WO2019052027A1 - Authentication method, control device, and central control service device - Google Patents

Authentication method, control device, and central control service device Download PDF

Info

Publication number
WO2019052027A1
WO2019052027A1 PCT/CN2017/114743 CN2017114743W WO2019052027A1 WO 2019052027 A1 WO2019052027 A1 WO 2019052027A1 CN 2017114743 W CN2017114743 W CN 2017114743W WO 2019052027 A1 WO2019052027 A1 WO 2019052027A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
central control
key
service device
control service
Prior art date
Application number
PCT/CN2017/114743
Other languages
French (fr)
Chinese (zh)
Inventor
宋起涛
兰海宇
李屹
Original Assignee
深圳光峰科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳光峰科技股份有限公司 filed Critical 深圳光峰科技股份有限公司
Publication of WO2019052027A1 publication Critical patent/WO2019052027A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the present invention relates to the field of central control, and in particular, to a control device, a central control service device, and a network connection authentication method thereof.
  • the central control service devices for example, projectors
  • the central control service devices can be connected to the local area network or the Internet.
  • the networked central control service The device supports network control protocols, such as the standard PJLINK protocol, that is, devices that are connected to the local area network or the Internet (such as computers, tablets, or mobile devices) can connect and control the corresponding central control service devices through the network protocol TCP/UPD or the like.
  • an authentication mechanism is generally added in the network control protocol, that is, the device authorized by the central control service device can connect and control the central control service device.
  • the existing authentication mechanism usually uses the control password for authentication.
  • this authentication mechanism has the password being easily stolen and the authentication security is not high.
  • the present invention provides a control device, a central control service device, and a network connection authentication method thereof.
  • An authentication method is applied to a central control service device, and the central control service device is in communication with a control device
  • the method includes:
  • the first key and the second key are generated by using one of the following encryption algorithms: Standard MD5, crc32, SHA.
  • the method further includes: if the authentication fails, disconnecting from the network connection of the control device.
  • the method before receiving the authentication command, the method further includes: generating a current inter-time stamp, saving the current inter-time stamp in the central control service device, and transmitting the The current time stamp is applied to the control device.
  • the authentication command includes a current inter-stamp generated in the control device
  • the method further includes: if the central control service device can obtain its current time, Comparing the current time stamp in the authentication command with the current time of the central control service device, if the current time stamp exceeds the preset length range, the authentication fails; if the central control service device cannot If the current time interval is obtained, the current time stamp in the authentication command is compared with the time stamp of the last authentication. If the two are the same, the authentication fails.
  • a central control service device includes a first authentication unit and a first network module, where the first authentication unit includes a first receiving module, a first sending module, and an authentication execution
  • the first receiving module is configured to receive an authentication command from the control device by using the first network module, where the authentication command includes a first key
  • the authentication execution module is configured to use the control password and the current And generating a second key, and performing authentication according to whether the first key is consistent with the second key
  • the first sending module is configured to send an authentication result to the control device.
  • the central control service device is a projector.
  • the authentication command includes a current inter-stamp generated in the control device
  • the authentication execution module is further configured to perform, according to the current inter-frame stamp in the authentication command.
  • the central control service device can obtain its current time, compare the current time stamp in the authentication command with the current time of the central control service device, if the current time stamp exceeds If the preset length range is used, the authentication fails; if the central control service device cannot obtain its current time, the current time stamp in the authentication command is compared with the last authentication time stamp, if the two are consistent , the authentication failed.
  • An authentication method is applied to a control device, and the control device is in communication with the central control service device, and the method includes:
  • the current inter-time stamp is generated by the control device or received from the central control service device.
  • An authentication method comprising:
  • the control device generates a first key by using an encryption algorithm according to the current inter-frame stamp and a control password corresponding to the central control service device, and sends the first key to the central control service device;
  • the control device receives the first key, and generates a second key according to an encryption algorithm stored in the central control service device according to the current inter-point stamp and the control password stored in the central control service device, and receives the second key, and receives the second key.
  • the first key is compared with the generated second key to determine whether the authentication is successful.
  • the current inter-turn stamp is generated by a control device or generated by a central control service device.
  • the method further includes
  • the central control service device compares the current time stamp from the control device with the current time of the central control service device, and if the current time stamp exceeds a preset range, the authentication is performed. failure.
  • a control device includes a second authentication unit and a second network module, wherein the second authentication unit includes a second sending module and a key generating module, where the key generating module is used Generating a first key according to the current interstitial stamp and the control password, and then generating an authentication command according to the first key, where the second sending module is configured to send an authentication command to the central control service device, where the authentication The weight command includes the first key, and the current time stamp is generated by the control device or received from the central control service device.
  • the key is generated based on the current interleaving stamp and the control password, and has higher security.
  • FIG. 1 is a block diagram showing a network connection authentication system according to an embodiment of the present invention -
  • FIG. 2 is a schematic block diagram of a first authentication unit according to an embodiment of the present invention.
  • FIG. 3 is a block diagram of a second authentication unit according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a network connection authentication method according to a first embodiment of the present invention.
  • FIG. 5 is a flowchart of a network connection authentication method according to a second embodiment of the present invention.
  • the first receiving module 130 receives
  • Second sending module 232 Second sending module 232
  • a component when referred to as being “fixed” to another component, it can be directly on the other component or the component can be in the middle.
  • a component When a component is considered to be “connected” to another component, it can be directly connected to another component or possibly a central component.
  • a component When a component is considered to be “set to” another component, it can be placed directly on another component or possibly with a centered component.
  • the terms “vertical”, “horizontal”, “left”, “right” and the like are used herein for illustrative purposes only.
  • FIG. 1 is a block diagram showing the structure of a network connection authentication system according to the present invention.
  • the network connection authentication system 1000 comprises at least one central control service device 1 and at least one control device 2.
  • the central control service device 1 may be any electronic device having a network connection capability, such as a projector, a printer, a home appliance, and the like.
  • the control device 2 may be any electronic device having data processing capability and network connection capability, such as a computer, a mobile phone, a tablet, and a personal digital assistant (Personal Digital).
  • a computer a mobile phone, a tablet, and a personal digital assistant (Personal Digital).
  • a central control service device 1 can be controlled by one or more control devices 2 to perform specific tasks under the control of one or more control devices 2; one control device 2 can also control one or more central control service devices 1 The predetermined operation is performed by controlling the one or more central control service devices 1.
  • the central control service device 1 is a projector, and the user can use a computer, The control device 2 of the mobile phone, tablet, etc. issues a control command to control the operation of the projector, thereby implementing remote control or replacing the remote controller for operation.
  • the central control service device 1 includes a first processor 10, a first memory 12, a first authentication unit 13, and a first network module 14.
  • the first memory 12 can be used to store computer programs and/or modules, by the first processor 10 running or executing computer programs and/or modules stored in the first memory 12, and invoking storage
  • the data in the first memory 12 implements various functions of the central control service device 1 (e.g., projection of a projector).
  • the first memory 12 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a projection function of the projector, a printing function of the printer, etc.)
  • the storage data area can store data (such as projection data, print data, etc.) created according to the use of the central control service device 1.
  • the first memory 12 may include a high-speed random access memory, and may also include a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, at least one disk storage device, flash device, or other volatile solid-state storage device.
  • a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, at least one disk storage device, flash device, or other volatile solid-state storage device.
  • the first processor 10 may be a central processing unit (CPU), or may be another general-purpose processor, a digital signal processor (DSP), or an application specific integrated circuit (Application Specific Integrated). Circuit, ASIC), ready-to-use programmable gate array
  • the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the first processor 10 is a control center of the central control service device 1, and is connected to the whole by using various interfaces and lines. Control various parts of the service device 1.
  • the central control service device 1 further includes a first authentication unit 13 and at least one first network module 14.
  • the first authentication unit 13 is configured to communicate with the control device 2 through the first network module 14 to connect a network connection between the central control service device 1 and the control device 2 Perform authentication.
  • the first authentication unit 13 generates a current inter-stamp
  • the control device 2 generates a first key according to the current inter-turn stamp, control password encryption, and according to the first key.
  • Generating an authentication command the first authentication unit 13 parses the first key according to an authentication command from the control device 2, and then according to the The current inter-post stamp and control password stored locally generate a second key, and the generated second key is compared with the received first key from the control device 2 to determine whether the authentication is successful.
  • control device 2 generates a current inter-time stamp, then generates a first key according to the current inter-turn stamp, control password encryption, and generates an authentication command according to the first key.
  • the first authentication unit 13 parses out the first key and the current inter-page stamp according to the first key generation authentication command from the control device 2, and then according to the current inter-time stamp and control
  • the password generates a second key, and the generated second key is compared with the received first key from the control device 2 to determine whether the authentication is successful.
  • the first network module 14 may be a wired communication device or a wireless communication device.
  • the wired communication device includes a communication port, such as a universal serial bus (USB), a controller area network (CAN), a serial and/or other standard network connection, and an integrated circuit (Inter- Integmted Circuit, I2C) Bus, etc.
  • the wireless communication device can employ any type of wireless communication system, such as Bluetooth, infrared, Wireless Fidelity (WiFi), cellular technology, satellite, and broadcast.
  • the cellular technology may include mobile communication technologies such as second generation (2G), third generation (3G), fourth generation (4G) or fifth generation (5G).
  • the control device 2 includes a second processor 20, a second memory 22, a second authentication unit 23, and a second network module 24.
  • the second memory 22 can be used to store computer programs and/or modules, and the second processor 20 can execute or execute computer programs and/or modules stored in the second memory 22, and call storage.
  • the data in the second memory 22 implements various functions of the control device 2 (e.g., projection of a projector).
  • the second memory 22 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a projection function of the projector, a printing function of the printer, etc.), and the like.
  • the storage data area can store data (such as projection data, print data, etc.) created according to the use of the control device 2.
  • the second memory 22 may include a high-speed random access memory, and may also include a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, at least one disk storage device, flash device, or other volatile solid-state storage device.
  • a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, at least one disk storage device, flash device, or other volatile solid-state storage device.
  • the second processor 20 may be a central processing unit (CPU), and may also be Other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays
  • CPU central processing unit
  • DSP Digital Signal Processor
  • ASIC Application Specific Integrated Circuit
  • the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the second processor 20 is a control center of the control device 2, and connects the entire control device 2 by using various interfaces and lines. Various parts of it.
  • the control device 2 further includes a second authentication unit 23 and at least one second network module 24.
  • the second authentication unit 23 is configured to communicate with the first authentication unit 13 through the second network module 24 to generate a first key required for authentication.
  • the second authentication unit 23 is configured to generate a first key according to the current inter-turn stamp and the control password.
  • the current interim stamp is generated by the second authentication unit 23.
  • the current inter-frame stamp is generated by the first authentication unit 13 and then transmitted to the second authentication unit 23 by the first network module 14.
  • the second network module 24 corresponds to the first network module 14, and is a network of the same type.
  • the central control service device 1 includes one or more first network modules 14, and the control device 2 includes one or more second network modules 24, at least one first network module 14 and One of the second network modules 24 of the control device 2 is of the same type.
