品编号(货号)或是QR Code等,查看此产品的生产履历或是保固数据,其查询过程说明如下。 Then, when a consumer uses a smart phone to see a product on the network and wants to purchase the product, the consumer can view it by the product number (item number) or QR Code indicated on the network. The production history or warranty data of this product is described below.
首先,消费者可以先建立其所使用的智能型手机与本发明的物联网完成身分辨识的程序;例如下载本发明物联网的APP软件,经由图4的步骤1至步骤6的过程,让消费者所使用的智能型手机已在本发明的物联网完成身分辨识的程序,即消费者使用智能型手机的硬件uuid(如MAC Address)已经储存在云端装置500的数据库中;接着,当消费者可以透过其所使用的智能型手机,将想要查询的产品编号(货号)或是QR Code,以及要查看此产品的生产履历或是保固数据等数据串,都会经由步骤7,根据MQTT_Broker的URL或URI传送至代理伺服装置700,再经步骤8,由代理伺服装置700直接将消费者想要查询的数据串传送给云端装置500。再接着,经由步骤9,云端装置500判断所收到的client_uuid及数据串完整及正确时,则会经由步骤11,根据译码后的消费者数据串,至产品生产履历数据库中比对所要查询的产品编号(货号)或是QR Code是否已建立;如果比对到消费者想要查询的产品编号(货号)或是QR Code之后,云端装置500还会进一步查看消费者所要查询的产品的生产履历或是保固数据的型态是否存在;如果有符合消费者所要查询的产品的生产履历或是保固数据的型态时,由于消费者(即客户端装置100)的智能型手机中,已经储存了代理伺服装置700’连接时所需要的URL或URI、账号及密码编码,故云端装置500即会经由步骤12与代理伺服装置700’连接,并将消费者所要查询的产品的生产履历或是保固数据的型态传送至代理伺服装置700’,再由代理伺服装置700’直接将产品的生产履历或是保固数据的型态传送至消费者的智能型手机,使得消费者可以透过智能型手机上的显示器看到所要购买的产品生产履历或是保固数据。First, the consumer can first establish a program for the identity recognition of the smart phone used by the user and the Internet of Things of the present invention; for example, downloading the APP software of the Internet of Things of the present invention, and letting the consumption through the process of steps 1 to 6 of FIG. 4 The smart phone used by the user has completed the identity recognition process in the Internet of Things of the present invention, that is, the hardware uuid (such as MAC Address) of the consumer using the smart phone has been stored in the database of the cloud device 500; then, when the consumer You can use the smart phone you are using, the product number (item number) or QR Code you want to query, and the data history of the product's production history or warranty data, which will be viewed through step 7, according to MQTT_Broker The URL or URI is transmitted to the proxy server 700, and then, via the step 8, the proxy server 700 directly transmits the data string that the consumer wants to query to the cloud device 500. Then, via the step 9, the cloud device 500 determines that the received client_uuid and the data string are complete and correct, and then, according to the decoded consumer data string, the comparison to the product production history database is performed in step 11. Whether the product number (item number) or QR Code has been established; if the product number (item number) or QR Code that the consumer wants to inquire is compared, the cloud device 500 further checks the production of the product that the consumer wants to query. Whether the profile of the resume or warranty data exists; if there is a production history or a warranty data type that matches the product that the consumer wants to query, since the consumer (ie, the client device 100) has stored the smart phone, The URL or URI, account number and password code required for the proxy server 700' to connect, the cloud device 500 will be connected to the proxy server 700' via step 12, and the production history of the product to be queried by the consumer or The type of the warranty data is transmitted to the proxy server 700', and the proxy servo 700' directly directs the production history of the product or the warranty data. Teleportation to the consumer smart phone, so that consumers can see the product you want to buy or warranty history through the display data on a smart phone.
由于云端装置500可以设定代理伺服装置700’的URL或URI、账号及密码,故当云端装置500要将产品的生产履历或是保固数据传递给用户时(即执行步骤12),同样的,其均只能经过代理伺服装置700’的URL或URI、账号及密码与代理伺服装置700’连接及通信;因此,在云端装置500将用户所要查询的产品的生产履历或是保固数据等讯息传送到用户的智能型手机上的整个过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率,可以有效的提高云端装置500及物联网 生产履历数据库的安全性。很明显的,本发明的物联网连接系统也具备了自我检修的智能判断功能可增加系统稳定性及安全性;例如:特别是当系统因不名原因故障或是在当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由本发明的安全认证来防止密码遭窜改或盗用;故可以确保物联网系统的安全性。Since the cloud device 500 can set the URL or URI, account number and password of the proxy server 700', when the cloud device 500 wants to transmit the production history or warranty data of the product to the user (ie, step 12), the same is true. All of them can only connect and communicate with the proxy server 700' through the URL or URI, account number and password of the proxy server 700'; therefore, the cloud device 500 transmits the production history or warranty data of the product to be queried by the user. In the whole process of the user's smart phone, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the cloud device 500 and the Internet of Things can be effectively improved. The security of the production history database. Obviously, the IoT connection system of the present invention also has a self-checking intelligent judgment function to increase system stability and security; for example, especially when the system fails due to unknown reasons or when a hacker is in the message transmission process When tampering, misappropriation or denial is performed, the security authentication of the present invention can be used to prevent password tampering or misappropriation; thus, the security of the Internet of Things system can be ensured.
接着,请参考图5,是本发明使用物联网建立产品生产履历及产品生产履历查询方法的另一实施例的流程图。如图5所示,本发明的使用物联网建立产品生产履历及产品生产履历查询的方法包括:Next, please refer to FIG. 5 , which is a flowchart of another embodiment of the present invention for establishing a product production history and a product production history query method using the Internet of Things. As shown in FIG. 5, the method for establishing a product production history and product production history query using the Internet of Things of the present invention includes:
步骤1:由客户端装置100向云端装置500进行登录,例如:客户端装置100通过https向云端装置500登录,以便启动物联网系统。Step 1: The client device 100 logs in to the cloud device 500. For example, the client device 100 logs in to the cloud device 500 through https to start the Internet of Things system.
步骤2:当云端装置500收到客户端装置100的请求后,云端装置500会先验证客户端装置100所使用的硬件uuid(如MAC Address)是否已经储存在云端装置500的数据库中。Step 2: After the cloud device 500 receives the request from the client device 100, the cloud device 500 first verifies whether the hardware uuid (such as MAC Address) used by the client device 100 has been stored in the database of the cloud device 500.
步骤3:当云端装置500确认客户端装置100所使用的硬件uuid(如MAC Address)已经储存在云端装置500的数据库时,则判断客户端装置100数据正确,其为本物联网中的客户端装置100,则云端装置500会产生一个客户辩证码(client uuid)、一对专属客户使用的密钥。在本实施例中,此密钥是使用安全性高的RSM非对称式密钥(Asymmetric Key);故可以产生出一对client_pub_key及client_pri_key;并且将其所产生的uuid及密钥等讯息回传客户端装置100,这些回传客户端装置100的讯息包括:client_uuid、sever_pub_key(此sever_pub_key即是client_pub_key)。此外,若当云端装置500收到客户端装置100的请求后,云端装置500比对出客户端装置100所使用的硬件uuid(如MAC Address)并不在云端装置500的数据库中时,及判断此客户端装置100所使用的硬件uuid(如MAC Address)并非本物联网中的客户端装置100,则将此硬件uuid(如MAC Address)讯息储存在另一个数据库中,以便后续比对。Step 3: When the cloud device 500 confirms that the hardware uuid (such as MAC Address) used by the client device 100 is already stored in the database of the cloud device 500, it is determined that the data of the client device 100 is correct, which is the client device in the Internet of Things. 100, the cloud device 500 generates a client uuid, a key used by a pair of exclusive clients. In this embodiment, the key is a highly secure RSM asymmetric key (Asymmetric Key); therefore, a pair of client_pub_key and client_pri_key can be generated; and the generated uuid and key are returned. The client device 100, the messages of the backhaul client device 100 include: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key). In addition, when the cloud device 500 receives the request from the client device 100, the cloud device 500 compares the hardware uuid (such as MAC Address) used by the client device 100 to the database of the cloud device 500, and determines this. If the hardware uuid (such as MAC Address) used by the client device 100 is not the client device 100 in the Internet of Things, the hardware uuid (such as MAC Address) message is stored in another database for subsequent comparison.
步骤4:客户端装置100判断云端装置500所产生的uuid及密钥等讯息是否以正确收到;当客户端装置100确认已经正确地收到uuid及密钥等讯息 后,客户端装置100随即会以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https向云端装置500要求取得client_share_key、share_key_expiry date time、代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码(username/password)。Step 4: The client device 100 determines whether the uuid and the key generated by the cloud device 500 are correctly received; when the client device 100 confirms that the uuid and the key have been correctly received. After that, the client device 100 will request the client_share_key, share_key_expiry date time, the URL or URI of the MQTT_Broker of the proxy server 700, and the MQTT_Broker account to the cloud device 500 through the https with the encoded client_uuid (ie, the client_uuid will be garbled according to the sever_pub_key). And password (username/password).
在本发明的较佳实施例中,此密钥是使用RSM非对称式密钥(Asymmetric Key);故可以产生出一对client_pub_key及client_pri_key;其中,RSM非对称式密钥具有解碼时间长,所以安全性高。此外,在另一个较佳实施例中,云端装置500还可以选择性的产生一个客户端装置100专属的对称式密钥(Symmetric Key)client_share_key。故在本发明的较佳实施例中,可以选择性的将RSM非对称式密钥及对称式密钥配合使用;由于,对称式密钥具有译码时间短,相对地安全性较低,因此需要随时变动client_share_key,以确保安全性;为此,云端装置500还会进一步产生一个随时变动的share_key_expiry date time,藉由不定时的更改client_share_key来提升安全性;故当云端装置500侦测到随时变动的client_share_key已经超过了设定变动的时间后,即会自动产生新的client_share_key,以确保安全性。In the preferred embodiment of the present invention, the key is an Asymmetric Key; therefore, a pair of client_pub_key and client_pri_key can be generated; wherein the RSM asymmetric key has a long decoding time, so High security. In addition, in another preferred embodiment, the cloud device 500 can also selectively generate a symmetric key (client) key client_share_key specific to the client device 100. Therefore, in the preferred embodiment of the present invention, the RSM asymmetric key and the symmetric key can be selectively used together; since the symmetric key has a short decoding time and relatively low security, Client_share_key needs to be changed at any time to ensure security. For this reason, the cloud device 500 further generates a share_key_expiry date time that changes at any time, and improves the security by changing the client_share_key from time to time; therefore, when the cloud device 500 detects that it changes at any time. After the client_share_key has exceeded the set change time, a new client_share_key is automatically generated to ensure security.
步骤5:当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将client_share_key、share_key_expiry date time、代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码等以client_pub_key编码后回传至客户端装置100。Step 5: After receiving the garbled client_uuid, the cloud device 500 decodes according to the sever_pri_key to confirm whether the client_uuid is correct. After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key, share_key_expiry date time, and proxy. The URL or URI of the MQTT_Broker of the server 700 and the MQTT_Broker account and password are encoded in the client_pub_key and transmitted back to the client device 100.
