WO2018018859A1 - Device access method and apparatus - Google Patents

Device access method and apparatus Download PDF

Info

Publication number
WO2018018859A1
WO2018018859A1 PCT/CN2017/071575 CN2017071575W WO2018018859A1 WO 2018018859 A1 WO2018018859 A1 WO 2018018859A1 CN 2017071575 W CN2017071575 W CN 2017071575W WO 2018018859 A1 WO2018018859 A1 WO 2018018859A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
authorization
migration
information
allowed
Prior art date
Application number
PCT/CN2017/071575
Other languages
French (fr)
Chinese (zh)
Inventor
李聪
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018018859A1 publication Critical patent/WO2018018859A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the embodiments of the present invention relate to the field of wireless communications technologies, and in particular, to a device access method and apparatus.
  • the technical problem solved by the solution provided by the embodiment of the present invention is that authentication is required when accessing between smart devices, and thus there is an insecure factor.
  • the first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are allowed to migrate the device;
  • the first terminal migrates the device information and the license information to the second terminal, so that the second terminal saves the device information and the license information of the first terminal.
  • the third terminal After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
  • an authorization migration table is separately set in the first terminal and the second terminal; wherein the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
  • the authorization migration attribute information includes allowing migration, limiting migration, and prohibiting migration.
  • the first terminal and the second terminal determine, according to the authorization migration attribute information of the other end, whether the two parties are allowed to migrate the device, including:
  • authorization migration attribute information of the first terminal and the second terminal is allowed to be migrated, it is determined that both parties are allowed to migrate the device;
  • the comparison is performed with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate. Otherwise, the migration is not allowed. device;
  • the authorization migration attribute information of the first terminal and the second terminal is forbidden to be migrated, it is determined that both parties are not allowed to migrate the device.
  • the first terminal migrating the device information and the license information to the slave interconnect device includes:
  • the first terminal migrates the device information, the authorization migration attribute information, and the license information included in the authorization migration table to the authorization migration table of the second terminal, and simultaneously
  • the second terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table to the authorization migration table of the first terminal.
  • the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal, including :
  • the second terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table and the first terminal to the third In the terminal, the third terminal accesses the first terminal.
  • the acquiring module is configured to obtain the authorization migration attribute information of the other party after the first terminal and the second terminal are interconnected in the same local area network;
  • the determining module is configured to: the first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are allowed to migrate the device;
  • a migration module configured to: when determining that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sends the device information of the first terminal and The license information is saved, and after the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires the device information and the license information of the first terminal saved by the second terminal, so as to access the first terminal.
  • an authorization migration table is separately set in the first terminal and the second terminal; wherein the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
  • the authorization migration attribute information includes allowing migration, limiting migration, and prohibiting migration.
  • the determining module includes:
  • the determining unit is configured to: when the authorization migration attribute information of the first terminal and the second terminal is allowed to be migrated, determine that both the devices are allowed to migrate, and when the authorization migration attribute information of the first terminal and the second terminal is a limited migration, If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, the device is not allowed to be migrated, and the authorization migration attribute information of the first terminal and the second terminal is forbidden to be migrated. , it is judged that both parties are not allowed to migrate devices.
  • a storage medium is also provided.
  • the storage medium is set as program code for storing a method for performing the above device access.
  • the migration and handover of the authorization attribute between the interconnection devices are implemented, so that the licensed device can automatically obtain the device information and the authorization authority, and realize automatic access without authentication, thereby improving the user.
  • the licensed device can automatically obtain the device information and the authorization authority, and realize automatic access without authentication, thereby improving the user.
  • the security problems caused by the arbitrary access of all interconnected devices realizes the intelligent and security considerations, and improves the user experience.
  • FIG. 1 is a flowchart of a method for accessing a device according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of an apparatus for accessing a device according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a device access method according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of functional modules of an interconnection device according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of authorization migration of an interconnection device according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for accessing a device according to an embodiment of the present invention. As shown in FIG. 1 , the method includes:
  • Step S101 After the first terminal and the second terminal in the same local area network are interconnected, obtain the authorization attribute information of the other party respectively.
  • Step S102 The first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are all allowed to migrate the device;
  • Step S103 When it is determined that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sets the device information and the license of the first terminal. Information is saved;
  • Step S104 After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
  • the authorization migration table is respectively configured in the first terminal and the second terminal, where the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
  • the authorization migration attribute information includes permission migration, limited migration, and prohibition of migration.
  • the first terminal and the second terminal determine, by the first terminal and the second terminal, whether the two parties are allowed to migrate the device according to the authorization attribute information of the other party: if the authorization migration attribute information of the first terminal and the second terminal is allowed to migrate, In order to allow the device to be migrated, if the authorization migration attribute information of the first terminal and the second terminal is a limited migration, the comparison is performed with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, If the migration of the first terminal and the second terminal is prohibited, the device is not allowed to migrate.
  • the first terminal migrating the device information and the license information to the slave interconnect device includes: determining that both the first terminal and the second terminal are When the device is allowed to migrate, the first terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table to the authorization migration table of the second terminal, and the second terminal encrypts the information contained in the migration table.
  • the device information, the authorization migration attribute information, and the license information are migrated to the authorization migration table of the first terminal.
  • the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so that accessing the first terminal includes: when the third terminal and the second terminal are connected to each other in the same local area network. After the third terminal and the second terminal located in the same local area network are interconnected, the second The terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table and the first terminal to the third terminal, so that the third terminal accesses the first terminal.
  • the method includes: an obtaining module 201, configured to be interconnected after the first terminal and the second terminal in the same local area network are interconnected, respectively.
  • the other party authorizes the migration attribute information;
  • the determining module 202 is configured to: the first terminal and the second terminal determine, according to the authorization migration attribute information of the other party, whether the two parties are all allowed to migrate the device; and
  • the migration module 203 is configured to determine the first terminal and the second terminal.