  • the schematic diagram is only an example of the network connection authentication system 1000, the central control service device 1, and the control device 2, and does not constitute a network connection authentication system 1000, and a central control service.
  • the definition of the device 1, the control device 2, may include more or less components than the illustration, or combine some components, or different components, for example, the central control service device 1 / control device 2 may also be according to actual needs Including input and output devices, display devices, etc.
  • the input and output device can include any suitable input device including, but not limited to, a mouse, a keyboard, a touch screen, or a contactless input, such as gesture input, voice input, and the like.
  • the display device may be a liquid crystal display (LCD), a Light Emitting Diode (LED) display, an Organic Light-Emitting Diode (OLED) or other suitable display. .
  • first authentication unit 13 and the second authentication unit 23 respectively comprise a computer program that can be divided into one or more modules, the computer program being storable in the first memory 12 and the second memory 22 are executable by the first processor 10 and the second processor 20.
  • the first authentication unit 13 and the second authentication unit 23 may also include a controller independent of the first processor 10 and the second processor 20, and the computer is executed by the controller. program.
  • the first authentication unit 13 includes a first receiving module 130, a first sending module 132, and an authentication executing module 134.
  • the first receiving module 130 is configured to receive an authentication command from the second authentication unit 23 by using the first network module 14, where the authentication command includes the first key.
  • the authentication execution module 134 is configured to perform authentication according to the authentication command.
  • the first sending module 132 is configured to send an authentication result to the second authentication unit 23.
  • the authentication command received from the second authentication unit 23 further includes a current timestamp, and the authentication execution module 134 generates a second according to the current timestamp and the control password.
  • the key is then compared with the first key in the authentication command. If they are consistent, the authentication succeeds. If they are inconsistent, the authentication fails. If the authentication fails, the authentication execution module 134 controls the first network module 14 to disconnect the network connection with the second network module 24. If the authentication is successful, the first receiving module 130 is allowed to receive a control command from the control device 2, and the control command can control the central control service device 1 to perform a predetermined operation.
  • the authentication execution module 134 generates and saves the current inter-page stamp, and the current inter-page stamp may be saved in the first memory 12, or may be saved independently of the first In a memory of the memory 12 and connected to the first authentication unit 13.
  • the first sending module 132 sends the generated current inter-symbol to the second authenticating unit 23, and the second authenticating unit 23 generates a first key according to the current inter-turn stamp and the control password, and sends the first key to the The first receiving module 130.
  • the authentication execution module 134 generates a second key according to the saved current interstitial stamp and the control password, and then compares the generated second key with the first key in the authentication command, if If the agreement is successful, the authentication succeeds.
  • the authentication execution module 134 controls the first network module 14 to disconnect the network connection with the second network module 24. If the authentication is successful, the first receiving module 130 is allowed to receive a control command from the control device 2, and the control command can control the central control service device 1 to perform a predetermined operation.
  • FIG. 3 is a block diagram of a second authentication unit 23 according to an embodiment of the present invention.
  • the second authentication unit 23 includes a second receiving module 230, a second sending module 232, and a key generating module 234.
  • Place The second receiving module 230 is configured to receive, by the second network module 24, the current inter-frame stamp from the first authentication unit 13.
  • the key generation module 234 is configured to generate a first key according to the received current interleaving stamp and the control password, and then generate an authentication command according to the first key.
  • the second sending module 232 is configured to send the authentication command to the first authentication unit 13, where the authentication command includes the first key.
  • the current inter-key stamp is generated by the key generation module 234, and the key generation module 234 generates a first key according to the generated current inter-turn stamp and the control password, and then An authentication command is generated according to the first key.
  • the second sending module 232 is configured to send the authentication command to the first authentication unit 13, and the authentication command includes the first key and the current inter-frame stamp.
  • the generation of the key is generated by using an encryption algorithm.
  • the encryption algorithm may be a standard message digest algorithm, fifth edition (Message Digest).
  • the second receiving module 230 is further configured to receive an authentication result from the first authentication unit 13, and if the authentication result is successful, the second sending module 232 is further configured to send a control command to The first authentication unit 13.
  • the control command is generated by the second processor 20, and the second processor 20 can generate the control command based on an input instruction of a user.
  • FIG. 4 is a flowchart of an authentication method according to a first embodiment of the present invention.
  • the network connection manner of the present invention may be a plurality of network types as described in the foregoing embodiments.
  • a network connection based on the TCP/IP protocol is taken as an example for description.
  • Step 401 The central control service device 1 sets an IP, a TCP/UDP port, and controls a password.
  • the IP is the IP address of the central control service device 1.
  • the control password is a control password of the central control service device 1, and each central control service device 1 has a control password, and only the control device 2 that knows the control password can control the central control service device 1.
  • the set IP, TCP/UDP port, and the control password are stored in the memory of the central control service device.
  • Step 402 Start the TCP service, and listen to whether the port has received the information.
  • Step 420 and step 403 the control device 2 establishes a network connection with the central control service device 1.
  • the step of establishing a network connection is: the control device sends a TC P connection request to the central control service device 1, and the port of the central control service device 1 receives the connection request, and returns to agree to the connection. of Response information, after receiving the response information, the control device sends the connection response information to the central control service device 1 again, and the central control service device 1 establishes the control information after receiving the response information of the control device 2 Network connection of device 2.
  • Step 421 The control device 2 generates a first key and an authentication command. Specifically, the control device 2 first generates a current inter-frame stamp, and then generates the first key according to a preset encryption algorithm according to the current inter-frame stamp and the control password of the central control service device.
  • the encryption algorithm includes, but is not limited to, standard md5, crc32, SHA, and the like.
  • the authentication command is a data packet generated on the basis of the first key and the current interstitial stamp, and may be in the form of a general TCP packet.
  • Step 404 The central control service device 1 receives the authentication command and parses the authentication command to obtain the current inter-time stamp and the first key.
  • Step 405 The central control service device 1 generates the second key by using the same encryption algorithm as the control end by using the current inter-postmark obtained by the parsing and the control password stored in the memory.
  • Step 406 The central control service device 1 compares the first key obtained by the parsing with the generated second key, and compares whether the current inter-timestamp is updated, and returns an authentication result.
  • the authentication result includes authentication success and authentication failure. If the current time stamp is separated from the current time of the central control service device 1 by more than a preset range (for example, 20 seconds, 30 seconds, 1 minute, 5 minutes, etc.), the authentication fails. If the current inter-page stamp is separated from the current time of the central control service device 1 by a predetermined range, and the first key obtained by the parsing is consistent with the generated second key, the authentication succeeds, otherwise, The power failed.
  • a preset range for example, 20 seconds, 30 seconds, 1 minute, 5 minutes, etc.
  • the central control service device 1 is unable to obtain its current time, and the central control service device 1 can acquire the previous time that the central control service device 1 is stored on the central control service device 1 with the control device. During the period of authentication, and then comparing the current time stamp with the last authentication, if the two match, the authentication fails. False authentication behavior can be further prevented by the network from stealing the current interleaving of the control device by comparing the current inter-frame stamp.
  • Step 422 The control device 2 receives the authentication result, and performs the next operation according to the authentication result. Specifically, if the authentication result is that the authentication is successful, the next operation may be to send a control command to control the central control service device to perform a predetermined operation. If the authentication result is an authentication failure, the next step may be to detect the reason for the authentication failure and re-initiate the authentication process.
  • Step 407 The central control service device 1 performs a corresponding operation according to the authentication result. Specifically, if the authentication fails, the TCP connection is closed. If the authentication is successful, continue to listen to the port to accept from the control device Prepare 2 control commands.
  • FIG. 5 is a flowchart of an authentication method according to a second embodiment of the present invention.
  • the network connection manner of the present invention may be a plurality of network types as described in the foregoing embodiments.
  • a network connection based on the TCP/IP protocol is taken as an example for description.
  • Step 501 The central control service device 1 sets an IP, a TCP/UDP port, and controls a password.
  • the IP is the IP address of the central control service device 1.
  • the control password is a control password of the central control service device 1, and each central control service device 1 has a control password, and only the control device 2 that knows the control password can control the central control service device 1.
  • the set IP, TCP/UDP port, and the control password are stored in the memory of the central control service device.
  • Step 502 Start the TCP service, and listen to whether the port has received the information.
  • Step 520 and step 503 the control device 2 establishes a network connection with the central control service device 1.
  • the step of establishing a network connection is: the control device sends a TC P connection request to the central control service device 1, and the port of the central control service device 1 receives the connection request, and returns to agree to the connection.
  • the response information the control device sends the response information of the connection to the central control service device 1 again after receiving the response information, and the central control service device 1 establishes and reports the response information of the control device 2 Control the network connection of device 2.
  • Step 504 The central control service device 1 generates a current timestamp, and saves the current timestamp in the memory of the central control service device 1 and sends it to the control device 2.
  • Step 521 The control device 2 generates a first key and an authentication command. Specifically, the control device 2 generates the first key based on a preset encryption algorithm according to the received current inter-frame stamp and the control password of the central control service device.
  • the encryption algorithms include, but are not limited to, standard md5, CrC 32, SHA, and the like.
  • the authentication command is a data packet generated on the basis of the first key and the current interstitial stamp, and may be in the form of a general TCP data packet.
  • Step 505 The central control service device 1 receives the authentication command and parses the authentication command to obtain the first key.
  • Step 506 The central control service device 1 generates a second key by using the same encryption algorithm stored in the memory and the control password stored in the memory.
  • Step 507 the central control service device 1 compares the obtained first key with the generated second key, and returns Back to the authentication result.
  • the authentication result includes authentication success and authentication failure. If the first key obtained by the analysis is consistent with the generated second key, the authentication succeeds, and if they are inconsistent, the authentication fails.
  • Step 522 The control device 2 receives the authentication result, and performs the next operation according to the authentication result. Specifically, if the authentication result is that the authentication is successful, the next operation may be to send a control command to control the central control service device to perform a predetermined operation. If the authentication result is an authentication failure, the next step may be to detect the reason for the authentication failure and re-initiate the authentication process.
  • Step 508 The central control service device 1 performs a corresponding operation according to the authentication result. Specifically, if the authentication fails, the TCP connection is closed. If the authentication is successful, the listening port continues to be received to receive control commands from the control device 2.
  • the module/unit integrated with the central control service device 1 and the control device 2 described in the above embodiments may be stored in a computer if it is implemented in the form of a software functional unit and sold or used as a separate product. Read in the storage medium.
  • the present invention implements all or part of the process in the authentication method described in the foregoing embodiments, and may also be completed by a computer program to instruct related hardware, and the computer program may be stored in a computer readable storage.
  • the computer program after being executed by the processor, implements the steps described in the above method embodiments.
  • the computer program includes computer program code, and the computer program code may be in the form of a source code, an object code, an executable file, or some intermediate form.
  • the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a USB flash drive, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a Read-Only Memory (ROM). Random access memory (RAM
  • Computer readable medium may be appropriately increased or decreased according to the requirements of legislation and patent practice in a jurisdiction, for example, in some jurisdictions, according to legislation and patent practice, computer readable media Does not include electrical carrier signals and telecommunication signals.