步骤6:当客户端装置100自云端装置500取得相关数据后,客户端装置100随即会使用client_pri_key进行译码,并确认所收到的讯息必须完整,此完整的讯息包括:1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker的URL或URI;4.MQTT_Broker username/password;5.client_Share_key;6.share_key_expiry date time。当客户端装置100在确认收到完整的讯息后,即会与代理伺服装置700进行连接;若客户端装置100判断所收到的讯 息不完整时,会回到步骤4,重新要求向云端装置500要求取得。Step 6: After the client device 100 obtains relevant data from the cloud device 500, the client device 100 will use the client_pri_key to decode and confirm that the received message must be complete. The complete message includes: 1.Sever_pub_key; .Client_pri_key;3.MQTT_Broker's URL or URI; 4.MQTT_Broker username/password;5.client_Share_key;6.share_key_expiry date time. When the client device 100 confirms receipt of the complete message, it will connect with the proxy server 700; if the client device 100 determines the received message If the information is incomplete, it will return to step 4 and request the acquisition to the cloud device 500 again.
步骤7:客户端装置100使用MQTT_Broker的URL或URI及MQTT_Broker账号及密码连接代理伺服装置700;同时,也使用client_share_key将client_uuid及客户端装置100所要传给云端装置500的数据内容(例如:产品的生产履历等)进行编码后,再上传至代理伺服装置700。Step 7: The client device 100 connects to the proxy server 700 using the URL or URI of the MQTT_Broker and the MQTT_Broker account and password. Meanwhile, the client_share_key is also used to transmit the client_uuid and the data content of the client device 100 to the cloud device 500 (for example: product The production history and the like are encoded and then uploaded to the proxy server 700.
步骤8:客户端装置100检查Share_key_expiry date time的时效是否已经到期;若检查结果尚未到期后,则编码后的client_uuid及数据串(例如:产品的生产履历等)内容上传至代理伺服装置700;若检查结果为过期状态后,则会回到步骤4,重新要求向云端装置500要求取得新的Share_key_expiry date time。例如:到期日为2015/0501时;如果检查结果已经过了Share_key_expiry date time的时效时(例如:检查期日的结果为2015/0502),则客户端装置100会重新以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码),通过https要求取得新的share_key_expiry date time;而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将新的share_key_expiry date time以client_pub_key编码后回传至客户端装置100。此外,为增加安全性,share_key_expiry date time所设定的时间可以是周期性的,也可以是随机变量的,可以由云端装置500决定。Step 8: The client device 100 checks whether the aging of the Share_key_expiry date time has expired; if the check result has not expired, the encoded client_uuid and the data string (for example, the production history of the product, etc.) are uploaded to the proxy server 700. If the check result is an expired state, it will return to step 4 and request to request the cloud device 500 to obtain a new Share_key_expiry date time. For example, when the expiration date is 2015/0501; if the check result has expired by Share_key_expiry date time (for example, the result of the check date is 2015/0502), the client device 100 will re-encode the client_uuid (ie The client_uuid will be garbled according to the sever_pub_key. The new share_key_expiry date time is obtained through the https request. When the cloud device 500 receives the garbled client_uuid, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct. After confirming that client_uuid is correct, the cloud device 500 encodes the new share_key_expiry date time with the client_pub_key and transmits it back to the client device 100. In addition, for increasing security, the time set by the share_key_expiry date time may be periodic or random, and may be determined by the cloud device 500.
步骤9:代理伺服装置700在收到客户端装置100所上传的编码client_uuid及讯息串(例如:产品的生产履历等)后,随即将客户端装置100所上传的讯息直接(也就是说,不做任何处理)传送给云端装置500端。Step 9: After receiving the encoded client_uuid and the message string (for example, the production history of the product, etc.) uploaded by the client device 100, the proxy server 700 immediately sends the message uploaded by the client device 100 directly (that is, does not Do any processing) to the cloud device 500.
步骤10:云端装置500在接收到代理伺服装置700所直接传送的数据后,随即使用client_share_key进行译码,并且会验证所收到的client_uuid及数据串(例如:产品的生产履历等)是否完整及正确。Step 10: After receiving the data directly transmitted by the proxy server 700, the cloud device 500 decodes the client_share_key and verifies that the received client_uuid and the data string (for example, the production history of the product, etc.) are complete. correct.
步骤11:云端装置500判断所收到的client_uuid及数据串(例如:产品的生产履历等)完整及正确时,则将译码后的客户端数据串储存至内存模块530中,等待用户将这些收到的数据串(例如:产品的生产履历等)进行特定的 处理及应用;若验证所收到的client_uuid及数据串不完整或不正确时,则进行记录;在本实施例中,不正确的讯息包括(1)某IP对应到的client_uuid不正确,则可能有盗用问题(2)若某client_uuid有配合将其所在位置(Geo Location)的数据上传,可以藉由验证GeoLocation的合理性来验证(是否某个client_uuid这一分钟在亚洲,下一分钟在北美)。当不正确的讯息持续出现时,则判断代理伺服装置700可能故障或被黑客攻击;则云端装置500可以选择关闭此代理伺服装置700。Step 11: When the cloud device 500 determines that the received client_uuid and the data string (for example, the production history of the product, etc.) are complete and correct, the decoded client data string is stored in the memory module 530, waiting for the user to The received data string (for example, the production history of the product, etc.) is specified If the client_uuid and the data string are incomplete or incorrect, the error is recorded. There is a problem of misappropriation (2) If a client_uuid cooperates to upload the data of its location (Geo Location), it can be verified by verifying the reasonableness of GeoLocation (whether a client_uuid is in Asia, the next minute is in North America) . When the incorrect message continues to occur, it is determined that the proxy server 700 may be malfunctioning or hacked; then the cloud device 500 may choose to turn off the proxy server 700.
很明显地,在整个物联网系统的连接方法过程中,从步骤1至步骤6都是在每一个客户端装置100出厂前就与云端装置500完成连接,即每一个客户端装置100出厂后,就已经从云端装置500获得完整的讯息包括:1.Sever_pub_key;2.Client_pri_key;3.MQTT_Broker的URL或URI;4.MQTT_Broker username/password;5.client_Share_key;6.share_key_expiry date time。当物联网系统启动后,每一个客户端装置100所要传送给云端装置500处理的数据串,都会根据MQTT_Broker的URL或URI传送至代理伺服装置700,再由代理伺服装置700直接将客户端装置100数据串传送给云端装置500。故自步骤7至步骤10之间的讯息传递过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率。由于代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500,故可以降低代理伺服装置700的MQTT_Broker的URL或URI及MQTT_Broker账号及密码被破解的机率,可以更增加物联网通信过程的安全性。根据上述,很明显的,本发明的物联网连接系统也具备了自我检修的智能判断功能可增加系统稳定性及安全性;例如:特别是当系统因不明原因故障或是在当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由本发明的安全认证来防止密码遭窜改或盗用;故可以确保物联网系统的安全性。Obviously, in the connection method of the entire Internet of Things system, from step 1 to step 6, the connection is completed with the cloud device 500 before each client device 100 leaves the factory, that is, after each client device 100 is shipped from the factory, The complete message has been obtained from the cloud device 500 including: 1.Sever_pub_key; 2.Client_pri_key; 3.MQTT_Broker URL or URI; 4.MQTT_Broker username/password; 5.client_Share_key; 6.share_key_expiry date time. After the Internet of Things system is started, the data string to be transmitted by each client device 100 to the cloud device 500 is transmitted to the proxy server 700 according to the URL or URI of the MQTT_Broker, and the client device 100 is directly used by the proxy server 700. The data string is transmitted to the cloud device 500. Therefore, the cloud device 500 does not directly expose its own address during the message transmission process from step 7 to step 10, so that the probability of the cloud device 500 being faulty or being hacked can be reduced. Since the proxy server 700 transmits the data uploaded by the client device 100 directly to the cloud device 500, the URL or URI of the MQTT_Broker of the proxy server 700 and the probability that the MQTT_Broker account and password are cracked can be reduced, and the Internet of Things communication can be further increased. Process security. According to the above, it is obvious that the Internet of Things connection system of the present invention also has a self-checking intelligent judgment function to increase system stability and security; for example, especially when the system fails due to unknown reasons or when a hacker is in the message When the transfer process is falsified, stolen or denied, the security authentication of the present invention can be used to prevent the password from being tampered with or stolen; thus, the security of the Internet of Things system can be ensured.
接着,本发明还可以在图5的步骤4中,将客户端装置100向云端装置500取得代理伺服装置700的MQTT_Broker的URL或URI、MQTT_Broker账号及MQTT_Broker密码的过程,分为两次来执行;例如:第一次是客户端装 置100以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https要求取得client_share_key及MQTT_Broker的URL或URI;而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将client_share_key及MQTT_Broker的URL或URI等以client_pub_key编码后回传至客户端装置100;第二次是客户端装置100再以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码),通过https要求取得MQTT_Broker账号及密码;而当云端装置500收到转成乱码的client_uuid后,即会根据sever_pri_key进行译码,以确认client_uuid是否正确;待云端装置500确认client_uuid正确后,云端装置500将MQTT_Broker账号及密码等以client_pub_key编码后回传至客户端装置100。特别要说明的,第一次及第二次所要取得的内容中,只要求将MQTT_Broker的URL或URI、账号及密码分两次取得,其他并不加以限制。Next, in the step 4 of FIG. 5, the process of obtaining the URL or URI, MQTT_Broker account, and MQTT_Broker password of the MQTT_Broker of the proxy server 700 from the client device 100 to the cloud device 500 may be performed in two steps; For example: the first time is the client installation Set 100 to encode the client_uuid (that is, client_uuid will be garbled according to sever_pub_key). Obtain the URL or URI of client_share_key and MQTT_Broker through https. When the cloud device 500 receives the client_uuid that is garbled, it will decode according to sever_pri_key. To confirm that the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the URL or URI of the client_share_key and the MQTT_Broker with the client_pub_key and transmits it back to the client device 100; the second time is that the client device 100 The encoded client_uuid (that is, client_uuid will be garbled according to sever_pub_key), obtain the MQTT_Broker account and password through https request; and when the cloud device 500 receives the hacked client_uuid, it will decode according to sever_pri_key to confirm whether client_uuid is Correctly; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the MQTT_Broker account and password and the like with the client_pub_key and transmits the result back to the client device 100. In particular, the first and second time to obtain the content, only the MQTT_Broker URL or URI, account number and password are required to be obtained twice, the other is not limited.
接着,当多位消费者使用各自的智能型手机在网络上分别看到某一个产品,并且想要购买此产品时,消费者可以透过网络上所标示的产品编号(货号)或是QR Code等,查看此产品的生产履历或是保固数据,其查询过程说明如下。Then, when multiple consumers use their smart phones to see a certain product on the network and want to buy the product, the consumer can use the product number (item number) or QR Code indicated on the network. Wait, check the production history or warranty data of this product. The query process is as follows.