  • the first terminal migrates the device information and the license information to the second terminal, so that the second terminal saves the device information and the license information of the first terminal, and is set in the same local area network.
  • the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
  • the authorization migration table is respectively configured in the first terminal and the second terminal, where the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
  • the authorization migration attribute information includes permission migration, limited migration, and prohibition of migration.
  • the determining module 202 includes: a determining unit, configured to: when the authorization migration attribute information of the first terminal and the second terminal is allowed to migrate, determine that both parties are allowed to migrate the device, when the first terminal and the second terminal are authorized If the migration attribute information is a limited migration, it is compared with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, the device is not allowed to migrate, and the first terminal and the second device are not allowed. If the authorization migration attribute information of the terminal is forbidden to be migrated, it is determined that both parties are not allowed to migrate the device.
  • FIG. 3 is a flowchart of a method for accessing a device according to an embodiment of the present invention. As shown in FIG. 3, the method includes:
  • Step S301 interconnecting a group of interconnected devices
  • the interconnection device includes, but is not limited to, a computer, a tablet, a smart terminal, a wearable device, a sensor having a transmission function, a router, and the like.
  • Step S302 For each device that is set to be interconnected, the authorized migration attribute value of the device may be set and obtained;
  • the authorization migration attributes include, but are not limited to, not allowing migration, limiting migration, allowing migration, and the like.
  • the set authorization migration attribute value is a default value based on all interconnections, and the default value can be used when the real two devices are interconnected, or can be set in real time during interconnection authentication.
  • Step S303 Maintain an authorization migration table of a device interconnected with each device
  • the authorization migration table records device information of all devices directly connected to the device, and authorizes a comparison table of migration attribute values, authorizations, and the like.
  • the device information is used to identify information of an interconnected device, including but not limited to a device number, a name, a MAC address, and the like;
  • Step S304 When one device is interconnected with other single devices, the two sides of the interconnection device mutually confirm the authorization migration attribute of the device for the peer device, and update the authorization migration table of the peer device;
  • the confirmation of the authorization migration attribute directly obtains the default authorization migration attribute value of the device as the authorized migration attribute value of the current connection to the device.
  • the confirmation of the authorization migration attribute may also be manually confirmed by the user when the connection is established, and the authorized migration attribute value of the current connection device is set.
  • Step S305 When one device is interconnected with other devices, the two devices and other devices connected thereto are respectively obtained according to the authorized migration table of the corresponding device, and the corresponding authorization migration attribute is obtained. Authorize the device that allows migration, and migrate the device's information and license information to the target device that is allowed to migrate.
  • Step S306 For the device with the license of the corresponding device, the corresponding device can be directly accessed without authentication.
  • FIG. 4 is a schematic diagram of functional modules of an interconnection device according to an embodiment of the present invention. As shown in FIG. 4, the migration table management unit 401, the interconnection control unit 402, the authorization migration control unit 403, the authorization migration attribute management unit 404, and the authorization are provided. Management unit 405.
  • the migration table management unit 401 is configured to manage an authorization migration table of the interconnection device.
  • the interconnection control unit 402 is configured to control the connection of the management interconnection device.
  • Authorized migration control The unit 403 is configured to obtain an interconnection with other devices according to the authorization migration table of the two sides of the interconnection device, and corresponding authorization migration attributes. Authorize the device that allows migration, and migrate the device's information and license information to the target device that is allowed to migrate.
  • the authorization migration attribute management unit 404 is configured to manage the authorization migration attribute of the device, including obtaining a default value of the authorization migration attribute of the setting device, and setting a corresponding authorization migration attribute value based on a single interconnection acquisition.
  • the authorization management unit 405 configured to manage the license and verify the license for the connection to determine whether to directly connect or re-authenticate.
  • FIG. 5 is a schematic diagram of the authorization migration of the interconnection device according to the embodiment of the present invention. As shown in FIG. 5 , the example is only for the illustration of a case of the authorization migration.
  • the embodiment of the present invention includes but is not limited to the following examples:
  • State 1 includes primary interconnect device A, slave interconnect device B, and other interconnect device C;
  • State 3 interconnecting the interconnected device B from other interconnected devices C, respectively acquiring the authorized migration table of the other party;
  • the authorized migration attribute value of the device may be set and obtained.
  • the authorization migration attributes include, but are not limited to, not allowing migration, limiting migration, allowing migration, and the like.
  • For each device maintain an authorized migration table of devices interconnected with it, which records device information of all devices directly interconnected with the device, and authorizes a comparison table of migration attribute values, licenses, and the like.
  • the two interconnected devices confirm each other's authorized migration attributes for the peer device and update the authorized migration table of the peer device.
  • the authorization migration table of both sides of the interconnection device the interconnection with other devices is obtained, and the corresponding authorization migration attribute is obtained.
  • the device can directly access the corresponding device without authentication.
  • the embodiment of the present invention has a wide application scenario, for example, a home WIFI, and setting the WIFI as a license migration attribute, only one terminal of the host needs to complete the connection with the device and input password authentication. Thereafter, if other user equipments need to use the WIFI, only the user terminal needs to be interconnected with the owner's terminal, and the migration authorization can be obtained, thereby directly accessing the WIFI. Instead of telling the user the password, the user enters the password authentication access. That is to protect the password, which greatly simplifies the user experience.
  • smart devices including wearable devices, smart homes, and the Internet of Things, the number of devices owned by users is increasing, making application scenarios more extensive.
  • the migration and handover of the authorization attribute between the interconnection devices are implemented, so that the licensed device can automatically obtain the device information and the authorization authority, and realize automatic access without authentication.
  • the setting of the migration attribute also prevents the security problems caused by the arbitrary access of all connected devices, achieving intelligent and security considerations and improving the user experience.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination.
  • the forms are located in different processors.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • Step S101 After the first terminal and the second terminal in the same local area network are interconnected, obtain the authorization attribute information of the other party respectively.
  • Step S102 The first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are all allowed to migrate the device;
  • Step S103 When it is determined that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sets the device information and the license of the first terminal. Information is saved;
  • Step S104 After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • a method and an apparatus for accessing a device provided by an embodiment of the present invention have the following beneficial effects: according to the solution provided by the embodiment of the present invention, the migration and handover of the authorization attribute between the interconnected devices are implemented, so that the licensed The device can automatically obtain device information and authorization rights, and achieve automatic access without authentication, which improves the user experience. At the same time, it avoids the security problems caused by the arbitrary access of all interconnected devices, realizes the intelligent and security considerations, and improves the user experience.