Abstract

The present invention relates to an authentication method. The method comprises: establish a network connection between a central control service device and a control device; the control device generates a first key using an encryption algorithm according to a current timestamp and a control password corresponding to the central control service device, and sends the first key to the central control service device; the central control service device receives the first key, generates a second key using an encryption algorithm identical to that used by the control device according to a current timestamp and the control password saved in the central control service device, and compares the received first key with the generated second key to determine whether authentication succeeds. The present invention also provides the central control service device. According to the authentication method, the central control service device, and the control device, the keys are generated based on the current timestamps and the control password, and thus a higher security level is provided.

Description

说明书 发明名称:鉴权方法及控制设备、 中控服务设备 技术领域  Manual Name of Invention: Authentication Method and Control Equipment, Central Control Service Equipment Technical Field
[0001] 本发明涉及中控领域, 尤其涉及一种控制设备、 中控服务设备及其网络连接鉴 权方法。  [0001] The present invention relates to the field of central control, and in particular, to a control device, a central control service device, and a network connection authentication method thereof.
背景技术  Background technique
[0002] 目前大部分的中控服务设备 (例如, 投影机) 都带网络模块, 如 LAN或 Wi-Fi 模块, 中控服务设备可以连接到局域网或互联网; 为了控制方便, 联网的中控 服务设备支持网络控制协议, 如标准的 PJLINK协议, 即同局域网或互联网的设 备 (如电脑、 平板或手机设备) 可以通过网络协议 TCP/UPD等来连接和控制对 应的中控服务设备。  [0002] At present, most of the central control service devices (for example, projectors) have network modules, such as LAN or Wi-Fi modules, and the central control service devices can be connected to the local area network or the Internet. For the convenience of control, the networked central control service The device supports network control protocols, such as the standard PJLINK protocol, that is, devices that are connected to the local area network or the Internet (such as computers, tablets, or mobile devices) can connect and control the corresponding central control service devices through the network protocol TCP/UPD or the like.
技术问题  technical problem
[0003] 为了保证网络安全, 保护中控服务设备的安全性, 一般会在网络控制协议中增 加鉴权机制, 即通过中控服务设备授权的设备才能连接和控制该中控服务设备 。 现有鉴权机制通常采用控制密码进行鉴权, 但是这种鉴权机制存在密码容易 被窃取导致鉴权安全性不高。  [0003] In order to ensure network security and protect the security of the central control service device, an authentication mechanism is generally added in the network control protocol, that is, the device authorized by the central control service device can connect and control the central control service device. The existing authentication mechanism usually uses the control password for authentication. However, this authentication mechanism has the password being easily stolen and the authentication security is not high.
问题的解决方案  Problem solution
技术解决方案  Technical solution
[0004] 本发明提供一种控制设备、 中控服务设备及其网络连接鉴权方法。  [0004] The present invention provides a control device, a central control service device, and a network connection authentication method thereof.
[0005] 一种鉴权方法, 应用于中控服务设备, 所述中控服务设备与控制设备通信连接 [0005] An authentication method is applied to a central control service device, and the central control service device is in communication with a control device
, 所述方法包括: , the method includes:
[0006] 建立与所述控制设备的网络连接; Establishing a network connection with the control device;
[0007] 接收来自所述控制设备的鉴权命令, 所述鉴权命令包括第一密钥;  Receiving an authentication command from the control device, where the authentication command includes a first key;
[0008] 根据当前吋间戳和控制密码生成第二密钥; 及 [0008] generating a second key according to the current interstitial stamp and the control password; and
[0009] 比对所述鉴权命令中的第一密钥与生成的第二密钥是否一致, 若一致, 则鉴权 成功, 若不一致, 则鉴权失败。  [0009] Aligning whether the first key in the authentication command is consistent with the generated second key, if the agreement is successful, the authentication succeeds, and if not, the authentication fails.
[0010] 在一种实施方式中, 所述第一密钥及第二密钥采用如下之一种加密算法生成: 标准的 MD5, crc32, SHA。 [0010] In an embodiment, the first key and the second key are generated by using one of the following encryption algorithms: Standard MD5, crc32, SHA.
[0011] 在一种实施方式中, 所述方法还包括: 若鉴权失败, 断幵与所述控制设备的网 络连接。  [0011] In an embodiment, the method further includes: if the authentication fails, disconnecting from the network connection of the control device.
[0012] 在一种实施方式中, 在接收所述鉴权命令之前, 所述方法还包括: 生成当前吋 间戳, 保存所述当前吋间戳在所述中控服务设备, 及发送所述当前吋间戳至所 述控制设备。  [0012] In an embodiment, before receiving the authentication command, the method further includes: generating a current inter-time stamp, saving the current inter-time stamp in the central control service device, and transmitting the The current time stamp is applied to the control device.
[0013] 在一种实施方式中, 所述鉴权命令包括在所述控制设备中生成的当前吋间戳, 所述方法还包括: 若所述中控服务设备能获取其当前吋间, 则比对鉴权命令中 的当前吋间戳与所述中控服务设备的当前吋间, 若所述当前吋间戳超过预设吋 长范围, 则鉴权失败; 若所述中控服务设备不能获取其当前吋间, 则比对鉴权 命令中的当前吋间戳与上一次鉴权的吋间戳, 若两者一致, 则鉴权失败。  [0013] In an embodiment, the authentication command includes a current inter-stamp generated in the control device, and the method further includes: if the central control service device can obtain its current time, Comparing the current time stamp in the authentication command with the current time of the central control service device, if the current time stamp exceeds the preset length range, the authentication fails; if the central control service device cannot If the current time interval is obtained, the current time stamp in the authentication command is compared with the time stamp of the last authentication. If the two are the same, the authentication fails.
[0014] 一种中控服务设备, 所述中控服务设备包括第一鉴权单元和第一网络模块, 其 中所述第一鉴权单元包括第一接收模块、 第一发送模块、 鉴权执行模块, 所述 第一接收模块用于通过所述第一网络模块从控制设备接收鉴权命令, 所述鉴权 命令包括第一密钥, 所述鉴权执行模块用于根据控制密码及当前吋间戳生成第 二密钥, 并根据所述第一密钥与所述第二密钥是否一致进行鉴权, 所述第一发 送模块用于发送鉴权结果至控制设备。  [0014] A central control service device, the central control service device includes a first authentication unit and a first network module, where the first authentication unit includes a first receiving module, a first sending module, and an authentication execution The first receiving module is configured to receive an authentication command from the control device by using the first network module, where the authentication command includes a first key, and the authentication execution module is configured to use the control password and the current And generating a second key, and performing authentication according to whether the first key is consistent with the second key, where the first sending module is configured to send an authentication result to the control device.
[0015] 在一种实施方式中, 所述中控服务设备为投影仪。  [0015] In an embodiment, the central control service device is a projector.
[0016] 在一种实施方式中, 所述鉴权命令包括在所述控制设备中生成的当前吋间戳, 所述鉴权执行模块还用于根据所述鉴权命令中的当前吋间戳进行进一步鉴权: 若所述中控服务设备能获取其当前吋间, 比对鉴权命令中的当前吋间戳与所述 中控服务设备的当前吋间, 若所述当前吋间戳超过预设吋长范围, 则鉴权失败 ; 若所述中控服务设备不能获取其当前吋间, 比对鉴权命令中的当前吋间戳与 上一次鉴权的吋间戳, 若两者一致, 则鉴权失败。  [0016] In an embodiment, the authentication command includes a current inter-stamp generated in the control device, and the authentication execution module is further configured to perform, according to the current inter-frame stamp in the authentication command. Performing further authentication: if the central control service device can obtain its current time, compare the current time stamp in the authentication command with the current time of the central control service device, if the current time stamp exceeds If the preset length range is used, the authentication fails; if the central control service device cannot obtain its current time, the current time stamp in the authentication command is compared with the last authentication time stamp, if the two are consistent , the authentication failed.
[0017] 一种鉴权方法, 应用于控制设备, 所述控制设备与中控服务设备通信连接, 所 述方法包括:  [0017] An authentication method is applied to a control device, and the control device is in communication with the central control service device, and the method includes:
[0018] 建立与所述中控服务设备的网络连接;  [0018] establishing a network connection with the central control service device;
[0019] 根据当前吋间戳和对应于所述中控服务设备的控制密码生成第一密钥, 并发送 包含所述第一密钥的鉴权命令至所述中控服务设备; [0019] generating a first key according to a current inter-turn stamp and a control password corresponding to the central control service device, and sending An authentication command including the first key to the central control service device;
[0020] 从所述中控服务设备接收鉴权结果, 若所述第一密钥与中控服务设备生成的第 二密钥一致, 则鉴权结果为鉴权成功; 若所述第一密钥与中控服务设备生成的 第二密钥不一致, 则鉴权结果为鉴权失败。  [0020] receiving an authentication result from the central control service device, if the first key is consistent with the second key generated by the central control service device, the authentication result is successful; If the key is inconsistent with the second key generated by the central control service device, the authentication result is that the authentication fails.
[0021] 在一种实施方式中, 所述当前吋间戳是由所述控制设备生成的或是从所述中控 服务设备接收的。  [0021] In an embodiment, the current inter-time stamp is generated by the control device or received from the central control service device.
[0022] 一种鉴权方法, 包括:  [0022] An authentication method, comprising:
[0023] 建立中控服务设备与控制设备之间的网络连接;  [0023] establishing a network connection between the central control service device and the control device;
[0024] 控制设备根据当前吋间戳和对应于所述中控服务设备的控制密码, 采用加密算 法生成第一密钥, 并将所述第一密钥发送至所述中控服务设备;  [0024] The control device generates a first key by using an encryption algorithm according to the current inter-frame stamp and a control password corresponding to the central control service device, and sends the first key to the central control service device;
[0025] 所述控制设备接收所述第一密钥, 并根据当前吋间戳和保存在所述中控服务设 备的控制密码, 采用与控制设备一样的加密算法生成第二密钥, 将接收的第一 密钥与生成的第二密钥进行比对以判断鉴权是否成功。  [0025] the control device receives the first key, and generates a second key according to an encryption algorithm stored in the central control service device according to the current inter-point stamp and the control password stored in the central control service device, and receives the second key, and receives the second key. The first key is compared with the generated second key to determine whether the authentication is successful.