首先,每一位消费者可以先建立其所使用的智能型手机与本发明的物联网完成身分辨识的程序;例如:每一位消费者都已下载本发明物联网的APP软件,经由图4的步骤1至步骤6的过程,让每一位消费者所使用智能型手机已在本发明的物联网完成身分辨识的程序,即每一位消费者所使用智能型手机的硬件uuid(如MAC Address)均已经储存在云端装置500的数据库中;接着,当每一位消费者透过其所使用的智能型手机,将想要查询的产品编号(货号)或是QR Code,以及要查看此产品的生产履历或是保固数据等数据串,都会经由步骤7至步骤8,根据每一位消费者所配对好的MQTT_Broker的URL或URI传送至代理伺服装置700,再经步骤9,由代理伺服装置700直接将消费者想要查询的数据串传送给云端装置500。再接着,经由步骤10,云端装 置500判断所收到的client_uuid及数据串完整及正确时,则会经由步骤12,根据解碼后的每一位消费者的数据串,至产品生产履历数据库中比对所要查询的产品编号(货号)或是QR Code是否已建立;如果比对到每一位消费者想要查询的产品编号(货号)或是QR Code之后,云端装置500还会进一步查看消费者所要查询的产品的生产履历或是保固数据的型态是否存在;如果有符合消费者所要查询的产品的生产履历或是保固数据的型态时,由于消费者(即客户端装置100)的智能型手机中,已经储存了代理伺服装置700’连接时所需要的URL或URI、账号及密码编码,故云端装置500即会经由步骤13与代理伺服装置700’连接,并将每一位消费者所要查询的产品的生产履历或是保固数据的型态传送至另一个代理伺服装置700’,再由代理伺服装置700’直接将产品的生产履历或是保固数据的型态传送至每一位消费者的智能型手机,使得每一位消费者可以透过智能型手机上的显示器看到所要购买的产品生产履历或是保固数据。很明显的,在云端装置500也可以与多个代理伺服装置700’通信,且每一个代理伺服装置700’可以与多位消费者形成配对。First of all, each consumer can first establish the program of the smart phone used by the user and the Internet of Things of the present invention to complete the identity recognition; for example, each consumer has downloaded the APP software of the invention of the invention, via FIG. 4 The process of steps 1 to 6 allows each consumer to use the smart phone to complete the identity recognition process in the Internet of Things of the present invention, that is, the hardware uuid (such as MAC) of each consumer using the smart phone. Addresses are already stored in the database of the cloud device 500; then, when each consumer uses the smart phone they use, the product number (item number) or QR Code that they want to query, and to view this The production history of the product or the data string of the warranty data will be transmitted to the proxy server 700 according to the URL or URI of the MQTT_Broker matched by each consumer via steps 7 to 8, and then, by step 9, the proxy servo The device 700 directly transmits the data string that the consumer wants to query to the cloud device 500. Then, via step 10, cloud loading When it is determined that the received client_uuid and the data string are complete and correct, the product number to be queried is compared to the product production history database according to the decoded data string of each consumer via step 12. ) or whether the QR Code has been established; if the product number (item number) or QR Code that each consumer wants to query is compared, the cloud device 500 further checks the production history of the product that the consumer wants to query or Whether the type of the warranty data exists; if there is a production history or a warranty data type conforming to the product that the consumer wants to inquire, since the consumer (ie, the client device 100) has stored the agent in the smart phone The URL or URI, account number and password code required for the connection of the server 700' are connected, so the cloud device 500 is connected to the proxy server 700' via step 13 and the production history of the product to be queried by each consumer or The type of warranty data is transferred to another proxy server 700', and the proxy servo 700' directly directs the production history or warranty data of the product. The type is transmitted to each consumer's smart phone, so that each consumer can see the product production history or warranty data of the product to be purchased through the display on the smart phone. It will be apparent that the cloud device 500 can also communicate with a plurality of proxy servers 700', and each proxy server 700' can form a pair with a plurality of consumers.
由于云端装置500可以设定代理伺服装置700’的URL或URI、账号及密码,故当云端装置500要将产品的生产履历或是保固数据传递给用户时,同样的,其均只能经过代理伺服装置700’的URL或URI、账号及密码与代理伺服装置700’连接及通信;因此,在云端装置500将用户所要查询的产品的生产履历或是保固数据等讯息传送到用户的智能型手机上的整个过程中,云端装置500并不会直接暴露出自己的地址,故可以降低云端装置500故障或被黑客攻击的机率,可以有效的提高云端装置500及物联网生产履历数据库的安全性。根据上述,很明显的,本发明的物联网连接系统也具备了自我检修的智能判断功能可增加系统稳定性及安全性;例如:特别是当系统因不名原因故障或是在当有黑客在讯息传递过程进行窜改、盗用或否认等行为时,都可藉由本发明的安全认证来防止密码遭窜改或盗用;故可以确保物联网系统的安全性。Since the cloud device 500 can set the URL or URI, account number and password of the proxy server 700', when the cloud device 500 wants to transmit the production history or warranty data of the product to the user, the same can only be done through the proxy. The URL or URI, account number and password of the server device 700' are connected and communicated with the proxy server 700'; therefore, the cloud device 500 transmits a message such as a production history or warranty data of the product to be queried by the user to the user's smart phone. In the whole process, the cloud device 500 does not directly expose its own address, so the probability of the cloud device 500 being faulty or being hacked can be reduced, and the security of the cloud device 500 and the Internet of Things production history database can be effectively improved. According to the above, it is obvious that the Internet of Things connection system of the present invention also has a self-checking intelligent judgment function to increase system stability and security; for example, especially when the system fails due to unknown reasons or when there is a hacker When the message transmission process is falsified, stolen or denied, the security authentication of the present invention can be used to prevent password tampering or misappropriation; thus, the security of the Internet of Things system can be ensured.
接着,请参考图6,是本发明的物联网系统在进行产品防伪功能的系统架构示意图。如图6所示,当本发明的物联网系统在进行产品防伪的功能时, 需要有至少一个产品10及配置在每一个产品上并能代表产品的唯一标识符(Universally Unique Identifier;缩写为uuid)的电子卷标(Tag)12,以及一个读取装置100及一个云端装置500所组成;其中,配置在每一个产品10上的uuid的电子卷标12可以为Bar Code、QR Code、RFID(Radio Frequency Identification)、NFC(Near Field Communications)、BLE(Bluetooth Low Energy)、iBeacon、ZigBee或Zwave或是单纯记载此uuid的芯片,本发明并不加以限制uuid的其他形式。将每一个产品10配置uuid的目的,是要确保得到一个产品10与电子卷标12的uuid是绝对一对一的对应关系,用以作为产品追踪、记录及分析产品10状况的数据。Next, please refer to FIG. 6 , which is a schematic diagram of a system architecture of the anti-counterfeiting function of the Internet of Things system of the present invention. As shown in FIG. 6, when the Internet of Things system of the present invention performs the function of product anti-counterfeiting, There is a need for at least one product 10 and an electronic tag (Tag) 12 disposed on each product and representing a unique identifier (Uniformally Unique Identifier; abbreviated as uuid), and a reading device 100 and a cloud device 500 The electronic label 12 of the uuid disposed on each product 10 may be Bar Code, QR Code, RFID (Radio Frequency Identification), NFC (Near Field Communications), BLE (Bluetooth Low Energy), iBeacon, ZigBee or Zwave or a chip that simply records this uuid, the present invention does not limit other forms of uuid. The purpose of configuring uuid for each product 10 is to ensure that the uuid of a product 10 and the electronic volume label 12 is an absolute one-to-one correspondence for data tracking, recording, and analysis of the product 10 status.
另外,当本发明的物联网系统在进行产品防伪功能的实施例中,其客户端为一个或多个配置在销售据点上的读取装置100,其本身必须具备有直接或间接经过无线通信或网络通信的功能,因此具有能够与云端装置500透过无线通信或网络通信或连接的能力;例如:在本发明的读取装置100,本身即配置有无线模块(例如:WiFi)或有线网络模块等,能够以3G/4G/5G等通信方式与云端装置500连接或通信的系统;同时,读取装置100也具备如BLE、ZigBee或Zwave等能够桥接上云端装置500的无线/有线系统。In addition, when the Internet of Things system of the present invention is in the embodiment of performing the product anti-counterfeiting function, the client is one or more reading devices 100 disposed on the sales base, and the user must have direct or indirect wireless communication or The function of network communication, therefore, has the ability to communicate or connect with the cloud device 500 through wireless communication or network; for example, the reading device 100 of the present invention is itself configured with a wireless module (eg, WiFi) or a wired network module. For example, the system can be connected or communicated with the cloud device 500 by means of communication such as 3G/4G/5G. Meanwhile, the reading device 100 also has a wireless/wired system capable of bridging the cloud device 500 such as BLE, ZigBee or Zwave.
此外,配置在销售据点的读取装置100其本身必须具有时间与位置(包括经/纬度)的感知与记录能力;例如:在读取装置100上配置一个定位装置(Global Positioning System,GPS);当配置在销售据点的读取装置100在读取产品10上的uuid后,读取装置100会将其读取产品10的时间及其所在位置的经纬度等信息,一起传送至云端装置500,由云端装置500将每一个产品10的uuid及读取此一个产品10的时间及所在位置记录整理成记录后,即储存至云端装置500的记忆模块中,用以建立产品真伪辨识数据库。很明显的,在产品10与读取装置100之间必须建立其可通信的系统;例如下表:In addition, the reading device 100 disposed at the sales site itself must have the sensing and recording capability of time and position (including latitude/longitude); for example, a positioning device (Global Positioning System, GPS) is disposed on the reading device 100; After the reading device 100 disposed at the sales location reads the uuid on the product 10, the reading device 100 transmits the information such as the time at which the product 10 is read and the latitude and longitude of the location thereof to the cloud device 500. The cloud device 500 records the uuid of each product 10 and the time and location of reading the one product 10 into a record, and then stores it in the memory module of the cloud device 500 to establish a product authenticity identification database. It will be apparent that a communicable system must be established between the product 10 and the reading device 100; for example, the following table:
产品product 读取装置Reading device
Bar codeBar code Bar code readerBar code reader
QR codeQR code QR code readerQR code reader
RFIDRFID RFID readerRFID reader
NFCNFC NFC readerNFC reader
ZigbeeZigbee Zigbee ReceiverZigbee Receiver
ZwaveZwave Zwave ReceiverZwave Receiver
BLEBLE BLE ReceiverBLE Receiver
iBeaconiBeacon iBeacon ReceiveriBeacon Receiver
再者,在本发明配置在销售据点的读取装置100中,还需要具备有运算及储存的功能,例如:在本发明的一个实施例中,可以在读取装置100中配置处理器(CPU)或是内存模块等;使得读取装置100能够具有执行编辑批注的功能;例如:在读取装置100的内存中,已经取得由制造者预先储存在云端装置500的内存530中的产品10的生产履历数据库的路径,故当配置在销售据点的读取装置100读取了此产品10的uuid后,即会将读取装置100读取的时间及所在位置与编辑批注的生产流程内容等讯息封包汇集,以形成一个完整的产品10生产内容,此完整的产品10生产内容可以在云端装置500中并建立产品真伪辨识数据模块等;其中,建立生产履历数据模块的过程已经在前述图2的实施例中详述,在此不在赘述之。Furthermore, in the reading apparatus 100 of the present invention disposed in the sales base, it is also necessary to have a function of calculation and storage. For example, in one embodiment of the present invention, the processor (CPU) may be configured in the reading apparatus 100. Or a memory module or the like; enabling the reading device 100 to have a function of performing an editing annotation; for example, in the memory of the reading device 100, the product 10 previously stored in the memory 530 of the cloud device 500 by the manufacturer has been obtained. The path of the production history database is generated. Therefore, when the reading device 100 disposed at the sales site reads the uuid of the product 10, the time and location of the reading device 100 and the content of the production process of the editing annotation are read. The package is collected to form a complete product 10 production content, the complete product 10 production content can be in the cloud device 500 and the product authenticity identification data module is established; wherein the process of establishing the production history data module is already in the foregoing FIG. The details of the embodiments are not described herein.
特别要说明,本发明的读取装置100其读取产品10的uuid时间,一经无线通信方式传送至云端装置500并完成储存于内存模块530后,此时间讯息是被设定为不可更改的状态。In particular, the reading device 100 of the present invention reads the uuid time of the product 10, and after the wireless communication method is transmitted to the cloud device 500 and is stored in the memory module 530, the time message is set to be unchangeable. .
综合上述产品10与配置在销售据点的读取装置100的运作过程中,建立产品真伪辨识数据模块的过程,再以RFID为例说明如下:The process of establishing the product authenticity identification data module during the operation of the above-mentioned product 10 and the reading device 100 disposed at the sales base is as follows.
1.于每一个产品10上均配置一个RFID;1. One RFID is configured on each product 10;
2.配置在销售据点的读取装置100已经取得由制造者预先储存在云端装置500的内存530中的产品10的生产履历数据库的路径;2. The reading device 100 disposed at the sales site has acquired the path of the production history database of the product 10 stored in advance in the memory 530 of the cloud device 500 by the manufacturer;