Abstract

Embodiments of the present invention relate to the technical field of wireless communications. Disclosed are a device access method and apparatus. The method comprises: a first terminal and a second terminal provided in the same local area network are interconnected to each other and then respectively obtain authorization transfer attribute information of the opposite side; the first terminal and the second terminal determine whether both sides are transfer allowed devices or not according to the authorization transfer attribute information of the opposite side; if yes, the first terminal transfers device information and authorization grant information thereof to the second terminal so that the second terminal stores the device information and authorization grant information of the first terminal; when a third terminal and the second terminal provided in the same local area network are interconnected to each other, the third terminal obtains the device information and authorization grant information of the first terminal stored in the second terminal so as to access the first terminal.

Description

一种设备访问的方法及装置Method and device for accessing equipment 技术领域Technical field
本发明实施例涉及无线通信技术领域,特别涉及一种设备访问的方法及装置。The embodiments of the present invention relate to the field of wireless communications technologies, and in particular, to a device access method and apparatus.
背景技术Background technique
随着通信技术的发展,用户持有的智能设备越来越多,移动通信终端如手机,可穿戴设备,电脑,平板,传感器设备,及其它智能设备都得到了越来越广泛的使用。而这些智能设备之间的互通,协作也越来越频繁。With the development of communication technology, more and more smart devices are held by users, and mobile communication terminals such as mobile phones, wearable devices, computers, tablets, sensor devices, and other smart devices have been more and more widely used. And the interoperability and collaboration of these smart devices are becoming more and more frequent.
随着智能设备的增多,尤其是智能设备之间的互通,协作越来越频繁,而一项功能已经不再单单依赖于一个设备完成,可能需要多个设备之间协作完成,同时可能需要获取更新多个传感器设备采集的状态,因此智能设备之间频繁的需要进行通信传输。With the increase of smart devices, especially the interworking between smart devices, collaboration is more and more frequent, and a function is no longer dependent on one device alone. It may require multiple devices to cooperate and may need to be acquired. The status of multiple sensor devices is updated, so there is a frequent need for communication between smart devices.
在当前技术下,智能设备之间频繁的需要进行通信传输。而这些传输连接几乎都需要鉴权,需要用户的手动许可,或者输入密码等,从而给用户的使用带来了不便,一个最为典型的例子便是:家庭设置的WIFI,每个设备都是需要主动连接并输入密码进行鉴权,然后才能使用,对于到家来的朋友等访客,还需告诉其WIFI账号和密码,让其操作后才能使用,这一方面会导致密码的泄露,许多用户总是喜欢只是用几个固定的密码;另一方面操作复杂,也影响了用户的体验。Under the current technology, there is a frequent need for communication transmission between smart devices. These transmission connections almost all require authentication, require manual authorization by the user, or input passwords, etc., which brings inconvenience to the user. One of the most typical examples is: home-set WIFI, each device is required Actively connect and enter a password for authentication, and then use it. For visitors who come to the home, visitors need to tell their WIFI account and password to use it before they can use it. This will lead to the leakage of passwords. Many users always I like to use only a few fixed passwords; on the other hand, the operation is complicated and affects the user experience.
发明内容Summary of the invention
根据本发明实施例提供的方案解决的技术问题是在智能设备之间进行访问时都需要鉴权,因此存在不安全因素。The technical problem solved by the solution provided by the embodiment of the present invention is that authentication is required when accessing between smart devices, and thus there is an insecure factor.
根据本发明实施例提供的一种设备访问的方法,包括:A method for accessing a device according to an embodiment of the present invention includes:
设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息; After the first terminal and the second terminal in the same local area network are interconnected, the authorization attribute information of the other party is obtained respectively;
第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;The first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are allowed to migrate the device;
在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存;When it is determined that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal saves the device information and the license information of the first terminal. ;
当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
可选地,所述第一终端和第二终端中分别设置一个授权迁移表;其中,所述授权迁移表包括设备信息、授权迁移属性信息以及授权许可信息。Optionally, an authorization migration table is separately set in the first terminal and the second terminal; wherein the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
可选地,所述授权迁移属性信息包括允许迁移、限定迁移以及禁止迁移。Optionally, the authorization migration attribute information includes allowing migration, limiting migration, and prohibiting migration.
可选地,所述第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备包括:Optionally, the first terminal and the second terminal determine, according to the authorization migration attribute information of the other end, whether the two parties are allowed to migrate the device, including:
若第一终端和第二终端的授权迁移属性信息为允许迁移,则判断双方均为允许迁移设备;If the authorization migration attribute information of the first terminal and the second terminal is allowed to be migrated, it is determined that both parties are allowed to migrate the device;
若第一终端和第二终端的授权迁移属性信息为限定迁移,则通过与预存的限定迁移阈值进行比较,若未超过限定迁移阈值,则判断均为允许迁移设备,否则,均为不允许迁移设备;If the authorization migration attribute information of the first terminal and the second terminal is a limited migration, the comparison is performed with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate. Otherwise, the migration is not allowed. device;
若第一终端和第二终端的授权迁移属性信息为禁止迁移,则判断双方均为不允许迁移设备。If the authorization migration attribute information of the first terminal and the second terminal is forbidden to be migrated, it is determined that both parties are not allowed to migrate the device.
可选地,所述在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到从互连设备包括:Optionally, when determining that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrating the device information and the license information to the slave interconnect device includes:
在判断第一终端和第二终端均为允许迁移设备时,第一终端将其授权迁移表中包含的设备信息、授权迁移属性信息以及授权许可信息迁移到第二终端的授权迁移表中,同时第二终端将其授权迁移表中包含的设备信息、授权迁移属性信息以及授权许可信息迁移到第一终端的授权迁移表中。 When it is determined that the first terminal and the second terminal are both allowed to migrate the device, the first terminal migrates the device information, the authorization migration attribute information, and the license information included in the authorization migration table to the authorization migration table of the second terminal, and simultaneously The second terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table to the authorization migration table of the first terminal.
可选地,所述当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端包括:Optionally, after the third terminal and the second terminal that are located in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal, including :
当设在同一局域网中的第三终端和第二终端互连后,第二终端将其授权迁移表中包含的其和第一终端的设备信息、授权迁移属性信息以及授权许可信息迁移到第三终端中,以便第三终端访问第一终端。After the third terminal and the second terminal in the same local area network are interconnected, the second terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table and the first terminal to the third In the terminal, the third terminal accesses the first terminal.
根据本发明实施例提供的一种设备访问的装置,包括:An apparatus for accessing a device according to an embodiment of the present invention includes:
获取模块,设置为设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息;The acquiring module is configured to obtain the authorization migration attribute information of the other party after the first terminal and the second terminal are interconnected in the same local area network;
判断模块,设置为第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;The determining module is configured to: the first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are allowed to migrate the device;
迁移模块,设置为在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存,并当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。a migration module, configured to: when determining that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sends the device information of the first terminal and The license information is saved, and after the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires the device information and the license information of the first terminal saved by the second terminal, so as to access the first terminal. .
可选地,所述第一终端和第二终端中分别设置一个授权迁移表;其中,所述授权迁移表包括设备信息、授权迁移属性信息以及授权许可信息。Optionally, an authorization migration table is separately set in the first terminal and the second terminal; wherein the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
可选地,所述授权迁移属性信息包括允许迁移、限定迁移以及禁止迁移。Optionally, the authorization migration attribute information includes allowing migration, limiting migration, and prohibiting migration.
可选地,所述判断模块包括:Optionally, the determining module includes:
判断单元,设置为当第一终端和第二终端的授权迁移属性信息为允许迁移,则判断双方均为允许迁移设备,当第一终端和第二终端的授权迁移属性信息为限定迁移,则通过与预存的限定迁移阈值进行比较,若未超过限定迁移阈值,则判断均为允许迁移设备,否则,均为不允许迁移设备,以及当第一终端和第二终端的授权迁移属性信息为禁止迁移,则判断双方均为不允许迁移设备。 The determining unit is configured to: when the authorization migration attribute information of the first terminal and the second terminal is allowed to be migrated, determine that both the devices are allowed to migrate, and when the authorization migration attribute information of the first terminal and the second terminal is a limited migration, If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, the device is not allowed to be migrated, and the authorization migration attribute information of the first terminal and the second terminal is forbidden to be migrated. , it is judged that both parties are not allowed to migrate devices.
根据本发明的又一个实施例,还提供了一种存储介质。该存储介质设置为存储用于执行上述设备访问的方法的程序代码。According to still another embodiment of the present invention, a storage medium is also provided. The storage medium is set as program code for storing a method for performing the above device access.
根据本发明实施例提供的方案,实现了授权属性在互连设备间的迁移和转交,使得许可的设备可以自动的获得设备信息和授权权限,实现了自动的访问而无需鉴权,提升了用户体验。同时防止了所有互连设备可以任意访问带来的安全问题,实现了智能化和安全的兼顾,提升了用户体验。According to the solution provided by the embodiment of the present invention, the migration and handover of the authorization attribute between the interconnection devices are implemented, so that the licensed device can automatically obtain the device information and the authorization authority, and realize automatic access without authentication, thereby improving the user. Experience. At the same time, it avoids the security problems caused by the arbitrary access of all interconnected devices, realizes the intelligent and security considerations, and improves the user experience.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是本发明实施例提供的一种设备访问的方法流程图;FIG. 1 is a flowchart of a method for accessing a device according to an embodiment of the present invention;
图2是本发明实施例提供的一种设备访问的装置示意图;2 is a schematic diagram of an apparatus for accessing a device according to an embodiment of the present invention;
图3是本发明实施例提供的设备访问方法的流程图;3 is a flowchart of a device access method according to an embodiment of the present invention;
图4是本发明实施例提供的互连设备的功能模块示意图;4 is a schematic diagram of functional modules of an interconnection device according to an embodiment of the present invention;
图5是本发明实施例提供的互连设备的授权迁移示意图。FIG. 5 is a schematic diagram of authorization migration of an interconnection device according to an embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
图1是本发明实施例提供的一种设备访问的方法流程图,如图1所示,包括:FIG. 1 is a flowchart of a method for accessing a device according to an embodiment of the present invention. As shown in FIG. 1 , the method includes:
步骤S101:设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息; Step S101: After the first terminal and the second terminal in the same local area network are interconnected, obtain the authorization attribute information of the other party respectively.
步骤S102:第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;Step S102: The first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are all allowed to migrate the device;
步骤S103:在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存;Step S103: When it is determined that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sets the device information and the license of the first terminal. Information is saved;
步骤S104:当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。Step S104: After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
其中,所述第一终端和第二终端中分别设置一个授权迁移表;其中,所述授权迁移表包括设备信息、授权迁移属性信息以及授权许可信息。所述授权迁移属性信息包括允许迁移、限定迁移以及禁止迁移。The authorization migration table is respectively configured in the first terminal and the second terminal, where the authorization migration table includes device information, authorization migration attribute information, and authorization permission information. The authorization migration attribute information includes permission migration, limited migration, and prohibition of migration.
其中,所述第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备包括:若第一终端和第二终端的授权迁移属性信息为允许迁移,则判断双方均为允许迁移设备;若第一终端和第二终端的授权迁移属性信息为限定迁移,则通过与预存的限定迁移阈值进行比较,若未超过限定迁移阈值,则判断均为允许迁移设备,否则,均为不允许迁移设备;若第一终端和第二终端的授权迁移属性信息为禁止迁移,则判断双方均为不允许迁移设备。And determining, by the first terminal and the second terminal, whether the two parties are allowed to migrate the device according to the authorization attribute information of the other party: if the authorization migration attribute information of the first terminal and the second terminal is allowed to migrate, In order to allow the device to be migrated, if the authorization migration attribute information of the first terminal and the second terminal is a limited migration, the comparison is performed with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, If the migration of the first terminal and the second terminal is prohibited, the device is not allowed to migrate.
其中,所述在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到从互连设备包括:在判断第一终端和第二终端均为允许迁移设备时,第一终端将其授权迁移表中包含的设备信息、授权迁移属性信息以及授权许可信息迁移到第二终端的授权迁移表中,同时第二终端将其授权迁移表中包含的设备信息、授权迁移属性信息以及授权许可信息迁移到第一终端的授权迁移表中。When the first terminal and the second terminal are both allowed to migrate the device, the first terminal migrating the device information and the license information to the slave interconnect device includes: determining that both the first terminal and the second terminal are When the device is allowed to migrate, the first terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table to the authorization migration table of the second terminal, and the second terminal encrypts the information contained in the migration table. The device information, the authorization migration attribute information, and the license information are migrated to the authorization migration table of the first terminal.
其中,所述当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端包括:当设在同一局域网中的第三终端和第二终端互连后,第二 终端将其授权迁移表中包含的其和第一终端的设备信息、授权迁移属性信息以及授权许可信息迁移到第三终端中,以便第三终端访问第一终端。The third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so that accessing the first terminal includes: when the third terminal and the second terminal are connected to each other in the same local area network. After the third terminal and the second terminal located in the same local area network are interconnected, the second The terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table and the first terminal to the third terminal, so that the third terminal accesses the first terminal.