[0026] 在一种实施方式中, 所述当前吋间戳由控制设备生成或由中控服务设备生成。  In an embodiment, the current inter-turn stamp is generated by a control device or generated by a central control service device.
[0027] 在一种实施方式中, 若当前吋间戳在所述控制设备中生成, 则所述方法还包括  [0027] In an embodiment, if the current inter-turn stamp is generated in the control device, the method further includes
[0028] 所述中控服务设备比对来自所述控制设备的当前吋间戳与所述中控服务设备的 当前吋间, 若所述当前吋间戳超过预设吋长范围, 则鉴权失败。 [0028] the central control service device compares the current time stamp from the control device with the current time of the central control service device, and if the current time stamp exceeds a preset range, the authentication is performed. failure.
[0029] 一种控制设备, 所述控制设备包括第二鉴权单元和第二网络模块, 其中所述第 二鉴权单元包括第二发送模块及密钥生成模块, 所述密钥生成模块用于根据当 前吋间戳和控制密码生成第一密钥, 然后再根据第一密钥生成鉴权命令, 所述 第二发送模块用于发送鉴权命令至所述中控服务设备, 所述鉴权命令包括所述 第一密钥, 所述当前吋间戳由所述控制设备生成或从所述中控服务设备接收。 发明的有益效果  [0029] A control device, the control device includes a second authentication unit and a second network module, wherein the second authentication unit includes a second sending module and a key generating module, where the key generating module is used Generating a first key according to the current interstitial stamp and the control password, and then generating an authentication command according to the first key, where the second sending module is configured to send an authentication command to the central control service device, where the authentication The weight command includes the first key, and the current time stamp is generated by the control device or received from the central control service device. Advantageous effects of the invention
有益效果  Beneficial effect
[0030] 与现有技术相比较, 所述鉴权方法及中控服务设备, 密钥基于当前吋间戳和控 制密码生成, 具有更高的安全性。  [0030] Compared with the prior art, the authentication method and the central control service device, the key is generated based on the current interleaving stamp and the control password, and has higher security.
对附图的简要说明 附图说明 Brief description of the drawing DRAWINGS
[0031] 图 1是本发明实施例的网络连接鉴权系统的方框结构示- 1 is a block diagram showing a network connection authentication system according to an embodiment of the present invention -
[0032] 图 2是本发明实施例的第一鉴权单元的模块示意图。 2 is a schematic block diagram of a first authentication unit according to an embodiment of the present invention.
[0033] 图 3是本发明实施例的第二鉴权单元的模块示意图。  3 is a block diagram of a second authentication unit according to an embodiment of the present invention.
[0034] 图 4是本发明第-一实施例的网络连接鉴权方法流程图。  4 is a flowchart of a network connection authentication method according to a first embodiment of the present invention.
[0035] 图 5是本发明第」二实施例的网络连接鉴权方法流程图。  5 is a flowchart of a network connection authentication method according to a second embodiment of the present invention.
[0036]  [0036]
[0037] 主要元件符号说明  [0037] Main component symbol description
[0038] 中控服务设备 1  [0038] Central Control Service Equipment 1
[0039] 第一处理器 10  [0039] The first processor 10
[0040] 第一存储器 12  [0040] The first memory 12
[0041] 第一鉴权单元 13  [0041] First authentication unit 13
[0042] 第一接收模块 130  [0042] The first receiving module 130
[0043] 第一发送模块 132  [0043] The first sending module 132
[0044] 鉴权执行模块 134  [0044] Authentication Execution Module 134
[0045] 第一网络模块 14  [0045] First network module 14
[0046] 控制设备 2  Control device 2
[0047] 第二处理器 20  [0047] Second processor 20
[0048] 第二存储器 22  [0048] Second memory 22
[0049] 第二鉴权单元 23  [0049] Second authentication unit 23
[0050] 第二接收模块 230  [0050] The second receiving module 230
[0051] 第二发送模块 232  [0051] Second sending module 232
[0052] 密钥生成模块 234  Key Generation Module 234
[0053] 第二网络模块 24  [0053] Second network module 24
[0054] 如下具体实施方式将结合上述附图进一步说明本发明。 The present invention will be further described in conjunction with the above drawings in the following detailed description.
Figure imgf000006_0001
Figure imgf000006_0001
本发明的实施方式  Embodiments of the invention
[0055] 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部 的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做出创造性劳 动前提下所获得的所有其他实施例, 都属于本发明保护的范围。 [0055] The technical solution in the embodiment of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention. Throughout the description, it is apparent that the described embodiments are only a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without departing from the inventive scope are the scope of the present invention.
[0056] 需要说明的是, 当组件被称为 "固定于"另一个组件, 它可以直接在另一个组件 上或者也可以存在居中的组件。 当一个组件被认为是"连接"另一个组件, 它可以 是直接连接到另一个组件或者可能同吋存在居中组件。 当一个组件被认为是 "设 置于"另一个组件, 它可以是直接设置在另一个组件上或者可能同吋存在居中组 件。 本文所使用的术语"垂直的"、 "水平的"、 "左"、 "右"以及类似的表述只是为 了说明的目的。  [0056] It should be noted that when a component is referred to as being "fixed" to another component, it can be directly on the other component or the component can be in the middle. When a component is considered to be "connected" to another component, it can be directly connected to another component or possibly a central component. When a component is considered to be "set to" another component, it can be placed directly on another component or possibly with a centered component. The terms "vertical", "horizontal", "left", "right" and the like are used herein for illustrative purposes only.
[0057] 以下所描述的系统实施方式仅仅是示意性的, 所述模块或电路的划分, 仅仅为 一种逻辑功能划分, 实际实现吋可以有另外的划分方式。 此外, 显然"包括"一词 不排除其他单元或步骤, 单数不排除复数。 系统权利要求中陈述的多个单元或 装置也可以由同一个单元或装置通过软件或者硬件来实现。 第一, 第二等词语 用来表示名称, 而并不表示任何特定的顺序。  [0057] The system implementations described below are merely illustrative, and the division of the modules or circuits is only a logical functional division, and the actual implementation may have another division manner. In addition, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. The plurality of units or devices recited in the system claims can also be implemented by the same unit or device in software or hardware. The first, second, etc. words are used to denote names and do not represent any particular order.
[0058] 除非另有定义, 本文所使用的所有的技术和科学术语与属于本发明的技术领域 的技术人员通常理解的含义相同。 本文中在本发明的说明书中所使用的术语只 是为了描述具体的实施例的目的, 不是旨在于限制本发明。 本文所使用的术语" 及 /或"包括一个或多个相关的所列项目的任意的和所有的组合。  [0058] All technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description of the present invention is for the purpose of describing particular embodiments and is not intended to limit the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
[0059] 请参阅图 1, 图 1是本发明网络连接鉴权系统的方框结构示意图。 所述网络连接 鉴权系统 1000包括至少一个中控服务设备 1及至少一个控制设备 2。  Please refer to FIG. 1. FIG. 1 is a block diagram showing the structure of a network connection authentication system according to the present invention. The network connection authentication system 1000 comprises at least one central control service device 1 and at least one control device 2.
[0060] 本发明实施例所述的中控服务设备 1可为任何具有网络连接能力的电子装置, 例如投影仪、 打印机、 家用电器等。  [0060] The central control service device 1 according to the embodiment of the present invention may be any electronic device having a network connection capability, such as a projector, a printer, a home appliance, and the like.
[0061] 本发明实施例所述的控制设备 2可为任何具有数据处理能力及网络连接能力的 电子装置, 例如电脑、 手机、 平板、 个人数字助理 (Personal Digital  [0061] The control device 2 according to the embodiment of the present invention may be any electronic device having data processing capability and network connection capability, such as a computer, a mobile phone, a tablet, and a personal digital assistant (Personal Digital).
Assistant, PDA) 等。 一台中控服务设备 1可被一个或多个控制设备 2控制, 以在 一个或多个控制设备 2的控制下执行特定的任务; 一个控制设备 2也可以控制一 个或多个中控服务设备 1以控制所述一个或多个中控服务设备 1执行预定操作。 在本发明的一个实例中, 所述中控服务设备 1为投影仪, 用户可以通过电脑、 手机、 平板等控制设备 2发出控制指令以控制所述投影仪工作, 从而实现远端控 制或替代遥控器进行操作。 Assistant, PDA), etc. A central control service device 1 can be controlled by one or more control devices 2 to perform specific tasks under the control of one or more control devices 2; one control device 2 can also control one or more central control service devices 1 The predetermined operation is performed by controlling the one or more central control service devices 1. In an example of the present invention, the central control service device 1 is a projector, and the user can use a computer, The control device 2 of the mobile phone, tablet, etc. issues a control command to control the operation of the projector, thereby implementing remote control or replacing the remote controller for operation.
[0063] 所述中控服务设备 1包括第一处理器 10、 第一存储器 12、 第一鉴权单元 13及第 一网络模块 14。 [0063] The central control service device 1 includes a first processor 10, a first memory 12, a first authentication unit 13, and a first network module 14.
[0064] 所述第一存储器 12可用于存储计算机程序和 /或模块, 所述第一处理器 10通过 运行或执行存储在所述第一存储器 12内的计算机程序和 /或模块, 以及调用存储 在第一存储器 12内的数据, 实现所述中控服务设备 1的各种功能 (例如投影仪的 投影) 。 所述第一存储器 12可主要包括存储程序区和存储数据区, 其中, 存储 程序区可存储操作系统、 至少一个功能所需的应用程序 (比如投影仪的投影功 育^ 打印机的打印功能等) 等; 存储数据区可存储根据中控服务设备 1的使用所 创建的数据 (比如投影数据、 打印数据等) 等。 此外, 第一存储器 12可以包括 高速随机存取存储器, 还可以包括非易失性存储器, 例如硬盘、 内存、 插接式 硬盘, 智能存储卡 (Smart Media Card, SMC) , 安全数字 (Secure Digital, SD) 卡, 闪存卡 (Flash Card) 、 至少一个磁盘存储器件、 闪存器件、 或其他易失性 固态存储器件。  [0064] The first memory 12 can be used to store computer programs and/or modules, by the first processor 10 running or executing computer programs and/or modules stored in the first memory 12, and invoking storage The data in the first memory 12 implements various functions of the central control service device 1 (e.g., projection of a projector). The first memory 12 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a projection function of the projector, a printing function of the printer, etc.) The storage data area can store data (such as projection data, print data, etc.) created according to the use of the central control service device 1. In addition, the first memory 12 may include a high-speed random access memory, and may also include a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, at least one disk storage device, flash device, or other volatile solid-state storage device.
[0065] 所述第一处理器 10可以是中央处理单元 (Central Processing Unit, CPU) , 还可以 是其他通用处理器、 数字信号处理器(Digital Signal Processor, DSP)、 专用集成 电路(Application Specific Integrated Circuit, ASIC)、 现成可编程门阵列  [0065] The first processor 10 may be a central processing unit (CPU), or may be another general-purpose processor, a digital signal processor (DSP), or an application specific integrated circuit (Application Specific Integrated). Circuit, ASIC), ready-to-use programmable gate array