3.由一个配置在销售据点的读取装置100来感应产品10上的RFID,其是由读取装置100发出电磁波来激发RFID,使得产品10上的RFID将本身的uuid传送至读取装置100;3. The RFID on the product 10 is sensed by a reading device 100 disposed at the point of sale, which is an electromagnetic wave emitted by the reading device 100 to activate the RFID such that the RFID on the product 10 transmits its own uuid to the reading device 100. ;
4.当配置在销售据点的读取装置100接收到产品10上的uuid后,即会将读 取装置100本身读取的时间及其所在位置等讯息封包并储存在内存模块中;4. When the reading device 100 configured at the sales site receives the uuid on the product 10, it will read Taking information such as the time read by the device 100 itself and its location is encapsulated and stored in the memory module;
5.配置在销售据点的读取装置100的处理器将预先取得的生产履历数据库的路径与时间及其所在位置等讯息封包汇集(attached)成一个未编码的完整产品生产内容;5. The processor of the reading device 100 disposed at the sales site aggregates the information of the path and time of the production history database acquired in advance and the location thereof into an unencoded complete product production content;
6.配置在销售据点的读取装置100中的处理器将这些完整产品生产内容进行编码后,以一个预先取得的代理伺服装置(MQTT)的URL或URI、账号及密码,将编码后的完整产品生产内容经代理伺服装置(MQTT)转传送到云端装置500;接着,6. The processor configured in the reading device 100 of the sales base encodes the complete product production content, and then completes the encoded complete with a pre-acquired proxy server (MQTT) URL or URI, account number and password. The product production content is transferred to the cloud device 500 via a proxy server (MQTT);
7.于云端装置500的内存模块中建立一个产品真伪辨识数据库;其中,在产品真伪辨识数据库内容中的生产履历数据可以从下列项目中选出,包括文字、图文件或影音档,其内容如图3A-图3C所示。7. Establishing a product authenticity identification database in the memory module of the cloud device 500; wherein the production history data in the product authenticity identification database content may be selected from the following items, including text, graphic files or video files, The content is shown in Figures 3A-3C.
要说明的是,在上述过程中,配置在销售据点的读取装置100是以网关(Gateway)身分与云端装置500通信,其通信的方式是以http混合代理伺服装置700(MQTT)的动态通信模式云端装置500连接;藉此方式,用以降低因云端装置500故障失效或被黑客攻击成功而产生系统失能的机会,因此可以确保达到通信安全、稳定、隐私及快速等目的。It should be noted that, in the above process, the reading device 100 disposed at the sales base communicates with the cloud device 500 as a gateway, and the communication method is dynamic communication of the http hybrid agent servo device 700 (MQTT). The mode cloud device 500 is connected; in this way, the opportunity for the system to be disabled due to the failure of the cloud device 500 or the success of the hacker attack is reduced, thereby ensuring communication security, stability, privacy, and speed.
接着,本发明的云端装置500可以区分为多种功能之平台系统,可平行处理物联网系统的用户数据输入及确认、产品的生产履历记录及查询以及产品防伪处理与产品仓储、销售及比价数据处理等。Next, the cloud device 500 of the present invention can be divided into a plurality of functional platform systems, which can parallelly process user data input and confirmation of the Internet of Things system, product history record and query, and product anti-counterfeiting processing and product warehousing, sales, and parity data. Processing and so on.
在本发明的云端装置500的第一实施例中,云端装置500在内存模块530中,已经建立所有客户端的uuid,在处理器接收到客户端(例如:以手机上的App程序透过无线通信或web由网络上传)请求并确认为本物联网中的客户端时,云端装置500会提供代理伺服装置700的URL或URI、账号及密码予至少一个物联网中的客户端装置并形成配对后,每一个客户端装置只能与配对的代理伺服装置700通信,并再由代理伺服装置700与云端装置500通信,以便将每一个客户端装置上的请求讯息传(至少包括身分辨识、产品真伪辨识,产品生产履历查询、产品位置查询或者是产品销售状况查询等)至云端装置中。 In the first embodiment of the cloud device 500 of the present invention, the cloud device 500 has established uuid of all clients in the memory module 530, and receives the client at the processor (for example, wireless communication through the App program on the mobile phone) When the web server is requested and confirmed as a client in the Internet of Things, the cloud device 500 provides the URL or URI of the proxy server 700, the account number and the password to at least one client device in the Internet of Things, and forms a pair. Each client device can only communicate with the paired proxy server 700, and then the proxy server 700 communicates with the cloud device 500 to transmit the request message on each client device (at least including identity identification, product authenticity). Identification, product production history inquiry, product location inquiry or product sales status inquiry, etc.) to the cloud device.
在本发明的云端装置500的第二实施例中,云端装置500于确认发出请求的客户端(例如:一个配置在产品制造厂的读取装置100以App程序透过无线通信或web由网络上传)为本物联网中的客户端后,由于读取装置100其本身具有时间与位置(包括经纬度)的感知与记录能力,故当读取装置100读取了此产品的uuid后,即会将读取装置100读取的时间及所在位置与编辑批注的生产履历路径的内容汇整,以形成一个完整的产品生产内容,此完整的产品生产内容可以做为之后的生产履历或是比对及验证产品生产程序的数据;之后,将这些产品生产内容编码后,送至代理伺服装置700(MQTT)后,再由代理伺服装置700(MQTT)直接转送至云端装置500。当云端装置500从代理伺服装置700(MQTT)收到,即将收到的产品生产内容译码后,储存至云端装置500的记忆模块530中。In the second embodiment of the cloud device 500 of the present invention, the cloud device 500 confirms the requesting client (for example, a reading device 100 configured at a product manufacturing factory uploads by the app through wireless communication or web through the network) After being the client in the Internet of Things, since the reading device 100 itself has the sensing and recording capability of time and location (including latitude and longitude), when the reading device 100 reads the uuid of the product, it will read The time and location of the reading device 100 are combined with the content of the production history path of the editing annotation to form a complete product production content, and the complete product production content can be used as a subsequent production history or comparison and verification. The data of the product production program is then encoded, and then sent to the proxy server 700 (MQTT), and then directly transferred to the cloud device 500 by the proxy server 700 (MQTT). When the cloud device 500 is received from the proxy server 700 (MQTT), the product production content to be received is decoded, and then stored in the memory module 530 of the cloud device 500.
在本发明的云端装置500第三实施例中,同样的,于云端装置500确认发出请求的客户端(例如:以App程序透过无线通信或web由网络上传)为本物联网中的客户端后,由处理器及内存模块530在云端装置500内建立各种数据模块,以供各种产品在从制造、运送、仓储、销售及库存的整个数据讯息,以作为大数据分析的基础,使得云端装置500可以提供决策者决策的数据。而这些建立在云端装置500内建立各种数据模块至少包括有:生产履历数据模块、产品真伪辨识数据模块、销售及比价数据模块及用户评比数据模块。In the third embodiment of the cloud device 500 of the present invention, similarly, after the cloud device 500 confirms that the requesting client (for example, uploading by the app through wireless communication or web through the network) is the client in the Internet of Things The processor and the memory module 530 establish various data modules in the cloud device 500 for the entire data information of various products from manufacturing, shipping, warehousing, sales and inventory to serve as a basis for big data analysis, so that the cloud Device 500 can provide data for decision maker decisions. The establishment of various data modules in the cloud device 500 includes at least: a production history data module, a product authenticity identification data module, a sales and parity data module, and a user evaluation data module.
根据前述,当本发明的读取装置100上的处理器将预先取得的产品生产履历路径与其读取时间及其所在位置等讯息封包汇集成一个完整产品生产内容后,即会将讯息经由代理伺服装置700(MQTT)传送至在云端装置500,并在云端装置500中建立一个以时间序列为主的产品真伪辨识数据模块;这些产品真伪辨识数据模块中的内容包括产品配送至卖场的时间及位置以及这些产品的生产履历数据等。之后,当云端装置500在接获客户端要求进行一个产品的真伪辨识时(例如:客户端将其所使用的手机上的App,在取得产品的uuid后,经由代理伺服装置上传至云端装置),云端装置500即会依据客户端所传送的时间及位置讯息与已建立在产品真伪辨识数据模块中的时序及位置做出产品真伪的评价,经由另一个代理伺服装置700’(MQTT)传送至客户 端并显示产品真伪的评价结果;此外,云端装置500也会将新的时间及位置建立在产品真伪辨识数据模块中,而且这些讯息是不允许修改。According to the foregoing, when the processor on the reading device 100 of the present invention aggregates the pre-acquired product production history path and the reading time and the location thereof into a complete product production content, the message is sent via the proxy servo. The device 700 (MQTT) is transmitted to the cloud device 500, and a time series-based product authenticity identification data module is established in the cloud device 500; the content in the product authenticity identification data module includes the time when the product is delivered to the store. And location and production history data of these products. After that, when the cloud device 500 requests the authenticity identification of a product by the client (for example, the client uses the app on the mobile phone used by the client to upload the uuid of the product to the cloud device via the proxy server device. The cloud device 500 will make an evaluation of the authenticity of the product according to the time and location information transmitted by the client and the timing and location established in the product authenticity identification data module, via another proxy server 700' (MQTT) ) to the customer The evaluation result of the authenticity of the product is displayed at the end; in addition, the cloud device 500 also establishes the new time and location in the product authenticity identification data module, and the information is not allowed to be modified.
接着,请参考图7,为本发明的第一种具有实时回复产品防伪功能的产品真伪辨识流程。如图7所示,根据上述,本发明的第一种具有实时回复产品防伪功能的产品真伪辨识流程为:Next, please refer to FIG. 7 , which is a first authenticity identification process of the product with real-time reply product anti-counterfeiting function. As shown in FIG. 7, according to the above, the first authenticity identification process of the product with the real-time reply product anti-counterfeiting function of the present invention is as follows:
1.由客户端的智能型手持装置100(在进行防伪功能的过程中,客户端是以智能型手持装置为例说明),在取得产品10的uuid后,向云端装置500发出编码后的查询封包(此封包包括:产品10的uuid、发出查询的时间及发出查询所在的位置等)的要求;当然,这些查询要求的封包是经过代理伺服装置700(MQTT)传送至在云端装置500中。1. The intelligent handheld device 100 of the client (in the process of performing the anti-counterfeiting function, the client is an intelligent handheld device as an example), after obtaining the uuid of the product 10, the encoded query packet is sent to the cloud device 500. (This packet includes: the uuid of the product 10, the time the query was issued, and the location where the query was issued, etc.); of course, the packets required by these queries are transmitted to the cloud device 500 via the proxy server 700 (MQTT).
2.当云端装置500收到编码后的查询封包并经过译码后,云端装置500会比对所要查询产品10的uuid是否已经建立在产品真伪辨识数据模块中。2. After the cloud device 500 receives the encoded query packet and decodes it, the cloud device 500 compares whether the uuid of the product 10 to be queried has been established in the product authenticity identification data module.
3.当确认所要查询产品10的uuid并未建立在产品真伪辨识数据模块中时,则云端装置500判断该产品10为伪品并给予一个伪品的判断分数,例如:90分;之后,由另一个代理伺服装置700’(MQTT)传送至客户端并在译码后显示产品真伪的评价结果。要说明的是,并未给予100分的原因,有可能是因为往复或通信传输过程的质量不佳而造成。3. When it is confirmed that the uuid of the product 10 to be queried is not established in the product authenticity identification data module, the cloud device 500 determines that the product 10 is a fake product and gives a judgment score of a fake product, for example: 90 points; It is transmitted to the client by another proxy server 700' (MQTT) and displays the evaluation result of the authenticity of the product after decoding. It should be noted that the reason for not giving 100 points may be due to the poor quality of the reciprocating or communication transmission process.