图2是本发明实施例提供的一种设备访问的装置示意图,如图2所示,包括:获取模块201,设置为设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息;判断模块202,设置为第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;迁移模块203,设置为在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存,并当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。2 is a schematic diagram of an apparatus for accessing a device according to an embodiment of the present invention. As shown in FIG. 2, the method includes: an obtaining module 201, configured to be interconnected after the first terminal and the second terminal in the same local area network are interconnected, respectively. The other party authorizes the migration attribute information; the determining module 202 is configured to: the first terminal and the second terminal determine, according to the authorization migration attribute information of the other party, whether the two parties are all allowed to migrate the device; and the migration module 203 is configured to determine the first terminal and the second terminal. When the terminal is allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal saves the device information and the license information of the first terminal, and is set in the same local area network. After the third terminal is interconnected with the second terminal, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
其中,所述第一终端和第二终端中分别设置一个授权迁移表;其中,所述授权迁移表包括设备信息、授权迁移属性信息以及授权许可信息。所述授权迁移属性信息包括允许迁移、限定迁移以及禁止迁移。The authorization migration table is respectively configured in the first terminal and the second terminal, where the authorization migration table includes device information, authorization migration attribute information, and authorization permission information. The authorization migration attribute information includes permission migration, limited migration, and prohibition of migration.
其中,所述判断模块202包括:判断单元,设置为当第一终端和第二终端的授权迁移属性信息为允许迁移,则判断双方均为允许迁移设备,当第一终端和第二终端的授权迁移属性信息为限定迁移,则通过与预存的限定迁移阈值进行比较,若未超过限定迁移阈值,则判断均为允许迁移设备,否则,均为不允许迁移设备,以及当第一终端和第二终端的授权迁移属性信息为禁止迁移,则判断双方均为不允许迁移设备。The determining module 202 includes: a determining unit, configured to: when the authorization migration attribute information of the first terminal and the second terminal is allowed to migrate, determine that both parties are allowed to migrate the device, when the first terminal and the second terminal are authorized If the migration attribute information is a limited migration, it is compared with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, the device is not allowed to migrate, and the first terminal and the second device are not allowed. If the authorization migration attribute information of the terminal is forbidden to be migrated, it is determined that both parties are not allowed to migrate the device.
图3是本发明实施例提供的设备访问方法的流程图,如图3所示,包括:FIG. 3 is a flowchart of a method for accessing a device according to an embodiment of the present invention. As shown in FIG. 3, the method includes:
步骤S301:一组互连设备互连;Step S301: interconnecting a group of interconnected devices;
所述互连设备包括但不限于电脑,平板,智能终端,可穿戴设备,具有传输功能的传感器,路由器等。The interconnection device includes, but is not limited to, a computer, a tablet, a smart terminal, a wearable device, a sensor having a transmission function, a router, and the like.
步骤S302:对于每一个设置为互连的设备,可以设置并获取该设备的授权迁移属性值; Step S302: For each device that is set to be interconnected, the authorized migration attribute value of the device may be set and obtained;
所述授权迁移属性包括但不限于不允许迁移,限定迁移,允许迁移等。The authorization migration attributes include, but are not limited to, not allowing migration, limiting migration, allowing migration, and the like.
所述设置的授权迁移属性值是一个基于所有互连的默认值,而在真正两个设备互连时,即可使用该默认值,也可以在互连鉴权时进行实时设置。The set authorization migration attribute value is a default value based on all interconnections, and the default value can be used when the real two devices are interconnected, or can be set in real time during interconnection authentication.
步骤S303:对于每一个设备维持一个与其互连的设备的授权迁移表;Step S303: Maintain an authorization migration table of a device interconnected with each device;
所述授权迁移表记录所有与该设备直接互连设备的设备信息,授权迁移属性值,授权许可等的对照表。The authorization migration table records device information of all devices directly connected to the device, and authorizes a comparison table of migration attribute values, authorizations, and the like.
所述设备信息用于标识一个互连设备的信息,包括但不限于设备编号,名称,MAC地址等;The device information is used to identify information of an interconnected device, including but not limited to a device number, a name, a MAC address, and the like;
步骤S304:当一个设备与其它单个设备互连时,互连设备双方彼此确认对于对端设备而言,本设备的授权迁移属性,并更新对端设备的授权迁移表;Step S304: When one device is interconnected with other single devices, the two sides of the interconnection device mutually confirm the authorization migration attribute of the device for the peer device, and update the authorization migration table of the peer device;
所述授权迁移属性的确认,可以直接获取设备的默认授权迁移属性值作为本次连接本设备的授权迁移属性值。The confirmation of the authorization migration attribute directly obtains the default authorization migration attribute value of the device as the authorized migration attribute value of the current connection to the device.
所述授权迁移属性的确认,也可以由用户在本次连接建立时,手动进行选择确认,设置本次连接本设备的授权迁移属性值。The confirmation of the authorization migration attribute may also be manually confirmed by the user when the connection is established, and the authorized migration attribute value of the current connection device is set.
步骤S305:当一个设备与其它单个设备互连时,对于这两个设备以及与其互连的其它设备,依据对应设备的授权迁移表分别获取与其它设备的互连情况,对应的授权迁移属性。并对允许迁移的设备授权,将该设备的信息,授权许可信息迁移到允许迁移的目标设备。Step S305: When one device is interconnected with other devices, the two devices and other devices connected thereto are respectively obtained according to the authorized migration table of the corresponding device, and the corresponding authorization migration attribute is obtained. Authorize the device that allows migration, and migrate the device's information and license information to the target device that is allowed to migrate.
步骤S306:对于具有对应设备的授权许可的设备,可以直接访问对应的设备而不需鉴权。Step S306: For the device with the license of the corresponding device, the corresponding device can be directly accessed without authentication.
图4是本发明实施例提供的互连设备的功能模块示意图,如图4所示,包括迁移表管理单元401、互连控制单元402、授权迁移控制单元403、授权迁移属性管理单元404、授权管理单元405。4 is a schematic diagram of functional modules of an interconnection device according to an embodiment of the present invention. As shown in FIG. 4, the migration table management unit 401, the interconnection control unit 402, the authorization migration control unit 403, the authorization migration attribute management unit 404, and the authorization are provided. Management unit 405.
所述迁移表管理单元401,设置为管理该互连设备的授权迁移表。所述互连控制单元402:设置为控制管理互连设备的连接。所述授权迁移控 制单元403:设置为依据互连设备双方的授权迁移表分别获取与其它设备的互连情况,对应的授权迁移属性。并对允许迁移的设备授权,将该设备的信息,授权许可信息迁移到允许迁移的目标设备。所述授权迁移属性管理单元404:设置为管理设备的授权迁移属性,包括获取设置本设备的授权迁移属性默认值,以及基于单个互连获取设置其对应的授权迁移属性值。所述授权管理单元405:设置为管理授权许可,并对于连接验证其授权许可,确定是直接连接还是重新鉴权。The migration table management unit 401 is configured to manage an authorization migration table of the interconnection device. The interconnection control unit 402 is configured to control the connection of the management interconnection device. Authorized migration control The unit 403 is configured to obtain an interconnection with other devices according to the authorization migration table of the two sides of the interconnection device, and corresponding authorization migration attributes. Authorize the device that allows migration, and migrate the device's information and license information to the target device that is allowed to migrate. The authorization migration attribute management unit 404 is configured to manage the authorization migration attribute of the device, including obtaining a default value of the authorization migration attribute of the setting device, and setting a corresponding authorization migration attribute value based on a single interconnection acquisition. The authorization management unit 405: configured to manage the license and verify the license for the connection to determine whether to directly connect or re-authenticate.