(Field-Programmable Gate Array , FPGA)或者其他可编程逻辑器件、 分立门或者 晶体管逻辑器件、 分立硬件组件等。 通用处理器可以是微处理器或者该处理器 也可以是任何常规的处理器等, 所述第一处理器 10是所述中控服务设备 1的控制 中心, 利用各种接口和线路连接整个中控服务设备 1的各个部分。  (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The first processor 10 is a control center of the central control service device 1, and is connected to the whole by using various interfaces and lines. Control various parts of the service device 1.
[0066] 所述中控服务设备 1还包括第一鉴权单元 13及至少一个第一网络模块 14。 [0066] The central control service device 1 further includes a first authentication unit 13 and at least one first network module 14.
[0067] 其中, 所述第一鉴权单元 13用于通过所述第一网络模块 14与所述控制设备 2通 信以对所述中控服务设备 1与所述控制设备 2之间的网络连接进行鉴权。 在一些 实施例中, 所述第一鉴权单元 13生成当前吋间戳, 所述控制设备 2根据所述当前 吋间戳、 控制密码加密生成第一密钥, 并根据所述第一密钥生成鉴权命令, 所 述第一鉴权单元 13根据来自所述控制设备 2的鉴权命令解析出第一密钥, 再根据 保存在本地的所述当前吋间戳和控制密码生成第二密钥, 将生成的第二密钥与 接收到的来自所述控制设备 2的第一密钥比对以确定是否鉴权成功。 在一些实施 例中, 所述控制设备 2生成当前吋间戳, 然后根据所述当前吋间戳、 控制密码加 密生成第一密钥, 并根据所述第一密钥生成鉴权命令。 所述第一鉴权单元 13根 据来自所述控制设备 2的并根据所述第一密钥生成鉴权命令解析出第一密钥和当 前吋间戳, 再根据所述当前吋间戳和控制密码生成第二密钥, 将生成的第二密 钥与接收到的来自所述控制设备 2的第一密钥比对以确定是否鉴权成功。 [0067] The first authentication unit 13 is configured to communicate with the control device 2 through the first network module 14 to connect a network connection between the central control service device 1 and the control device 2 Perform authentication. In some embodiments, the first authentication unit 13 generates a current inter-stamp, and the control device 2 generates a first key according to the current inter-turn stamp, control password encryption, and according to the first key. Generating an authentication command, the first authentication unit 13 parses the first key according to an authentication command from the control device 2, and then according to the The current inter-post stamp and control password stored locally generate a second key, and the generated second key is compared with the received first key from the control device 2 to determine whether the authentication is successful. In some embodiments, the control device 2 generates a current inter-time stamp, then generates a first key according to the current inter-turn stamp, control password encryption, and generates an authentication command according to the first key. The first authentication unit 13 parses out the first key and the current inter-page stamp according to the first key generation authentication command from the control device 2, and then according to the current inter-time stamp and control The password generates a second key, and the generated second key is compared with the received first key from the control device 2 to determine whether the authentication is successful.
[0068] 所述第一网络模块 14可以是有线通信装置也可以是无线通信装置。 其中所述有 线通信装置包括通信端口, 例如通用串行总线 (universal serial bus, USB)、 控制器 局域网 (Controller area network, CAN) 、 串行及 /或其他标准网络连接、 集成电 路间 (Inter-Integmted Circuit, I2C) 总线等。 所述无线通信装置可采用任意类别 的无线通信系统, 例如, 蓝牙、 红外线、 无线保真 (Wireless Fidelity, WiFi) 、 蜂窝技术, 卫星, 及广播。 其中所述蜂窝技术可包括第二代 (2G) 、 第三代 (3 G) 、 第四代 (4G) 或第五代 (5G) 等移动通信技术。  [0068] The first network module 14 may be a wired communication device or a wireless communication device. The wired communication device includes a communication port, such as a universal serial bus (USB), a controller area network (CAN), a serial and/or other standard network connection, and an integrated circuit (Inter- Integmted Circuit, I2C) Bus, etc. The wireless communication device can employ any type of wireless communication system, such as Bluetooth, infrared, Wireless Fidelity (WiFi), cellular technology, satellite, and broadcast. The cellular technology may include mobile communication technologies such as second generation (2G), third generation (3G), fourth generation (4G) or fifth generation (5G).
[0069] 所述控制设备 2包括第二处理器 20、 第二存储器 22、 第二鉴权单元 23及第二网 络模块 24。  [0069] The control device 2 includes a second processor 20, a second memory 22, a second authentication unit 23, and a second network module 24.
[0070] 所述第二存储器 22可用于存储计算机程序和 /或模块, 所述第二处理器 20通过 运行或执行存储在所述第二存储器 22内的计算机程序和 /或模块, 以及调用存储 在第二存储器 22内的数据, 实现所述控制设备 2的各种功能 (例如投影仪的投影 ) 。 所述第二存储器 22可主要包括存储程序区和存储数据区, 其中, 存储程序 区可存储操作系统、 至少一个功能所需的应用程序 (比如投影仪的投影功能、 打印机的打印功能等) 等; 存储数据区可存储根据控制设备 2的使用所创建的数 据 (比如投影数据、 打印数据等) 等。 此外, 第二存储器 22可以包括高速随机 存取存储器, 还可以包括非易失性存储器, 例如硬盘、 内存、 插接式硬盘, 智 能存储卡 (Smart Media Card, SMC) , 安全数字 (Secure Digital, SD) 卡, 闪存 卡 (Flash Card) 、 至少一个磁盘存储器件、 闪存器件、 或其他易失性固态存储 器件。  [0070] The second memory 22 can be used to store computer programs and/or modules, and the second processor 20 can execute or execute computer programs and/or modules stored in the second memory 22, and call storage. The data in the second memory 22 implements various functions of the control device 2 (e.g., projection of a projector). The second memory 22 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a projection function of the projector, a printing function of the printer, etc.), and the like. The storage data area can store data (such as projection data, print data, etc.) created according to the use of the control device 2. In addition, the second memory 22 may include a high-speed random access memory, and may also include a non-volatile memory such as a hard disk, a memory, a plug-in hard disk, a smart memory card (SMC), and a secure digital (Secure Digital, SD) card, flash card, at least one disk storage device, flash device, or other volatile solid-state storage device.
[0071] 所述第二处理器 20可以是中央处理单元 (Central Processing Unit, CPU) , 还可以 是其他通用处理器、 数字信号处理器(Digital Signal Processor, DSP)、 专用集成 电路(Application Specific Integrated Circuit, ASIC)、 现成可编程门阵列 [0071] The second processor 20 may be a central processing unit (CPU), and may also be Other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays
(Field-Programmable Gate Array , FPGA)或者其他可编程逻辑器件、 分立门或者 晶体管逻辑器件、 分立硬件组件等。 通用处理器可以是微处理器或者该处理器 也可以是任何常规的处理器等, 所述第二处理器 20是所述控制设备 2的控制中心 , 利用各种接口和线路连接整个控制设备 2的各个部分。  (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The second processor 20 is a control center of the control device 2, and connects the entire control device 2 by using various interfaces and lines. Various parts of it.
[0072] 所述控制设备 2还包括第二鉴权单元 23及至少一个第二网络模块 24。  [0072] The control device 2 further includes a second authentication unit 23 and at least one second network module 24.
[0073] 其中, 所述第二鉴权单元 23用于通过所述第二网络模块 24与所述第一鉴权单元 13通信以生成鉴权所需的第一密钥。 所述第二鉴权单元 23用于根据当前吋间戳 和控制密码生成第一密钥。 在一些实施例中, 所述当前吋间戳由所述第二鉴权 单元 23生成。 在另一些实施例中, 所述当前吋间戳由所述第一鉴权单元 13生成 然后通过所述第一网络模块 14发送至所述第二鉴权单元 23。  [0073] The second authentication unit 23 is configured to communicate with the first authentication unit 13 through the second network module 24 to generate a first key required for authentication. The second authentication unit 23 is configured to generate a first key according to the current inter-turn stamp and the control password. In some embodiments, the current interim stamp is generated by the second authentication unit 23. In other embodiments, the current inter-frame stamp is generated by the first authentication unit 13 and then transmitted to the second authentication unit 23 by the first network module 14.
[0074] 所述第二网络模块 24与所述第一网络模块 14相对应, 为同类型的网络。 在一些 实施例中, 所述中控服务设备 1包括一个或多个第一网络模块 14, 所述控制设备 2包括一个或多个第二网络模块 24, 至少有一个第一网络模块 14与所述控制设备 2的其中一个第二网络模块 24同类型。  [0074] The second network module 24 corresponds to the first network module 14, and is a network of the same type. In some embodiments, the central control service device 1 includes one or more first network modules 14, and the control device 2 includes one or more second network modules 24, at least one first network module 14 and One of the second network modules 24 of the control device 2 is of the same type.
[0075] 本领域技术人员可以理解, 所述示意图仅仅是所述网络连接鉴权系统 1000、 中 控服务设备 1、 控制设备 2的示例, 并不构成对网络连接鉴权系统 1000、 中控服 务设备 1、 控制设备 2的限定, 可以包括比图示更多或更少的部件, 或者组合某 些部件, 或者不同的部件, 例如所述中控服务设备 1/控制设备 2还可以根据实际 需要包括输入输出设备、 显示装置等。 所述输入输出设备可包括任意适宜的输 入设备, 包括但不限于, 鼠标、 键盘、 触摸屏、 或非接触式输入, 例如, 手势 输入、 声音输入等。 所述显示装置可以是触液晶显示屏 (Liquid Crystal Display, LCD) 、 发光二极管 (Light Emitting Diode, LED) 显示屏、 有机电激光显示屏 (Organic Light-Emitting Diode, OLED) 或其他适宜的显示屏。  [0075] It can be understood by those skilled in the art that the schematic diagram is only an example of the network connection authentication system 1000, the central control service device 1, and the control device 2, and does not constitute a network connection authentication system 1000, and a central control service. The definition of the device 1, the control device 2, may include more or less components than the illustration, or combine some components, or different components, for example, the central control service device 1 / control device 2 may also be according to actual needs Including input and output devices, display devices, etc. The input and output device can include any suitable input device including, but not limited to, a mouse, a keyboard, a touch screen, or a contactless input, such as gesture input, voice input, and the like. The display device may be a liquid crystal display (LCD), a Light Emitting Diode (LED) display, an Organic Light-Emitting Diode (OLED) or other suitable display. .
[0076] 其中所述第一鉴权单元 13和所述第二鉴权单元 23可分别包括可以被分割成一个 或多个模块的计算机程序, 所述计算机程序可被存储在所述第一存储器 12和第 二存储器 22中, 且能够被所述第一处理器 10和第二处理器 20执行。 在一些实施 例中, 所述第一鉴权单元 13和所述第二鉴权单元 23也可以包括独立于所述第一 处理器 10、 第二处理器 20的控制器, 由所述控制器执行上述计算机程序。 [0076] wherein the first authentication unit 13 and the second authentication unit 23 respectively comprise a computer program that can be divided into one or more modules, the computer program being storable in the first memory 12 and the second memory 22 are executable by the first processor 10 and the second processor 20. In some implementations In an example, the first authentication unit 13 and the second authentication unit 23 may also include a controller independent of the first processor 10 and the second processor 20, and the computer is executed by the controller. program.
[0077] 请参阅图 2所示, 为本发明一实施例的第一鉴权单元 13的模块示意图。 所述第 一鉴权单元 13包括第一接收模块 130、 第一发送模块 132、 鉴权执行模块 134。 所 述第一接收模块 130用于通过所述第一网络模块 14从所述第二鉴权单元 23接收鉴 权命令, 所述鉴权命令包括所述第一密钥。 所述鉴权执行模块 134用于根据所述 鉴权命令进行鉴权。 所述第一发送模块 132用于发送鉴权结果至所述第二鉴权单 元 23。 Referring to FIG. 2, it is a schematic diagram of a module of a first authentication unit 13 according to an embodiment of the present invention. The first authentication unit 13 includes a first receiving module 130, a first sending module 132, and an authentication executing module 134. The first receiving module 130 is configured to receive an authentication command from the second authentication unit 23 by using the first network module 14, where the authentication command includes the first key. The authentication execution module 134 is configured to perform authentication according to the authentication command. The first sending module 132 is configured to send an authentication result to the second authentication unit 23.