4.当确认所要查询产品10的uuid已经建立在产品真伪辨识数据模块中时,则云端装置500的处理器会比对要求查询产品真伪的时间所在的位置(即现在位置);云端装置500的处理器会比对产品10现在位置与已经建立在产品真伪辨识数据模块中的产品位置间是否存在合理关系(例如:空运在550公里/小时、陆运在100公里/小时、海运在60公里/小时)。例如:当查询一个产品10的uuid的时间所对应到的位置讯息与建立在产品真伪辨识数据模块中的产品位置相同或是在一定合理的误差范围内(例如:100~500公尺)时(其合理性由云端系统判定提供),则云端装置500的处理器会判断该产品为真品并给予一个真品的判断分数,例如:80分;之后,由另一个代理伺服装置700’(MQTT)传送至客户端的智能型手持装置100并在译码后显示产品真伪的评价结果。或是4. When it is confirmed that the uuid of the product 10 to be queried has been established in the product authenticity identification data module, the processor of the cloud device 500 compares the location (ie, the current location) of the time required to check the authenticity of the product; the cloud device The 500 processor will have a reasonable relationship between the current position of the product 10 and the product location already established in the product identification data module (eg air transport at 550 km / h, ground transport at 100 km / h, sea transport at 60) Km/h). For example, when the location information corresponding to the time when the uuid of a product 10 is queried is the same as the position of the product established in the product authenticity identification data module or within a certain reasonable error range (for example, 100 to 500 meters) (The rationality is provided by the cloud system.) The processor of the cloud device 500 determines that the product is genuine and gives a judgment score of a genuine product, for example: 80 points; after that, by another proxy server 700' (MQTT) The smart handheld device 100 is transmitted to the client and displays the evaluation result of the authenticity of the product after decoding. Or
5.当查询产品10的uuid的现在位置讯息与建立在产品真伪辨识数据模块 中的产品位置已超出误差范围外时,则云端装置500的处理器会进一步判断两者时间差以及两者的距离差是否存在合理关系;例如:当查询产品uuid的现在位置讯息与建立在产品真伪辨识数据模块中的产品位置超过误差范围1公里以上时(此合理性由云端系统判定提供),则云端装置500的处理器会判断该产品10为伪品并给予一个伪品的判断分数,例如:70分;之后,由另一个代理伺服装置700’(MQTT)传送至客户端的智能型手持装置100并在译码后显示产品真伪的评价结果。5. When querying the current location information of the uuid of the product 10 and establishing the authenticity identification data module of the product If the product location in the product is out of the error range, the processor of the cloud device 500 further determines whether there is a reasonable relationship between the time difference and the distance difference between the two; for example, when querying the current location information of the product uuid and establishing the product When the position of the product in the pseudo identification data module exceeds the error range by more than 1 km (this rationality is provided by the cloud system), the processor of the cloud device 500 determines that the product 10 is a fake and gives a judgment score of a fake product. For example: 70 points; after that, the other agent servo device 700' (MQTT) transmits to the smart handheld device 100 of the client and displays the evaluation result of the authenticity of the product after decoding.
6.而在一较佳实施例中,当云端装置500的处理器判断产品10位置超过误差范围1公里以上时(实际距离由系统依真实状况提供),可以选择向云端装置500查询该产品10是否发生过移动的记录;若发生过移动记录时,表示更换过产品10的储存位置,故当该产品10重新上架时,即会再产生一次时间序列即位置记录;则云端装置500的处理器会重新比对产品10现在位置与重新建立在产品真伪辨识数据模块中的产品10位置间是否存在合理关系。例如:当查询产品10的uuid的产品现在位置与重新建立在产品真伪辨识数据模块中的位置相同或是在一误差范围内(例如:100~500公尺)时,则云端装置500的处理器会判断该产品10为真品并给予一个真品的判断分数,例如:80分。若当查询产品10的uuid的产品现在位置与重新建立在产品真伪辨识数据模块中的位置已超出误差范围外(例如:1公里以上)时,则云端装置500的处理器会判断该产品为伪品并给予一个伪品的判断分数,例如:70分。之后,由另一个代理伺服装置700’(MQTT)将产品真伪的评价结果传送至客户端的智能型手持装置100译码及显示6. In a preferred embodiment, when the processor of the cloud device 500 determines that the position of the product 10 exceeds the error range by more than 1 km (the actual distance is provided by the system according to the real situation), the cloud device 500 may be selected to query the product 10 Whether a record of the movement has occurred; if the movement record has occurred, indicating that the storage position of the product 10 has been replaced, when the product 10 is re-stocked, a time series, that is, a position record, is generated again; then the processor of the cloud device 500 There is a reasonable relationship between the current position of the product 10 and the position of the product 10 re-established in the product identification data module. For example, when the current location of the uuid product of the query product 10 is the same as the position re-established in the product authenticity identification data module or within an error range (for example, 100 to 500 meters), the processing of the cloud device 500 is performed. The device will judge that the product 10 is genuine and give a judgment score of a genuine product, for example: 80 points. If the location of the uuid product of the query product 10 and the location re-established in the product authenticity identification data module are outside the error range (for example, more than 1 km), the processor of the cloud device 500 determines that the product is Counterfeit and give a judgment score for a fake, for example: 70 points. Thereafter, the authentication result of the authenticity of the product is transmitted to the smart handheld device 100 of the client by another proxy server 700' (MQTT) for decoding and display.
接着,请参考图8,为本发明的第二种具有实时回复产品防伪功能的产品真伪辨识流程。如第8图所示,其与第一种产品真伪辨识流程的差异在于,进一步判断在产品真伪辨识数据模块中时间序列上,是否已建立其他时间序列的记录,以便能更精确的判断产品10的真伪,其真伪辨识流程如下:Next, please refer to FIG. 8 , which is a second authenticity identification process of a product with real-time reply product anti-counterfeiting function according to the present invention. As shown in Fig. 8, the difference between the authenticity identification process and the first product is to further determine whether other time series records have been established in the time series of the product authenticity identification data module, so as to be more accurate. The authenticity of the product 10, the authenticity identification process is as follows:
1.由客户端的智能型手持装置100,在取得产品10的uuid后,向云端装置500发出编码后的查询封包(此封包包括:产品10的uuid、发出查询的时间及发出查询所在的位置等)的要求;当然,这些查询要求的封包是经过代理伺服 装置700(MQTT)传送至在云端装置500中。1. After the smart handheld device 100 of the client obtains the uuid of the product 10, the encoded query packet is sent to the cloud device 500 (this packet includes: the uuid of the product 10, the time when the query is issued, and the location where the query is issued, etc. Requirements; of course, the packets requested by these queries are through proxy servos. The device 700 (MQTT) is transmitted to the cloud device 500.
2.当云端装置500收到编码后的查询封包并经过译码后,云端装置500会比对所要查询产品10的uuid是否已经建立在产品真伪辨识数据模块中。2. After the cloud device 500 receives the encoded query packet and decodes it, the cloud device 500 compares whether the uuid of the product 10 to be queried has been established in the product authenticity identification data module.
3.当确认所要查询产品10的uuid并未建立在产品真伪辨识数据模块中时,则云端装置500判断该产品10为伪品并给予一个伪品的判断分数,例如:90分;之后,由另一个代理伺服装置700’(MQTT)传送至客户端的智能型手持装置100并在译码后显示产品真伪的评价结果。3. When it is confirmed that the uuid of the product 10 to be queried is not established in the product authenticity identification data module, the cloud device 500 determines that the product 10 is a fake product and gives a judgment score of a fake product, for example: 90 points; The smart handheld device 100 is transmitted to the client by another proxy server 700' (MQTT) and displays the evaluation result of the authenticity of the product after decoding.
4.当确认所要查询产品10的uuid已经建立在产品真伪辨识数据模块中时,接着,先查询产品真伪辨识数据模块中时间序列上,是否已建立其他的时间序列记录;若时间序列上并未有其他时间序列的记录时,则云端装置500的处理器会比对要求查询产品真伪的时间所在的位置(即现在位置)与已经建立在产品真伪辨识数据模块中的产品位置间是否存在合理关系。例如:当查询产品10的uuid的现在位置讯息与建立在产品真伪辨识数据模块中的产品位置相同或是在误差范围内(例如:100~500公尺)时,则云端装置500的处理器会判断该产品10为真品并给予一个真品的判断分数,例如:80分。而当查询产品10的uuid的现在位置讯息与建立在产品真伪辨识数据模块中的产品位置超过误差范围1公里以上时,则云端装置500的处理器会判断该产品10为伪品并给予一个伪品的判断分数,例如:70分。之后,由另一个代理伺服装置700’(MQTT)将产品真伪的评价结果传送至客户端的智能型手持装置100译码及显示。4. When it is confirmed that the uuid of the product 10 to be queried has been established in the product authenticity identification data module, then first query the time sequence of the product authenticity identification data module to determine whether other time series records have been established; When there is no other time series record, the processor of the cloud device 500 compares the location (ie, the current location) of the time required to query the authenticity of the product with the product location that has been established in the product identification data module. Is there a reasonable relationship? For example, when the current location information of the uuid of the query product 10 is the same as the product location established in the product authenticity identification data module or within an error range (for example, 100 to 500 meters), the processor of the cloud device 500 It will judge that the product 10 is genuine and give a judgment score of a genuine product, for example: 80 points. When the current location information of the uuid of the query product 10 and the product location established in the product authenticity identification data module exceed the error range by more than 1 km, the processor of the cloud device 500 determines that the product 10 is a fake and gives a The judgment score of the fake product, for example: 70 points. Thereafter, the evaluation result of the authenticity of the product is transmitted to the smart handheld device 100 of the client by another proxy server 700' (MQTT) for decoding and display.
5.若当时间序列上已经有其他时间序列的记录时(例如:已经有其他用户要求查询过本产品的真伪,由于时间序列一经记录就不可修改,故可以做为只要有用户查询过,产品10的时间序列上一定会有记录),则云端装置500的处理器会比对现在位置与已经建立在产品真伪辨识数据模块中的产品位置间是否存在合理关系。当云端装置500的处理器比对现在位置与已经建立在产品真伪辨识数据模块中的产品位置间不存在合理关系时,例如:当查询产品10的uuid的现在位置讯息与建立在产品真伪辨识数据模块中的其他产品位置超过误差范围1公里以上时,则云端装置500的处理器会判断该产品10为伪品并给予一个伪品的判断分数,例如:80分;此表示,同一个产品10在不同的时间序列上出现在不同的位置上,故伪品的的机率较高。之后,由另一个代理伺 服装置700’(MQTT)将产品真伪的评价结果传送至客户端的智能型手持装置100译码及显示。5. If there are other time series records in the time series (for example, there are already other users requesting the authenticity of the product, since the time series can not be modified once recorded, it can be used as long as the user has queried, The time series of the product 10 must be recorded.) The processor of the cloud device 500 compares the current location with the location of the product that has been established in the product identification data module. When the processor of the cloud device 500 does not have a reasonable relationship between the current location and the product location that has been established in the product authenticity identification data module, for example, when querying the current location information of the uuid of the product 10 and establishing the authenticity of the product When the location of the other product in the identification data module exceeds the error range by more than 1 km, the processor of the cloud device 500 determines that the product 10 is a fake and gives a judgment score of a fake, for example: 80 points; this means that the same Product 10 appears in different locations on different time series, so the probability of counterfeiting is higher. After that, by another agent The service device 700' (MQTT) transmits the evaluation result of the authenticity of the product to the smart handheld device 100 of the client for decoding and display.