图5是本发明实施例提供的互连设备的授权迁移示意图,如图5所示,该实例仅仅对于授权迁移的一种情况进行的图示演示,本发明实施例包括但不限于以下示例:FIG. 5 is a schematic diagram of the authorization migration of the interconnection device according to the embodiment of the present invention. As shown in FIG. 5 , the example is only for the illustration of a case of the authorization migration. The embodiment of the present invention includes but is not limited to the following examples:
状态1:包括主互连设备A、从互连设备B以及其他互连设备C;State 1: includes primary interconnect device A, slave interconnect device B, and other interconnect device C;
状态2:主互连设备A与从互连设备B互连,分别获取对方的授权迁移表,主互连设备A将从互连设备B的授权迁移属性修改为不允许迁移;State 2: The primary interconnect device A and the slave interconnect device B are interconnected to obtain the authorized migration table of the other party, and the primary interconnect device A will modify the authorized migration attribute of the interconnected device B to not allow migration;
状态3:从互连设备B与其他互连设备C互连,分别获取对方的授权迁移表;State 3: interconnecting the interconnected device B from other interconnected devices C, respectively acquiring the authorized migration table of the other party;
状态4:其他互连设备C获取从互连设备B的授权迁移表后,从互连设备B同时将主互连设备A的授权迁移表迁移至其他互连设备C中;State 4: After the other interconnection device C acquires the authorization migration table from the interconnection device B, the slave device B simultaneously migrates the authorization migration table of the primary interconnection device A to the other interconnection device C;
状态5:其他互连设备C访问主互连设备A。State 5: The other interconnected device C accesses the primary interconnect device A.
本发明实施例对于每一个设置为互连的设备,可以设置并获取该设备的授权迁移属性值。所述授权迁移属性包括但不限于不允许迁移,限定迁移,允许迁移等。对于每一个设备维持一个与其互连的设备的授权迁移表,该表记录所有与该设备直接互连设备的设备信息,授权迁移属性值,授权许可等的对照表。当一个设备与其它单个设备互连时,互连设备双方彼此确认对于对端设备而言,本设备的授权迁移属性,并更新对端设备的授权迁移表。同时依据互连设备双方的授权迁移表分别获取与其它设备的互连情况,对应的授权迁移属性。并对允许迁移的设备授权,将该设备的信息,授权许可信息迁移到允许迁移的目标设备。对于具有对应设备的授权许可 的设备,可以直接访问对应的设备而不需鉴权。In the embodiment of the present invention, for each device that is set to be interconnected, the authorized migration attribute value of the device may be set and obtained. The authorization migration attributes include, but are not limited to, not allowing migration, limiting migration, allowing migration, and the like. For each device, maintain an authorized migration table of devices interconnected with it, which records device information of all devices directly interconnected with the device, and authorizes a comparison table of migration attribute values, licenses, and the like. When a device is interconnected with other single devices, the two interconnected devices confirm each other's authorized migration attributes for the peer device and update the authorized migration table of the peer device. At the same time, according to the authorization migration table of both sides of the interconnection device, the interconnection with other devices is obtained, and the corresponding authorization migration attribute is obtained. Authorize the device that allows migration, and migrate the device's information and license information to the target device that is allowed to migrate. For licenses with corresponding devices The device can directly access the corresponding device without authentication.
本发明实施例具有广泛的应用场景,例如:家庭用WIFI,设置该WIFI为许可迁移属性,则只需要主人的一部终端与该设备完成连接和输入密码鉴权。此后如果有其它用户设备需要使用该WIFI,只需要该用户终端与主人的终端互连,即可获得迁移的授权,从而直接访问WIFI。而不需要告知该用户密码,该用户输入密码鉴权访问。即保护了密码,也大大简化了用户体验。虽然智能设备,包括可穿戴设备,智能家居,物联网的普及,用户拥有的设备越来越多,使得应用场景也更为的广泛。The embodiment of the present invention has a wide application scenario, for example, a home WIFI, and setting the WIFI as a license migration attribute, only one terminal of the host needs to complete the connection with the device and input password authentication. Thereafter, if other user equipments need to use the WIFI, only the user terminal needs to be interconnected with the owner's terminal, and the migration authorization can be obtained, thereby directly accessing the WIFI. Instead of telling the user the password, the user enters the password authentication access. That is to protect the password, which greatly simplifies the user experience. Although smart devices, including wearable devices, smart homes, and the Internet of Things, the number of devices owned by users is increasing, making application scenarios more extensive.
根据本发明实施例提供的方案,实现了授权属性在互连设备间的迁移和转交,使得许可的设备可以自动的获得设备信息和授权权限,实现了自动的访问而无需鉴权。而迁移属性的设置也同时防止了所有互连设备可以任意访问带来的安全问题,实现了智能化和安全的兼顾,提升了用户体验。According to the solution provided by the embodiment of the present invention, the migration and handover of the authorization attribute between the interconnection devices are implemented, so that the licensed device can automatically obtain the device information and the authorization authority, and realize automatic access without authentication. The setting of the migration attribute also prevents the security problems caused by the arbitrary access of all connected devices, achieving intelligent and security considerations and improving the user experience.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意组合的形式分别位于不同的处理器中。It should be noted that each of the above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are in any combination. The forms are located in different processors.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
步骤S101:设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息;Step S101: After the first terminal and the second terminal in the same local area network are interconnected, obtain the authorization attribute information of the other party respectively.
步骤S102:第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;Step S102: The first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are all allowed to migrate the device;
步骤S103:在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存;Step S103: When it is determined that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sets the device information and the license of the first terminal. Information is saved;
步骤S104:当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。 Step S104: After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种设备访问的方法及装置,具有以下有益效果:根据本发明实施例提供的方案,实现了授权属性在互连设备间的迁移和转交,使得许可的设备可以自动的获得设备信息和授权权限,实现了自动的访问而无需鉴权,提升了用户体验。同时防止了所有互连设备可以任意访问带来的安全问题,实现了智能化和安全的兼顾,提升了用户体验。 As described above, a method and an apparatus for accessing a device provided by an embodiment of the present invention have the following beneficial effects: according to the solution provided by the embodiment of the present invention, the migration and handover of the authorization attribute between the interconnected devices are implemented, so that the licensed The device can automatically obtain device information and authorization rights, and achieve automatic access without authentication, which improves the user experience. At the same time, it avoids the security problems caused by the arbitrary access of all interconnected devices, realizes the intelligent and security considerations, and improves the user experience.