[0078] 在一实施例中, 从所述第二鉴权单元 23接收的鉴权命令还包括当前吋间戳, 所 述鉴权执行模块 134根据所述当前吋间戳和控制密码生成第二密钥, 然后将生成 的第二密钥与所述鉴权命令中的第一密钥进行比对, 若一致, 则鉴权成功, 若 不一致, 则鉴权失败。 若鉴权失败, 所述鉴权执行模块 134控制所述第一网络模 块 14断幵与所述第二网络模块 24的网络连接。 若鉴权成功, 则允许所述第一接 收模块 130从所述控制设备 2接收控制命令, 所述控制命令能够控制所述中控服 务设备 1执行预定的操作。  [0078] In an embodiment, the authentication command received from the second authentication unit 23 further includes a current timestamp, and the authentication execution module 134 generates a second according to the current timestamp and the control password. The key is then compared with the first key in the authentication command. If they are consistent, the authentication succeeds. If they are inconsistent, the authentication fails. If the authentication fails, the authentication execution module 134 controls the first network module 14 to disconnect the network connection with the second network module 24. If the authentication is successful, the first receiving module 130 is allowed to receive a control command from the control device 2, and the control command can control the central control service device 1 to perform a predetermined operation.
[0079] 在一实施例中, 所述鉴权执行模块 134生成当前吋间戳并保存, 所述当前吋间 戳可保存在所述第一存储器 12中, 也可保存在独立于所述第一存储器 12的且与 所述第一鉴权单元 13连接的存储器中。 第一发送模块 132将生成的当前吋间戳发 送至所述第二鉴权单元 23, 所述第二鉴权单元 23根据所述当前吋间戳和控制密 码生成第一密钥发送至所述第一接收模块 130。 所述鉴权执行模块 134根据保存 的所述当前吋间戳和控制密码生成第二密钥, 然后将生成的第二密钥与所述鉴 权命令中的第一密钥进行比对, 若一致, 则鉴权成功, 若不一致, 则鉴权失败 。 若鉴权失败, 所述鉴权执行模块 134控制所述第一网络模块 14断幵与所述第二 网络模块 24的网络连接。 若鉴权成功, 则允许所述第一接收模块 130从所述控制 设备 2接收控制命令, 所述控制命令能够控制所述中控服务设备 1执行预定的操 作。  [0079] In an embodiment, the authentication execution module 134 generates and saves the current inter-page stamp, and the current inter-page stamp may be saved in the first memory 12, or may be saved independently of the first In a memory of the memory 12 and connected to the first authentication unit 13. The first sending module 132 sends the generated current inter-symbol to the second authenticating unit 23, and the second authenticating unit 23 generates a first key according to the current inter-turn stamp and the control password, and sends the first key to the The first receiving module 130. The authentication execution module 134 generates a second key according to the saved current interstitial stamp and the control password, and then compares the generated second key with the first key in the authentication command, if If the agreement is successful, the authentication succeeds. If they are inconsistent, the authentication fails. If the authentication fails, the authentication execution module 134 controls the first network module 14 to disconnect the network connection with the second network module 24. If the authentication is successful, the first receiving module 130 is allowed to receive a control command from the control device 2, and the control command can control the central control service device 1 to perform a predetermined operation.
[0080] 请参阅图 3所示, 为本发明一实施例的第二鉴权单元 23的模块示意图。 所述第 二鉴权单元 23包括第二接收模块 230、 第二发送模块 232、 密钥生成模块 234。 所 述第二接收模块 230用于通过所述第二网络模块 24从所述第一鉴权单元 13接收当 前吋间戳。 所述密钥生成模块 234用于根据接收到的当前吋间戳和控制密码生成 第一密钥, 然后再根据所述第一密钥生成鉴权命令。 所述第二发送模块 232用于 发送所述鉴权命令至所述第一鉴权单元 13, 所述鉴权命令包括所述第一密钥。 Please refer to FIG. 3, which is a block diagram of a second authentication unit 23 according to an embodiment of the present invention. The second authentication unit 23 includes a second receiving module 230, a second sending module 232, and a key generating module 234. Place The second receiving module 230 is configured to receive, by the second network module 24, the current inter-frame stamp from the first authentication unit 13. The key generation module 234 is configured to generate a first key according to the received current interleaving stamp and the control password, and then generate an authentication command according to the first key. The second sending module 232 is configured to send the authentication command to the first authentication unit 13, where the authentication command includes the first key.
[0081] 在一实施例中, 所述当前吋间戳由所述密钥生成模块 234生成, 所述密钥生成 模块 234根据生成的当前吋间戳和控制密码生成第一密钥, 然后再根据所述第一 密钥生成鉴权命令。 所述第二发送模块 232用于发送所述鉴权命令至所述第一鉴 权单元 13, 所述鉴权命令包括所述第一密钥和所述当前吋间戳。  [0081] In an embodiment, the current inter-key stamp is generated by the key generation module 234, and the key generation module 234 generates a first key according to the generated current inter-turn stamp and the control password, and then An authentication command is generated according to the first key. The second sending module 232 is configured to send the authentication command to the first authentication unit 13, and the authentication command includes the first key and the current inter-frame stamp.
[0082] 上述实施例中, 所述密钥的生成采用加密算法生成, 例如加密算法可为标准的 消息摘要算法第五版 (Message Digest  In the above embodiment, the generation of the key is generated by using an encryption algorithm. For example, the encryption algorithm may be a standard message digest algorithm, fifth edition (Message Digest).
Algorithm, MD5) , 循环冗余校验 (Cyclic Redundancy Check, crc32) , 安全 散列算法 SHA (Secure Hash Algorithm, SHA)等。  Algorithm, MD5), Cyclic Redundancy Check (CRC32), Secure Hash Algorithm (SHA), etc.
[0083] 所述第二接收模块 230还用于从所述第一鉴权单元 13接收鉴权结果, 若鉴权结 果为鉴权成功, 所述第二发送模块 232还用于发送控制命令至所述第一鉴权单元 13。 其中所述控制命令由所述第二处理器 20生成, 所述第二处理器 20可基于用 户的输入指令生成所述控制命令。  [0083] The second receiving module 230 is further configured to receive an authentication result from the first authentication unit 13, and if the authentication result is successful, the second sending module 232 is further configured to send a control command to The first authentication unit 13. The control command is generated by the second processor 20, and the second processor 20 can generate the control command based on an input instruction of a user.
[0084] 图 4为本发明第一实施例的鉴权方法流程图。  4 is a flowchart of an authentication method according to a first embodiment of the present invention.
[0085] 需要说明的是, 本发明的网络连接方式如上述实施例中所述的可以为多种网络 类型, 如下为便于描述, 以基于 TCP/IP协议的网络连接为例进行说明。  [0085] It should be noted that the network connection manner of the present invention may be a plurality of network types as described in the foregoing embodiments. For convenience of description, a network connection based on the TCP/IP protocol is taken as an example for description.
[0086] 步骤 401, 所述中控服务设备 1设置 IP、 TCP/UDP端口, 控制密码。 所述 IP为所 述中控服务设备 1的 IP地址。 所述控制密码为所述中控服务设备 1的控制密码, 每 台中控服务设备 1具有一控制密码, 只有获知该控制密码的控制设备 2才能控制 所述中控服务设备 1。 设置好的 IP、 TCP/UDP端口, 控制密码保存在所述中控服 务设备的存储器中。  [0086] Step 401: The central control service device 1 sets an IP, a TCP/UDP port, and controls a password. The IP is the IP address of the central control service device 1. The control password is a control password of the central control service device 1, and each central control service device 1 has a control password, and only the control device 2 that knows the control password can control the central control service device 1. The set IP, TCP/UDP port, and the control password are stored in the memory of the central control service device.
[0087] 步骤 402, 幵启 TCP服务, 监听端口是否有接收到信息。  [0087] Step 402: Start the TCP service, and listen to whether the port has received the information.
[0088] 步骤 420及步骤 403, 所述控制设备 2与所述中控服务设备 1建立网络连接。 在一 实施例中, 建立网络连接的步骤为: 所述控制设备向所述中控服务设备 1发送 TC P连接请求, 所述中控服务设备 1的端口接收到该连接请求吋, 返回同意连接的 响应信息, 所述控制设备收到该响应信息后再次向所述中控服务设备 1发送连接 的响应信息, 所述中控服务设备 1收到控制设备 2的响应信息后即建立与所述控 制设备 2的网络连接。 [0088] Step 420 and step 403, the control device 2 establishes a network connection with the central control service device 1. In an embodiment, the step of establishing a network connection is: the control device sends a TC P connection request to the central control service device 1, and the port of the central control service device 1 receives the connection request, and returns to agree to the connection. of Response information, after receiving the response information, the control device sends the connection response information to the central control service device 1 again, and the central control service device 1 establishes the control information after receiving the response information of the control device 2 Network connection of device 2.
[0089] 步骤 421, 所述控制设备 2生成第一密钥及鉴权命令。 具体地, 所述控制设备 2 先生成当前吋间戳, 然后根据当前吋间戳及所述中控服务设备的控制密码, 基 于一预设的加密算法生成所述第一密钥。 所述加密算法包括, 但不限于, 标准 的 md5, crc32, SHA等。 所述鉴权命令是在所述第一密钥及所述当前吋间戳的基 础上生成的数据包, 其可采用通用的 TCP数据包的形式。  [0089] Step 421: The control device 2 generates a first key and an authentication command. Specifically, the control device 2 first generates a current inter-frame stamp, and then generates the first key according to a preset encryption algorithm according to the current inter-frame stamp and the control password of the central control service device. The encryption algorithm includes, but is not limited to, standard md5, crc32, SHA, and the like. The authentication command is a data packet generated on the basis of the first key and the current interstitial stamp, and may be in the form of a general TCP packet.
[0090] 步骤 404, 所述中控服务设备 1接收所述鉴权命令并解析所述鉴权命令得到所述 当前吋间戳和所述第一密钥。  [0090] Step 404: The central control service device 1 receives the authentication command and parses the authentication command to obtain the current inter-time stamp and the first key.
[0091] 步骤 405, 所述中控服务设备 1利用解析得到的所述当前吋间戳和保存在存储器 中的控制密码, 采用与控制端一样的加密算法生成第二密钥。  [0091] Step 405: The central control service device 1 generates the second key by using the same encryption algorithm as the control end by using the current inter-postmark obtained by the parsing and the control password stored in the memory.