6.若当云端装置500的处理器会比对现在位置与已经建立在产品真伪辨识数据模块中的产品位置间存在合理关系。当查询产品10的uuid的现在位置讯息与建立在产品真伪辨识数据模块中的其他产品位置相同或是在一定合理误差范围内(合理与否由系统依产品种类,历史位移模式,座落厂区条件等等因素计算而得,以距离为判断产品真伪相关的主要因素例如:100~500公尺)时,则云端装置500的处理器会查询这些已经建立在产品真伪辨识数据模块中的产品位置的真伪评价记录,用以做出产品真伪判断,例如:当真伪评价记录该产品10为真品时,则给予一个真品的判断分数;而当真伪评价记录该产品10为伪品时,则给予一个伪品的判断分数。之后,由另一个代理伺服装置700’(MQTT)将产品10真伪的评价结果传送至客户端的智能型手持装置100译码及显示。6. If the processor of the cloud device 500 has a reasonable relationship between the current location and the location of the product already established in the product authenticity identification data module. When the current location information of the uuid of the query product 10 is the same as the other product location established in the product authenticity identification data module or within a certain reasonable error range (reasonable or not by the system according to the product type, historical displacement mode, the location of the plant The condition and the like are calculated, and when the distance is the main factor related to determining the authenticity of the product, for example, 100 to 500 meters, the processor of the cloud device 500 queries the modules that have been established in the product authenticity identification data module. The authenticity evaluation record of the product location is used to make the authenticity judgment of the product, for example, when the authenticity evaluation records that the product 10 is genuine, the judgment score of a genuine product is given; and when the authenticity evaluation records the product 10 as a pseudo At the time of the product, a judgment score of a fake is given. Thereafter, the authentication result of the authenticity of the product 10 is transmitted to the smart handheld device 100 of the client for decoding and display by another proxy server 700' (MQTT).
7.而在一较佳实施例中,如图9所示,当云端装置500的处理器判断产品位置超过误差范围1公里以上时,可以选择向云端装置500查询该产品10是否发生过移动的记录;若发生过移动记录时,表示更换过产品10的储存位置,故当该产品10重新上架时,即会再产生一次时间序列即位置记录;则云端装置500的处理器会重新比对产品10现在位置与重新建立在产品真伪辨识数据模块中的产品位置间是否存在合理关系。例如:当查询产品10的uuid的产品10现在位置与重新建立在产品真伪辨识数据模块中的位置相同或是在一定合理误差范围内(合理与否由系统依产品种类,历史位移模式,或者是座落厂区条件等等因素计算而得,以距离为判断产品真伪相关之主因素例如:100~500公尺)时,则云端装置500的处理器会判断该产品10为真品并给予一个真品的判断分数,例如:80分。若当查询产品10的uuid的产品现在位置与重新建立在产品真伪辨识数据模块中的位置已超出误差范围外(例如:1公里以上)时,则云端装置500的处理器会判断该产品10为伪品并给予一个伪品的判断分数,例如:70分。7. In a preferred embodiment, as shown in FIG. 9, when the processor of the cloud device 500 determines that the product location exceeds the error range by more than 1 km, the cloud device 500 may be selected to query whether the product 10 has moved. Recording; if a mobile recording has occurred, indicating that the storage location of the product 10 has been replaced, when the product 10 is re-stocked, a time series, that is, a position record, is generated again; then the processor of the cloud device 500 re-aligns the product. 10 Is there a reasonable relationship between the current position and the product location re-established in the product identification data module? For example, when the product 10 of the uuid of the query product 10 is located at the same position as the re-establishment in the product authenticity identification data module or within a certain reasonable error range (reasonable or not by the system depending on the product type, historical displacement mode, or It is calculated by factors such as the location of the factory, and when the distance is the main factor for judging the authenticity of the product, for example, 100 to 500 meters, the processor of the cloud device 500 determines that the product 10 is genuine and gives a The judgment score of the authenticity, for example: 80 points. If the location of the uuid product of the query product 10 and the location re-established in the product authenticity identification data module have exceeded the error range (for example, more than 1 km), the processor of the cloud device 500 determines the product 10 It is a fake and gives a judgment score of a fake, for example: 70 points.
根据上述说明,本发明的具有实时回复产品防伪功能的辨识流程,已经 可以根据客户端100所传送的产品10的电子卷标(Tag)12讯息,实时回复产品真伪的分数;其中,分数愈高,代表本发明的物联网系统对产品真伪的判断的可信度愈高;例如:当确认所要查询产品10的uuid并未建立在产品真伪辨识数据模块中时,则代表该产品10的uuid根本不存在,云端装置500判断该产品10一定为伪品(伪品的判断分数:90分),但并未给予100%的原因是有可能是讯息传递过程中的讯号不良或译码错误等因素所造成;若用户对所收到的判断结果有疑虑时,可以选择在进行一次查询,若同一个产品10的uuid的查询结果仍然是未建立在产品真伪辨识数据模块中时,此时,云端装置500的处理器会更确认的判断该产品10为伪品,并重新给予一个伪品的判断分数,例如:95分。若当确认所要查询产品10的uuid已建立在产品真伪辨识数据模块中时,但在客户端所传送的产品电子卷标(Tag)讯息的时间序列中,其客户端所在的现在位置与产品真伪辨识数据模块中的位置不相同时,由于一个产品只能存在一个地方,故云端装置500的处理器会更确认的判断该产品10为伪品,并给予一个伪品的判断分数,例如:80分。其他不同的判断原则及判断分数可以根据物联网系统设计者而改变,本发明对于判断分数的高低,并不加以限制,其目的是可以实时回复客户端的查询,并即刻给予一个判断结果,作为客户端是否购买10参考。According to the above description, the identification process of the anti-counterfeiting function of the real-time reply product of the present invention has been According to the electronic tag (Tag) 12 message of the product 10 transmitted by the client 100, the score of the authenticity of the product can be replied in real time; wherein the higher the score, the credibility of the judgment of the authenticity of the product by the Internet of Things system of the present invention. The higher the degree is; for example, when it is confirmed that the uuid of the product 10 to be queried is not established in the product authenticity identification data module, the uuid representing the product 10 does not exist at all, and the cloud device 500 determines that the product 10 must be a fake ( The judgment score of the fake product: 90 points), but the reason for not giving 100% is that it may be caused by factors such as poor signal transmission or decoding error during the message transmission; if the user has doubts about the judgment result received If the query result of the uuid of the same product 10 is still not established in the product authenticity identification data module, the processor of the cloud device 500 will further confirm that the product 10 is Counterfeit, and re-submit a judgment score of a fake, for example: 95 points. If it is confirmed that the uuid of the product 10 to be queried is already established in the product authenticity identification data module, but in the time series of the electronic tag (Tag) message transmitted by the client, the current location and product of the client are located. When the location in the authenticity identification data module is different, since the product can only exist in one place, the processor of the cloud device 500 further confirms that the product 10 is a fake and gives a judgment score of the fake product, for example, :80 points. Other different judgment principles and judgment scores may be changed according to the designer of the Internet of Things system. The present invention does not limit the level of judgment scores, and the purpose is to respond to the client's query in real time and immediately give a judgment result as a client. Whether to buy 10 references.
接着,若产品的销售商愿意使用信赖度或安全等级较高的电子卷标(Tag)作为产品10的uuid时,当然,物联网系统可以在辨识出不同安全等级的电子卷标给予加分或减分的判断结果;例如:当物联网系统辨识出产品的电子卷标(Tag)为RFID或是NFC时,其根据前述实施例所获得的判断结果均加上5分;例如:当物联网系统辨识出产品的电子卷标(Tag)为Bar Code或是QR Code时,其根据前述实施例所获得的判断结果均减上5分;以上仅为本发明的实施例,对于其他不同的电子卷标(Tag)给予多少的加分或减分,并不加以限制。Then, if the seller of the product is willing to use the electronic tag (Tag) with higher reliability or security level as the uuid of the product 10, of course, the IoT system can give extra points or electronic tags that recognize different security levels. The result of the judgment of the subtraction; for example, when the Internet of Things system recognizes that the electronic tag of the product is RFID or NFC, the judgment result obtained according to the foregoing embodiment is added 5 points; for example: when the Internet of Things When the system recognizes that the electronic tag of the product is Bar Code or QR Code, the judgment result obtained according to the foregoing embodiment is reduced by 5 points; the above is only the embodiment of the present invention, and for other different electronic The number of points added or subtracted by the tag is not limited.
再接着,当客户端在确认物联网系统辨识出产品10为真品的评价后,可以进一步查询所想买的真品生产履历,即再次发出请求查询需求,例如:要求进一步查询真品的编辑批注的产品生产流程(即生产履历);此过程同样是经 由客户端的智能型装置100发出查询要求,此要求经过代理伺服装置700(MQTT)传送至云端装置500,云端装置500再将储存在生产履历数据模块中的真品生产履历编码后,透过另一个代理伺服装置700’(MQTT)传送回客户端,再经客户端译码后,用户即可透过智能型装置100上的显示器看到所想购买的真品的生产履历资料,其内容至少包括图3A-图3C;此外,例如:经由生产履历数据知道此一真品的制造国家或地区,使用的物料等;若此真品为一种高价的商品,也可以透过生产履历数据知道产品的设计者或设计公司等;这些讯息都可以通过本物联网的系统,让客户端与销售端得到产品信息上的共享,除可以有效的打击仿品或伪品贩卖的机率,增加品牌厂商或原厂销售的获利。Then, after confirming that the Internet of Things system recognizes that the product 10 is a genuine product, the client can further query the product production history that is desired to be purchased, that is, request the query again, for example, a product that requires further inquiry of the authenticity of the product. Production process (ie production history); this process is also The request is sent by the smart device 100 of the client, and the request is transmitted to the cloud device 500 via the proxy server 700 (MQTT). The cloud device 500 encodes the product production history stored in the production history data module and transmits the code through another The proxy server 700' (MQTT) is transmitted back to the client, and after being decoded by the client, the user can see the production history data of the genuine product to be purchased through the display on the smart device 100, and the content includes at least the figure. 3A - Fig. 3C; in addition, for example, knowing the country or region of manufacture of the genuine product, the materials used, etc. through the production history data; if the authentic product is a high-priced product, the designer of the product can also be known through the production history data. Or design company, etc.; these messages can be shared by the client and the sales side through the IoT system, in addition to effectively combating the chances of copying or counterfeiting, increasing the brand or original sales. Profit.
由于本发明的物联网系统可以经由可户的对产品真伪的查询过程中,云端装置500可以有效地得知被查询产品10的位置;因此,当客户端所要查询的产品10经由物联网系统辨识出产品10为伪品的评价后,即可以通过本发明的本物联网的系统知道此伪品所在的位置,例如:可以知道伪品的坐标,或是知道此伪品在哪些区域出现最多,故可以实时的找出贩卖伪品的位置,让即制止伪品的贩卖,同样地,除可以有效的打击仿品或伪品贩卖的机率,增加品牌厂商或原厂销售的获利。Since the Internet of Things system of the present invention can be in the process of querying the authenticity of the product, the cloud device 500 can effectively know the location of the queried product 10; therefore, when the product 10 to be queried by the client passes through the Internet of Things system After identifying that the product 10 is a fake product, the location of the fake product can be known by the Internet of Things system of the present invention, for example, the coordinates of the fake product can be known, or the area in which the fake product appears is the most. Therefore, it is possible to find out the location of selling counterfeit goods in real time, so as to stop the sale of counterfeit goods. Similarly, in addition to effectively attacking the probability of counterfeit goods or counterfeit goods, the profit of brand manufacturers or original manufacturers can be increased.
以上所述仅为本发明之较佳实施例,并非用以限定本发明之权利范围;同时以上的描述,对于相关技术领域之专门人士应可明了及实施,因此其他未脱离本发明所揭示之精神下所完成的等效改变或修饰,均应包含在申请专利范围中。 The above description is only the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. The above description should be understood and implemented by those skilled in the relevant art, so that the other embodiments are not disclosed. Equivalent changes or modifications made under the spirit shall be included in the scope of the patent application.