Claims (11)

  1. 一种设备访问的方法,包括:A method of device access, including:
    设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息;After the first terminal and the second terminal in the same local area network are interconnected, the authorization attribute information of the other party is obtained respectively;
    第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;The first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are allowed to migrate the device;
    在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存;When it is determined that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal saves the device information and the license information of the first terminal. ;
    当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。After the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so as to access the first terminal.
  2. 根据权利要求1所述的方法,所述第一终端和第二终端中分别设置一个授权迁移表;其中,所述授权迁移表包括设备信息、授权迁移属性信息以及授权许可信息。The method according to claim 1, wherein an authorization migration table is separately set in the first terminal and the second terminal; wherein the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
  3. 根据权利要求1或2所述的方法,所述授权迁移属性信息包括允许迁移、限定迁移以及禁止迁移。The method according to claim 1 or 2, wherein the authorization migration attribute information comprises allowing migration, limiting migration, and prohibiting migration.
  4. 根据权利要求3所述的方法,所述第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备包括:The method according to claim 3, wherein the first terminal and the second terminal determine, according to the authorization migration attribute information of the other party, whether the two parties are allowed to migrate the device, including:
    若第一终端和第二终端的授权迁移属性信息为允许迁移,则判断双方均为允许迁移设备;If the authorization migration attribute information of the first terminal and the second terminal is allowed to be migrated, it is determined that both parties are allowed to migrate the device;
    若第一终端和第二终端的授权迁移属性信息为限定迁移,则通过与预存的限定迁移阈值进行比较,若未超过限定迁移阈值,则判断均为允许迁移设备,否则,均为不允许迁移设备;If the authorization migration attribute information of the first terminal and the second terminal is a limited migration, the comparison is performed with the pre-stored limited migration threshold. If the migration threshold is not exceeded, the device is allowed to migrate. Otherwise, the migration is not allowed. device;
    若第一终端和第二终端的授权迁移属性信息为禁止迁移,则判断双方均为不允许迁移设备。If the authorization migration attribute information of the first terminal and the second terminal is forbidden to be migrated, it is determined that both parties are not allowed to migrate the device.
  5. 根据权利要求4所述的方法,所述在判断第一终端和第二终端 均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到从互连设备包括:The method according to claim 4, wherein said determining said first terminal and said second terminal When all devices are allowed to migrate, the first terminal migrates its device information and license information to the slave interconnect device including:
    在判断第一终端和第二终端均为允许迁移设备时,第一终端将其授权迁移表中包含的设备信息、授权迁移属性信息以及授权许可信息迁移到第二终端的授权迁移表中,同时第二终端将其授权迁移表中包含的设备信息、授权迁移属性信息以及授权许可信息迁移到第一终端的授权迁移表中。When it is determined that the first terminal and the second terminal are both allowed to migrate the device, the first terminal migrates the device information, the authorization migration attribute information, and the license information included in the authorization migration table to the authorization migration table of the second terminal, and simultaneously The second terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table to the authorization migration table of the first terminal.
  6. 根据权利要求5所述的方法,所述当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端包括:The method according to claim 5, after the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires device information and authorization permission information of the first terminal saved by the second terminal, so that Access to the first terminal includes:
    当设在同一局域网中的第三终端和第二终端互连后,第二终端将其授权迁移表中包含的其和第一终端的设备信息、授权迁移属性信息以及授权许可信息迁移到第三终端中,以便第三终端访问第一终端。After the third terminal and the second terminal in the same local area network are interconnected, the second terminal migrates the device information, the authorization migration attribute information, and the license information contained in the authorization migration table and the first terminal to the third In the terminal, the third terminal accesses the first terminal.
  7. 一种设备访问的装置,包括:A device for accessing a device, comprising:
    获取模块,设置为设在同一局域网中的第一终端和第二终端互连后,分别获取对方授权迁移属性信息;The acquiring module is configured to obtain the authorization migration attribute information of the other party after the first terminal and the second terminal are interconnected in the same local area network;
    判断模块,设置为第一终端和第二终端根据对方的授权迁移属性信息,判断双方是否均为允许迁移设备;The determining module is configured to: the first terminal and the second terminal determine, according to the authorization attribute information of the other party, whether the two parties are allowed to migrate the device;
    迁移模块,设置为在判断第一终端和第二终端均为允许迁移设备时,第一终端将其设备信息和授权许可信息迁移到第二终端,以便第二终端将第一终端的设备信息和授权许可信息进行保存,并当设在同一局域网中的第三终端和第二终端互连后,第三终端获取第二终端保存的第一终端的设备信息和授权许可信息,以便访问第一终端。a migration module, configured to: when determining that both the first terminal and the second terminal are allowed to migrate the device, the first terminal migrates the device information and the license information to the second terminal, so that the second terminal sends the device information of the first terminal and The license information is saved, and after the third terminal and the second terminal in the same local area network are interconnected, the third terminal acquires the device information and the license information of the first terminal saved by the second terminal, so as to access the first terminal. .
  8. 根据权利要求7所述的装置,所述第一终端和第二终端中分别设置一个授权迁移表;其中,所述授权迁移表包括设备信息、授权迁移属性信息以及授权许可信息。The apparatus according to claim 7, wherein an authorization migration table is respectively set in the first terminal and the second terminal; wherein the authorization migration table includes device information, authorization migration attribute information, and authorization permission information.
  9. 根据权利要求7或8所述的装置,所述授权迁移属性信息包括 允许迁移、限定迁移以及禁止迁移。The apparatus according to claim 7 or 8, wherein the authorization migration attribute information comprises Allow migrations, qualify migrations, and prohibit migrations.
  10. 根据权利要求9所述的装置,所述判断模块包括:The apparatus according to claim 9, wherein the determining module comprises:
    判断单元,设置为当第一终端和第二终端的授权迁移属性信息为允许迁移,则判断双方均为允许迁移设备,当第一终端和第二终端的授权迁移属性信息为限定迁移,则通过与预存的限定迁移阈值进行比较,若未超过限定迁移阈值,则判断均为允许迁移设备,否则,均为不允许迁移设备,以及当第一终端和第二终端的授权迁移属性信息为禁止迁移,则判断双方均为不允许迁移设备。The determining unit is configured to: when the authorization migration attribute information of the first terminal and the second terminal is allowed to be migrated, determine that both the devices are allowed to migrate, and when the authorization migration attribute information of the first terminal and the second terminal is a limited migration, If the migration threshold is not exceeded, the device is allowed to migrate the device. Otherwise, the device is not allowed to be migrated, and the authorization migration attribute information of the first terminal and the second terminal is forbidden to be migrated. , it is judged that both parties are not allowed to migrate devices.
  11. 一种存储介质,设置为存储用于执行如权利要求1至6中任一项所述的设备访问的方法的计算机程序。 A storage medium arranged to store a computer program for performing the method of accessing a device according to any one of claims 1 to 6.
PCT/CN2017/071575 2016-07-25 2017-01-18 Device access method and apparatus WO2018018859A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610592800.6A CN107659932B (en) 2016-07-25 2016-07-25 Equipment access method and device
CN201610592800.6 2016-07-25