[0092] 步骤 406, 所述中控服务设备 1比对解析得到的第一密钥与生成的第二密钥, 及 对比当前吋间戳是否更新, 返回鉴权结果。 所述鉴权结果包括鉴权成功和鉴权 失败。 若当前吋间戳与所述中控服务设备 1的当前吋间相隔吋长超过预设范围 ( 例如 20秒、 30秒、 1分钟、 5分钟等) , 则鉴权失败。 若当前吋间戳与所述中控 服务设备 1的当前吋间相隔吋长未超过预设范围且解析得到的第一密钥与生成的 第二密钥一致, 则鉴权成功, 否则, 鉴权失败。 在一些实施例中, 所述中控服 务设备 1无法获取其当前吋间吋, 所述中控服务设备 1可获取预先存储在所述中 控服务设备 1上的与所述控制设备进行上一次鉴权吋的吋间, 然后比对当前吋间 戳与上一次鉴权的吋间, 若两者一致, 则鉴权失败。 通过比对当前吋间戳可进 一步防止网络窃取所述控制设备的当前吋间戳来进行的假鉴权行为。  [0092] Step 406: The central control service device 1 compares the first key obtained by the parsing with the generated second key, and compares whether the current inter-timestamp is updated, and returns an authentication result. The authentication result includes authentication success and authentication failure. If the current time stamp is separated from the current time of the central control service device 1 by more than a preset range (for example, 20 seconds, 30 seconds, 1 minute, 5 minutes, etc.), the authentication fails. If the current inter-page stamp is separated from the current time of the central control service device 1 by a predetermined range, and the first key obtained by the parsing is consistent with the generated second key, the authentication succeeds, otherwise, The power failed. In some embodiments, the central control service device 1 is unable to obtain its current time, and the central control service device 1 can acquire the previous time that the central control service device 1 is stored on the central control service device 1 with the control device. During the period of authentication, and then comparing the current time stamp with the last authentication, if the two match, the authentication fails. False authentication behavior can be further prevented by the network from stealing the current interleaving of the control device by comparing the current inter-frame stamp.
[0093] 步骤 422, 所述控制设备 2接收鉴权结果, 根据鉴权结果进行下一步操作。 具体 地, 若所述鉴权结果为鉴权成功, 则所述下一步操作可能是发送控制命令以控 制所述中控服务设备执行预定操作。 若所述鉴权结果为鉴权失败, 则所述下一 步操作可能是检测鉴权失败的原因及重新发起鉴权流程。  [0093] Step 422: The control device 2 receives the authentication result, and performs the next operation according to the authentication result. Specifically, if the authentication result is that the authentication is successful, the next operation may be to send a control command to control the central control service device to perform a predetermined operation. If the authentication result is an authentication failure, the next step may be to detect the reason for the authentication failure and re-initiate the authentication process.
[0094] 步骤 407, 所述中控服务设备 1根据鉴权结果执行相对应的操作。 具体地, 若鉴 权失败, 则关闭 TCP连接。 若鉴权成功, 则继续监听端口以接受来自所述控制设 备 2的控制命令。 [0094] Step 407: The central control service device 1 performs a corresponding operation according to the authentication result. Specifically, if the authentication fails, the TCP connection is closed. If the authentication is successful, continue to listen to the port to accept from the control device Prepare 2 control commands.
[0095] 图 5为本发明第二实施例的鉴权方法流程图。 5 is a flowchart of an authentication method according to a second embodiment of the present invention.
[0096] 需要说明的是, 本发明的网络连接方式如上述实施例中所述的可以为多种网络 类型, 如下为便于描述, 以基于 TCP/IP协议的网络连接为例进行说明。  [0096] It should be noted that the network connection manner of the present invention may be a plurality of network types as described in the foregoing embodiments. For convenience of description, a network connection based on the TCP/IP protocol is taken as an example for description.
[0097] 步骤 501, 所述中控服务设备 1设置 IP、 TCP/UDP端口, 控制密码。 所述 IP为所 述中控服务设备 1的 IP地址。 所述控制密码为所述中控服务设备 1的控制密码, 每 台中控服务设备 1具有一控制密码, 只有获知该控制密码的控制设备 2才能控制 所述中控服务设备 1。 设置好的 IP、 TCP/UDP端口, 控制密码保存在所述中控服 务设备的存储器中。  [0097] Step 501: The central control service device 1 sets an IP, a TCP/UDP port, and controls a password. The IP is the IP address of the central control service device 1. The control password is a control password of the central control service device 1, and each central control service device 1 has a control password, and only the control device 2 that knows the control password can control the central control service device 1. The set IP, TCP/UDP port, and the control password are stored in the memory of the central control service device.
[0098] 步骤 502, 幵启 TCP服务, 监听端口是否有接收到信息。  [0098] Step 502: Start the TCP service, and listen to whether the port has received the information.
[0099] 步骤 520及步骤 503, 所述控制设备 2与所述中控服务设备 1建立网络连接。 在一 实施例中, 建立网络连接的步骤为: 所述控制设备向所述中控服务设备 1发送 TC P连接请求, 所述中控服务设备 1的端口接收到该连接请求吋, 返回同意连接的 响应信息, 所述控制设备收到该响应信息后再次向所述中控服务设备 1发送连接 的响应信息, 所述中控服务设备 1收到控制设备 2的响应信息后即建立与所述控 制设备 2的网络连接。  [0099] Step 520 and step 503, the control device 2 establishes a network connection with the central control service device 1. In an embodiment, the step of establishing a network connection is: the control device sends a TC P connection request to the central control service device 1, and the port of the central control service device 1 receives the connection request, and returns to agree to the connection. The response information, the control device sends the response information of the connection to the central control service device 1 again after receiving the response information, and the central control service device 1 establishes and reports the response information of the control device 2 Control the network connection of device 2.
[0100] 步骤 504, 所述中控服务设备 1生成当前吋间戳, 并将当前吋间戳保存在所述中 控服务设备 1的存储器中及发送给所述控制设备 2。  [0100] Step 504: The central control service device 1 generates a current timestamp, and saves the current timestamp in the memory of the central control service device 1 and sends it to the control device 2.
[0101] 步骤 521, 所述控制设备 2生成第一密钥及鉴权命令。 具体地, 所述控制设备 2 根据接收到的当前吋间戳及所述中控服务设备的控制密码, 基于一预设的加密 算法生成所述第一密钥。 所述加密算法包括但不限于, 标准的 md5, CrC32, SHA 等。 所述鉴权命令是在所述第一密钥及当前吋间戳的基础上生成的数据包, 其 可采用通用的 TCP数据包的形式。 [0101] Step 521: The control device 2 generates a first key and an authentication command. Specifically, the control device 2 generates the first key based on a preset encryption algorithm according to the received current inter-frame stamp and the control password of the central control service device. The encryption algorithms include, but are not limited to, standard md5, CrC 32, SHA, and the like. The authentication command is a data packet generated on the basis of the first key and the current interstitial stamp, and may be in the form of a general TCP data packet.
[0102] 步骤 505, 所述中控服务设备 1接收所述鉴权命令并解析所述鉴权命令得到所述 第一密钥。  [0102] Step 505: The central control service device 1 receives the authentication command and parses the authentication command to obtain the first key.
[0103] 步骤 506, 所述中控服务设备 1利用保存在存储器中的当前吋间戳和保存在存储 器中的控制密码, 采用与控制端一样的加密算法生成第二密钥。  [0103] Step 506: The central control service device 1 generates a second key by using the same encryption algorithm stored in the memory and the control password stored in the memory.
[0104] 步骤 507, 所述中控服务设备 1比对解析得到的第一密钥与生成的第二密钥, 返 回鉴权结果。 所述鉴权结果包括鉴权成功和鉴权失败。 若解析得到的第一密钥 与生成的第二密钥一致, 则鉴权成功, 若不一致, 则鉴权失败。 [0104] Step 507, the central control service device 1 compares the obtained first key with the generated second key, and returns Back to the authentication result. The authentication result includes authentication success and authentication failure. If the first key obtained by the analysis is consistent with the generated second key, the authentication succeeds, and if they are inconsistent, the authentication fails.
[0105] 步骤 522, 所述控制设备 2接收鉴权结果, 根据鉴权结果进行下一步操作。 具体 地, 若所述鉴权结果为鉴权成功, 则所述下一步操作可能是发送控制命令以控 制所述中控服务设备执行预定操作。 若所述鉴权结果为鉴权失败, 则所述下一 步操作可能是检测鉴权失败的原因及重新发起鉴权流程。 [0105] Step 522: The control device 2 receives the authentication result, and performs the next operation according to the authentication result. Specifically, if the authentication result is that the authentication is successful, the next operation may be to send a control command to control the central control service device to perform a predetermined operation. If the authentication result is an authentication failure, the next step may be to detect the reason for the authentication failure and re-initiate the authentication process.
[0106] 步骤 508, 所述中控服务设备 1根据鉴权结果执行相对应的操作。 具体地, 若鉴 权失败, 则关闭 TCP连接。 若鉴权成功, 则继续监听端口以接收来自所述控制设 备 2的控制命令。 [0106] Step 508: The central control service device 1 performs a corresponding operation according to the authentication result. Specifically, if the authentication fails, the TCP connection is closed. If the authentication is successful, the listening port continues to be received to receive control commands from the control device 2.
[0107] 上述实施例中所述的中控服务设备 1和所述控制设备 2集成的模块 /单元如果以 软件功能单元的形式实现并作为独立的产品销售或使用吋, 可以存储在一个计 算机可读取存储介质中。 基于这样的理解, 本发明实现上述实施例所述的鉴权 方法中的全部或部分流程, 也可以通过计算机程序来指令相关的硬件来完成, 所述的计算机程序可存储于一计算机可读存储介质中, 该计算机程序在被处理 器执行吋, 可实现上文方法实施例所述的步骤。 其中, 所述计算机程序包括计 算机程序代码, 所述计算机程序代码可以为源代码形式、 对象代码形式、 可执 行文件或某些中间形式等。 所述计算机可读介质可以包括: 能够携带所述计算 机程序代码的任何实体或装置、 记录介质、 U盘、 移动硬盘、 磁碟、 光盘、 计算 机存储器、 只读存储器 (ROM, Read-Only Memory) 、 随机存取存储器 (RAM [0107] The module/unit integrated with the central control service device 1 and the control device 2 described in the above embodiments may be stored in a computer if it is implemented in the form of a software functional unit and sold or used as a separate product. Read in the storage medium. Based on such understanding, the present invention implements all or part of the process in the authentication method described in the foregoing embodiments, and may also be completed by a computer program to instruct related hardware, and the computer program may be stored in a computer readable storage. In the medium, the computer program, after being executed by the processor, implements the steps described in the above method embodiments. The computer program includes computer program code, and the computer program code may be in the form of a source code, an object code, an executable file, or some intermediate form. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a USB flash drive, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a Read-Only Memory (ROM). Random access memory (RAM
, Random Access Memory) 、 电载波信号、 电信信号以及软件分发介质等。 需 要说明的是, 所述计算机可读介质包含的内容可以根据司法管辖区内立法和专 利实践的要求进行适当的增减, 例如在某些司法管辖区, 根据立法和专利实践 , 计算机可读介质不包括电载波信号和电信信号。 , Random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. It should be noted that the content contained in the computer readable medium may be appropriately increased or decreased according to the requirements of legislation and patent practice in a jurisdiction, for example, in some jurisdictions, according to legislation and patent practice, computer readable media Does not include electrical carrier signals and telecommunication signals.
以上所述仅为本发明的实施方式, 并非因此限制本发明的专利范围, 凡是利用 本发明说明书及附图内容所作的等效结构或等效流程变换, 或直接或间接运用 在其他相关的技术领域, 均同理包括在本发明的专利保护范围内。  The above description is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation using the specification and the drawings of the present invention may be directly or indirectly applied to other related technologies. The scope of the invention is included in the scope of patent protection of the present invention.