Claims (10)

  1. 一种具有产品真伪辨识数据模块的物联网系统,其特征在于:An Internet of Things system with a product authenticity identification data module, characterized in that:
    产品,所述产品上配置一个产品标识符;a product on which a product identifier is configured;
    读取装置,为具有无线通信功能的装置,且具有特定用户标识符及坐标定位装置,用以读取所述产品的产品标识符;a reading device, which is a device having a wireless communication function, and having a specific user identifier and coordinate positioning device for reading a product identifier of the product;
    云端装置,具有与所述读取装置通信之功能,藉由所述特定用户标识符确认所述读取装置为该物联网中的装置;以及a cloud device having a function of communicating with the reading device, wherein the reading device is confirmed to be a device in the Internet of Things by the specific user identifier;
    代理伺服装置,具有URL或URI及密码,并能与所述读取装置及所述云端装置通信,用以将所述读取装置所读取的所述产品的标识符、读取时间及读取位置直接传送至所述云端装置;a proxy server having a URL or a URI and a password, and capable of communicating with the reading device and the cloud device for using the identifier, reading time, and reading of the product read by the reading device The location is directly transmitted to the cloud device;
    其中,于确认所述读取装置的所述特定用户标识符为所述物联网中的读取装置后,所述读取装置将所读取的所述产品标识符、所述读取时间及所述读取位置讯息,只能经由该URL或URI及所述密码与所述代理伺服装置通信,再由所述代理伺服装置与所述云端装置通信,并于所述云端装置中,根据所述产品标识符建立以所述读取时间对应所述读取位置关系的产品真伪辨识数据模块。After the confirmation that the specific user identifier of the reading device is the reading device in the Internet of Things, the reading device reads the product identifier, the reading time, and The read location message can only communicate with the proxy server via the URL or URI and the password, and then the proxy server communicates with the cloud device, and in the cloud device, according to the location The product identifier establishes a product authenticity identification data module in which the read time corresponds to the read position relationship.
  2. 如权利要求1所述的物联网系统,其特征在于,所述产品的标识符可以由下列组合中选出,包括:Bar Code、QR Code、RFID(Radio Frequency Identification)、NFC(Near Field Communications)、BLE(Bluetooth Low Energy)、iBeacon、ZigBee、Zwave及单纯记载此uuid的芯片。The Internet of Things system according to claim 1, wherein the identifier of the product is selected from the group consisting of: Bar Code, QR Code, RFID (Radio Frequency Identification), and NFC (Near Field Communications). BLE (Bluetooth Low Energy), iBeacon, ZigBee, Zwave, and a chip that simply records this uuid.
  3. 如权利要求1所述的物联网系统,其特征在于,所述代理伺服装置为MQTT(Message Queuing Telemetry Transport)通信标准传送数据。The Internet of Things system according to claim 1, wherein said proxy server transmits data for a MQTT (Message Queuing Telemetry Transport) communication standard.
  4. 如权利要求1所述的物联网系统,其特征在于,所坐标定位装置为GPS。The Internet of Things system of claim 1 wherein the coordinate positioning device is a GPS.
  5. 如权利要求1所述的物联网系统,其特征在于,所述读取装置式配置在销售据点。The Internet of Things system according to claim 1, wherein said reading device is disposed at a sales base.
  6. 一种具有产品真伪辨识数据模块的物联网系统,其特征在于:An Internet of Things system with a product authenticity identification data module, characterized in that:
    产品,其上配置一个产品标识符;a product on which a product identifier is configured;
    云端装置,为具有无线通信功能的装置并已建立及储存所述产品的生产 履历数据模块;Cloud device, which is a device with wireless communication function and has established and stored the production of the product Resume data module;
    读取装置,为具有无线通信功能的装置,具有特定用户标识符及坐标定位装置,用以读取所述产品的产品标识符并与所述云端装置通信,同时,已取得储存在所述云端装置中的产品生产履历数据模块的路径;以及a reading device, which is a device having a wireless communication function, having a specific user identifier and a coordinate positioning device for reading a product identifier of the product and communicating with the cloud device, and having acquired the storage in the cloud The path of the product production history data module in the device;
    代理伺服装置,具有URL或URI及密码,并能与所述读取装置及所述云端装置通信,用以将所述读取装置所读取的所产品标识符、读取时间、读取位置及所述产品生产履历数据模块的路径直接传送至所述云端装置;a proxy server having a URL or a URI and a password, and capable of communicating with the reading device and the cloud device for reading the product identifier, reading time, and reading position read by the reading device And the path of the product production history data module is directly transmitted to the cloud device;
    其中,于确认所读取装置的所述特定用户标识符为所述物联网中的读取装置后,所述读取装置将所读取的所述产品标识符、所述读取时间、所述读取位置及所述产品生产履历数据模块的路径讯息,只能经由所述URL或URI及所述密码与所述代理伺服装置通信,再由所述代理伺服装置与所述云端装置通信,并于所述云端装置中,根据所述产品标识符建立以所述读取时间对应所述读取位置及加载所述产品生产履历数据关系的产品真伪辨识数据模块。After the confirmation that the specific user identifier of the read device is the reading device in the Internet of Things, the reading device reads the product identifier, the reading time, and the The path information of the read location and the product production history data module can only communicate with the proxy server via the URL or URI and the password, and then the proxy server communicates with the cloud device. And in the cloud device, a product authenticity identification data module corresponding to the read position and the product production history data relationship is established according to the product identifier.
  7. 如权利要求6所述的物联网系统,其特征在于,所述产品的标识符可以由下列组合中选出,包括:Bar Code、QR Code、RFID(Radio Frequency Identification)、NFC(Near Field Communications)、BLE(Bluetooth Low Energy)、iBeacon、ZigBee、Zwave及单纯记载此uuid的芯片。The Internet of Things system according to claim 6, wherein the identifier of the product is selected from the group consisting of: Bar Code, QR Code, RFID (Radio Frequency Identification), and NFC (Near Field Communications). BLE (Bluetooth Low Energy), iBeacon, ZigBee, Zwave, and a chip that simply records this uuid.
  8. 如权利要求6所述的物联网系统,其特征在于,所述代理伺服装置为MQTT(Message Queuing Telemetry Transport)通信标准传送数据。The Internet of Things system according to claim 6, wherein said proxy server transmits data in accordance with a MQTT (Message Queuing Telemetry Transport) communication standard.
  9. 如权利要求6所述的物联网系统,其特征在于,所述坐标定位装置为种GPS。The Internet of Things system of claim 6 wherein said coordinate positioning device is a GPS.
  10. 如权利要求6所述的物联网系统,其特征在于,所述读取装置式配置在销售据点。 The Internet of Things system according to claim 6, wherein said reading means is disposed at a sales base.
PCT/CN2016/082664 2015-06-05 2016-05-19 System for establishing product authenticity identification data module by using internet of things WO2016192537A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201510308451.6 2015-06-05
CN201510308451.6A CN106296063A (en) 2015-06-05 2015-06-05 The product stream management system of Internet of Things
CN201510536928.6A CN106487753B (en) 2015-08-27 2015-08-27 The production record management system of Internet of Things
CN201510536928.6 2015-08-27