Publications (1)

Publication Number Publication Date
WO2018018859A1 true WO2018018859A1 (en) 2018-02-01

Family

ID=61015602

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/071575 WO2018018859A1 (en) 2016-07-25 2017-01-18 Device access method and apparatus

Country Status (2)

Country Link
CN (1) CN107659932B (en)
WO (1) WO2018018859A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981660B (en) * 2019-03-29 2021-04-13 联想(北京)有限公司 Information processing method and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158487A (en) * 2011-04-01 2011-08-17 福建星网锐捷网络有限公司 Network access control method, system and device
CN102201967A (en) * 2010-03-24 2011-09-28 杭州华三通信技术有限公司 Method for authorizing user equipment migration and network access server
US20120157040A1 (en) * 2010-12-21 2012-06-21 Sony Corporation Information processing device, communication system, and billing method for wireless terminal device
CN102547704A (en) * 2010-11-10 2012-07-04 索尼公司 Wireless terminal device, communication system, and control method of wireless terminal device
US20140204758A1 (en) * 2011-09-02 2014-07-24 Zte Corporation Multi-mode intelligent access method, device and system

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138635A1 (en) * 2001-03-26 2002-09-26 Nec Usa, Inc. Multi-ISP controlled access to IP networks, based on third-party operated untrusted access stations
US20120266217A1 (en) * 2011-04-15 2012-10-18 Skype Limited Permitting Access To A Network
CN102594818A (en) * 2012-02-15 2012-07-18 北京星网锐捷网络技术有限公司 Network access permission control method, device and related equipment
CN103532946B (en) * 2013-10-09 2016-11-23 北京奇虎科技有限公司 Based on without password or the mthods, systems and devices of the arbitrarily network authorization of password
FR3015168A1 (en) * 2013-12-12 2015-06-19 Orange TOKEN AUTHENTICATION METHOD
CN104580176B (en) * 2014-12-26 2018-09-21 深圳市海蕴新能源有限公司 Collaborative share method and system
CN105338529B (en) * 2015-11-18 2020-06-23 Tcl科技集团股份有限公司 Wireless network connection method and system
CN105472611B (en) * 2015-12-03 2019-11-29 上海斐讯数据通信技术有限公司 Wireless terminal access authentication method and system in a kind of WLAN
CN105610620B (en) * 2015-12-31 2019-04-16 恬家(上海)信息科技有限公司 A kind of Intelligent hardware and its configuration method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102201967A (en) * 2010-03-24 2011-09-28 杭州华三通信技术有限公司 Method for authorizing user equipment migration and network access server
CN102547704A (en) * 2010-11-10 2012-07-04 索尼公司 Wireless terminal device, communication system, and control method of wireless terminal device
US20120157040A1 (en) * 2010-12-21 2012-06-21 Sony Corporation Information processing device, communication system, and billing method for wireless terminal device
CN102158487A (en) * 2011-04-01 2011-08-17 福建星网锐捷网络有限公司 Network access control method, system and device
US20140204758A1 (en) * 2011-09-02 2014-07-24 Zte Corporation Multi-mode intelligent access method, device and system

Also Published As

Publication number Publication date
CN107659932A (en) 2018-02-02
CN107659932B (en) 2022-05-20

Similar Documents

Publication Publication Date Title
JP6599341B2 (en) Method, device and system for dynamic network access management
TWI687835B (en) An apparatus, a computer readable medium, and a system for pairing computing devices according to a multi-level security protocol
CN105072135B (en) A kind of the authorization method for authenticating and system of cloud file-sharing
EP3111615B1 (en) Systems and methods for providing secure access to local network devices
US9402184B2 (en) Associating services to perimeters
US8656016B1 (en) Managing application execution and data access on a device
JP6412140B2 (en) Make sure to allow access to remote resources
TWI515601B (en) Electronic device, method for establishing and enforcing a security policy associated with anaccess control element, and secure element
US9075955B2 (en) Managing permission settings applied to applications
US9245131B2 (en) Multi-user universal serial bus (USB) key with customizable file sharing permissions
US11487889B2 (en) Mobile device management broker
US9426120B1 (en) Location and time based mobile app policies
KR20080095856A (en) Authorization scheme to simplify security configurations
KR101620254B1 (en) Method and apparatus for controlling access
WO2016127447A1 (en) Application installation method and terminal
US9275204B1 (en) Enhanced network access-control credentials
CN105262823A (en) Method, apparatus and system for controlling terminal
US20200304990A1 (en) Bluetooth device pairing
EP2741465A1 (en) Method and device for managing secure communications in dynamic network environments
WO2018018859A1 (en) Device access method and apparatus
Windley API access control with OAuth: Coordinating interactions with the Internet of Things
WO2018010256A1 (en) Method and device for wi-fi sharing
KR20140121571A (en) System for intergrated authentication, method and apparatus for intergraged authentication thereof
EP3018925A1 (en) Method and apparatus for secure wireless sharing
CN112491830B (en) Ceph distributed block storage access authentication method, medium and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17833177

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17833177

Country of ref document: EP

Kind code of ref document: A1