Claims

权利要求书  Claim
一种鉴权方法, 应用于中控服务设备, 所述中控服务设备与控制设备 通信连接, 其特征在于, 所述方法包括: An authentication method is applied to a central control service device, wherein the central control service device is in communication with the control device, and the method includes:
建立与所述控制设备的网络连接; Establishing a network connection with the control device;
接收来自所述控制设备的鉴权命令, 所述鉴权命令包括第一密钥; 根据当前吋间戳和控制密码生成第二密钥; 及 Receiving an authentication command from the control device, the authentication command includes a first key; generating a second key according to the current interleaving stamp and the control password; and
比对所述鉴权命令中的第一密钥与生成的第二密钥是否一致, 若一致 , 则鉴权成功, 若不一致, 则鉴权失败。 If the first key in the authentication command is consistent with the generated second key, if the matching is successful, the authentication succeeds. If not, the authentication fails.
如权利要求 1所述的方法, 其特征在于, 所述第一密钥与第二密钥采 用如下之一种加密算法生成: 标准的 MD5, crc32, SHA。 The method according to claim 1, wherein the first key and the second key are generated by using an encryption algorithm as follows: standard MD5, crc32, SHA.
如权利要求 1所述的方法, 其特征在于, 在接收来自所述控制设备的 鉴权命令之前, 所述方法还包括: 生成当前吋间戳, 保存所述当前吋 间戳在所述中控服务设备, 及发送所述当前吋间戳至所述控制设备。 如权利要求 1所述的方法, 其特征在于, 所述鉴权命令包括在所述控 制设备中生成的当前吋间戳, 所述方法还包括: 若所述中控服务设备 能获取其当前吋间, 则比对鉴权命令中的当前吋间戳与所述中控服务 设备的当前吋间, 若所述当前吋间戳超过预设吋长范围, 则鉴权失败 ; 若所述中控服务设备不能获取其当前吋间, 则比对鉴权命令中的当 前吋间戳与上一次鉴权的吋间戳, 若两者一致, 则鉴权失败。 The method according to claim 1, wherein before receiving the authentication command from the control device, the method further comprises: generating a current inter-stamp, and saving the current inter-stamp in the central control Serving the device, and transmitting the current inter-page stamp to the control device. The method according to claim 1, wherein the authentication command includes a current inter-stamp generated in the control device, and the method further includes: if the central control service device can obtain its current defect In the case of comparing the current time stamp in the authentication command with the current time of the central control service device, if the current time stamp exceeds the preset length range, the authentication fails; If the service device cannot obtain its current time, it compares the current time stamp in the authentication command with the time stamp of the last authentication. If the two are consistent, the authentication fails.
一种中控服务设备, 其特征在于, 所述中控服务设备包括第一鉴权单 元和第一网络模块, 其中所述第一鉴权单元包括第一接收模块、 第一 发送模块、 鉴权执行模块, 所述第一接收模块用于通过所述第一网络 模块从控制设备接收鉴权命令, 所述鉴权命令包括第一密钥, 所述鉴 权执行模块用于根据控制密码及当前吋间戳生成第二密钥, 并根据所 述第一密钥与所述第二密钥是否一致进行鉴权, 所述第一发送模块用 于发送鉴权结果至控制设备。 A central control service device, wherein the central control service device includes a first authentication unit and a first network module, wherein the first authentication unit includes a first receiving module, a first sending module, and an authentication An execution module, the first receiving module is configured to receive an authentication command from the control device by using the first network module, where the authentication command includes a first key, and the authentication execution module is configured to use the control password and the current And generating a second key, and performing authentication according to whether the first key and the second key are consistent, and the first sending module is configured to send an authentication result to the control device.
如权利要求 5所述的中控服务设备, 其特征在于, 所述中控服务设备 为投影仪。 如权利要求 5所述的中控服务设备, 其特征在于, 所述鉴权命令包括 在所述控制设备中生成的当前吋间戳, 所述鉴权执行模块还用于根据 所述鉴权命令中的当前吋间戳进行进一步鉴权: 若所述中控服务设备 能获取其当前吋间, 比对鉴权命令中的当前吋间戳与所述中控服务设 备的当前吋间, 若所述当前吋间戳超过预设吋长范围, 则鉴权失败; 若所述中控服务设备不能获取其当前吋间, 比对鉴权命令中的当前吋 间戳与上一次鉴权的吋间戳, 若两者一致, 则鉴权失败。 The central control service device according to claim 5, wherein the central control service device is a projector. The central control service device according to claim 5, wherein the authentication command includes a current inter-turn stamp generated in the control device, and the authentication execution module is further configured to use the authentication command according to the Further authentication in the current inter-page stamp: if the central control service device can obtain its current time, compare the current inter-time stamp in the authentication command with the current time of the central control service device, If the current time stamp exceeds the preset length range, the authentication fails; if the central control service device cannot obtain its current time, the current time stamp in the authentication command is compared with the time of the last authentication. Poke, if the two are the same, the authentication fails.
一种鉴权方法, 应用于控制设备, 所述控制设备与中控服务设备通信 连接, 其特征在于, 所述方法包括: An authentication method is applied to a control device, where the control device is in communication with the central control service device, and the method includes:
建立与所述中控服务设备的网络连接; Establishing a network connection with the central control service device;
根据当前吋间戳和对应于所述中控服务设备的控制密码生成第一密钥Generating a first key according to a current inter-time stamp and a control password corresponding to the central control service device
, 并发送包含所述第一密钥的鉴权命令至所述中控服务设备; 从所述中控服务设备接收鉴权结果, 若所述第一密钥与中控服务设备 生成的第二密钥一致, 则鉴权结果为鉴权成功; 若所述第一密钥与中 控服务设备生成的第二密钥不一致, 则鉴权结果为鉴权失败。 And sending an authentication command including the first key to the central control service device; receiving an authentication result from the central control service device, if the first key and the central control service device generate a second If the key is consistent, the authentication result is successful. If the first key is inconsistent with the second key generated by the central control service device, the authentication result is authentication failure.
如权利要求 8所述的方法, 其特征在于, 所述当前吋间戳是由所述控 制设备生成的或是从所述中控服务设备接收的。 The method of claim 8, wherein the current inter-time stamp is generated by the control device or received from the central control service device.
一种控制设备, 其特征在于, 所述控制设备包括第二鉴权单元和第二 网络模块, 其中所述第二鉴权单元包括第二发送模块及密钥生成模块 , 所述密钥生成模块用于根据当前吋间戳和控制密码生成第一密钥, 然后再根据第一密钥生成鉴权命令, 所述第二发送模块用于发送鉴权 命令至所述中控服务设备, 所述鉴权命令包括所述第一密钥, 所述当 前吋间戳由所述控制设备生成或从所述中控服务设备接收。 A control device, wherein the control device includes a second authentication unit and a second network module, wherein the second authentication unit includes a second sending module and a key generating module, and the key generating module And the second sending module is configured to send an authentication command to the central control service device, where the first sending key is generated according to the current interstitial stamp and the control password, and the second sending module is configured to send an authentication command to the central control service device. The authentication command includes the first key, and the current inter-time stamp is generated by the control device or received from the central control service device.
PCT/CN2017/114743 2017-09-14 2017-12-06 Authentication method, control device, and central control service device WO2019052027A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710828196.7A CN109510798A (en) 2017-09-14 2017-09-14 Method for authenticating and control equipment, middle control service equipment
CN201710828196.7 2017-09-14

Publications (1)

Publication Number Publication Date
WO2019052027A1 true WO2019052027A1 (en) 2019-03-21

Family

ID=65723470

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/114743 WO2019052027A1 (en) 2017-09-14 2017-12-06 Authentication method, control device, and central control service device

Country Status (2)

Country Link
CN (1) CN109510798A (en)
WO (1) WO2019052027A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519764B (en) * 2019-09-19 2023-06-23 京东方科技集团股份有限公司 Security verification method, system, computer device and medium of communication device
CN113301537B (en) * 2021-05-19 2023-09-15 闪耀现实(无锡)科技有限公司 Method, device, electronic equipment and storage medium for establishing communication connection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889434A (en) * 2006-07-21 2007-01-03 胡祥义 Method for safety efficient network user identity discrimination
US20100131756A1 (en) * 2008-11-26 2010-05-27 James Paul Schneider Username based authentication and key generation
US20110191161A1 (en) * 2010-02-02 2011-08-04 Xia Dai Secured Mobile Transaction Device
CN105072132A (en) * 2015-08-27 2015-11-18 宇龙计算机通信科技(深圳)有限公司 Validation method, validation system and communication device
CN106790064A (en) * 2016-12-20 2017-05-31 北京工业大学 The method that both sides are communicated in credible root server cloud computing server model

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094056B (en) * 2007-05-30 2011-05-11 重庆邮电大学 Security system of wireless industrial control network, and method for implementing security policy
CN105227516A (en) * 2014-05-28 2016-01-06 中兴通讯股份有限公司 The access method of Smart Home, control centre's equipment and dress terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889434A (en) * 2006-07-21 2007-01-03 胡祥义 Method for safety efficient network user identity discrimination
US20100131756A1 (en) * 2008-11-26 2010-05-27 James Paul Schneider Username based authentication and key generation
US20110191161A1 (en) * 2010-02-02 2011-08-04 Xia Dai Secured Mobile Transaction Device
CN105072132A (en) * 2015-08-27 2015-11-18 宇龙计算机通信科技(深圳)有限公司 Validation method, validation system and communication device
CN106790064A (en) * 2016-12-20 2017-05-31 北京工业大学 The method that both sides are communicated in credible root server cloud computing server model

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LIU, JIANMING: "Implementation of Password Authentication System Based on DES Algorithm in Remote Controlling", MICROCOMPUTER INFORMATION, vol. 20, no. 01, 15 January 2004 (2004-01-15) *
LIU, JIANMING: "The JAVA Implementation of Password Authentication System Based on MD 5 Algorithm", COMPUTER DEVELOPMENT & APPLICATIONS, 30 March 2004 (2004-03-30), pages 47 *

Also Published As

Publication number Publication date
CN109510798A (en) 2019-03-22

Similar Documents

Publication Publication Date Title
US11509485B2 (en) Identity authentication method and system, and computing device
WO2019184135A1 (en) Application login method and apparatus, and computer device and storage medium
US9098678B2 (en) Streaming video authentication
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
US8811609B2 (en) Information protection system and method
KR101743195B1 (en) Method and apparatus for providing information, program and recording medium
WO2015154488A1 (en) Method and device for accessing router
CN105027107A (en) Secure virtual machine migration
CN110476399B (en) Mutual authentication system
US11297176B2 (en) Remotely controlling devices using short message service
US20080133775A1 (en) Method, Apparatus and Computer Program Product for Providing Intelligent Synchronization
US20190089693A1 (en) Systems and methods for authenticating internet-of-things devices
US11838965B2 (en) Communication system, non-transitory computer-readable recording medium storing connection application for terminal, and communication device
WO2017005163A1 (en) Wireless communication-based security authentication device
CN111404695B (en) Token request verification method and device
CN111193704B (en) HTTP communication method, device and readable storage medium
KR20130031435A (en) Method and apparatus for generating and managing of encryption key portable terminal
WO2019052027A1 (en) Authentication method, control device, and central control service device
US20200012573A1 (en) Data backup method and terminal
US20170374058A1 (en) Authentication system, communication system, and authentication and authorization method
US10645570B1 (en) Controlling devices using short message service from administrative devices
WO2014082396A1 (en) Method and mobile terminal for locking mobile terminal
US11399015B2 (en) Data security tool
US20190037612A1 (en) Connecting method to an information capture device
WO2021164312A1 (en) Wireless network information configuration method and apparatus for device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17925056

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17925056

Country of ref document: EP

Kind code of ref document: A1