Publications (1)

Publication Number Publication Date
WO2016192537A1 true WO2016192537A1 (en) 2016-12-08

Family

ID=57440231

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/082664 WO2016192537A1 (en) 2015-06-05 2016-05-19 System for establishing product authenticity identification data module by using internet of things

Country Status (1)

Country Link
WO (1) WO2016192537A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI617989B (en) * 2017-04-21 2018-03-11 南亞塑膠工業股份有限公司 Anti-fake analyzing method
CN108694306A (en) * 2017-03-29 2018-10-23 三星电子株式会社 The method of management and the external internet of things equipment of control and its electronic equipment of support
CN114978683A (en) * 2022-05-20 2022-08-30 深圳市艾迪思特信息技术有限公司 Reverse proxy system based on MQTT protocol

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140266613A1 (en) * 2013-03-13 2014-09-18 Mark Sehmer Radio frequency identification system
CN203966190U (en) * 2014-06-27 2014-11-26 西安塞班科技有限公司 A kind of product based on Internet of things system false proof cloud system of tracing to the source
CN104376486A (en) * 2013-08-15 2015-02-25 李瑞金 Operation method of two-dimension bar code chip system
CN105007303A (en) * 2015-06-05 2015-10-28 冠研(上海)企业管理咨询有限公司 Internet-of-Things connection method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140266613A1 (en) * 2013-03-13 2014-09-18 Mark Sehmer Radio frequency identification system
CN104376486A (en) * 2013-08-15 2015-02-25 李瑞金 Operation method of two-dimension bar code chip system
CN203966190U (en) * 2014-06-27 2014-11-26 西安塞班科技有限公司 A kind of product based on Internet of things system false proof cloud system of tracing to the source
CN105007303A (en) * 2015-06-05 2015-10-28 冠研(上海)企业管理咨询有限公司 Internet-of-Things connection method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108694306A (en) * 2017-03-29 2018-10-23 三星电子株式会社 The method of management and the external internet of things equipment of control and its electronic equipment of support
CN108694306B (en) * 2017-03-29 2024-03-15 三星电子株式会社 Method for managing and controlling external internet of things equipment and electronic equipment supporting same
TWI617989B (en) * 2017-04-21 2018-03-11 南亞塑膠工業股份有限公司 Anti-fake analyzing method
CN108734476A (en) * 2017-04-21 2018-11-02 南亚塑胶工业股份有限公司 Anti-counterfeiting identification analysis method
CN114978683A (en) * 2022-05-20 2022-08-30 深圳市艾迪思特信息技术有限公司 Reverse proxy system based on MQTT protocol
CN114978683B (en) * 2022-05-20 2023-03-31 深圳市艾迪思特信息技术有限公司 Reverse proxy system based on MQTT protocol

Similar Documents

Publication Publication Date Title
US11113699B2 (en) Open registry for identity of things
US11741417B2 (en) Delivery confirmation using a wireless beacon
US10019530B2 (en) ID tag authentication system and method
US20170345019A1 (en) Open registry for internet of things
US10693680B2 (en) Methods and apparatuses for enabling secure communication between mobile devices and a network
US20060167811A1 (en) Product locker for multi-merchant purchasing environment for downloadable products
US20060167819A1 (en) Payment information security for multi-merchant purchasing environment for downloadable products
WO2015074547A1 (en) Method for authenticating webpage content and browser
CN105007303B (en) Internet of Things connection method
US20090171847A2 (en) Multi-merchant purchasing environment for downloadable products
WO2020005418A1 (en) Secure shipment receive apparatus with delegation-chain
US20200067709A1 (en) Methods, apparatuses, and computer program products for frictionlesscustody chain management
WO2016192535A1 (en) Product logistics management system for internet-of-things
US11706017B2 (en) Integration of blockchain-enabled readers with blockchain network using machine-to-machine communication protocol
US20180375815A1 (en) Send2Mobile Cloud Plus
WO2016192537A1 (en) System for establishing product authenticity identification data module by using internet of things
TWM522426U (en) Products management system for internet of things
US10735304B2 (en) System and method for remote management of sale transaction data
KR100927591B1 (en) Electronic history management system of goods and its method
CN106254400B (en) Internet of things connection framework
CN106487753B (en) The production record management system of Internet of Things
US20170222980A1 (en) Beacon Cloud Reputation Service
TWM526243U (en) Things build products using the history of architecture
CN106487838B (en) System for establishing product production record by using Internet of things
TW202023226A (en) Carbon rights management method using blockchain implemented by a database server and a blockchain system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16802460

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29.03.2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16802460

Country of ref document: EP

Kind code of ref document: A1