WO2021082945A1 - Remote management method and system, terminal device and server - Google Patents

Remote management method and system, terminal device and server Download PDF

Info

Publication number
WO2021082945A1
WO2021082945A1 PCT/CN2020/121377 CN2020121377W WO2021082945A1 WO 2021082945 A1 WO2021082945 A1 WO 2021082945A1 CN 2020121377 W CN2020121377 W CN 2020121377W WO 2021082945 A1 WO2021082945 A1 WO 2021082945A1
Authority
WO
WIPO (PCT)
Prior art keywords
command
terminal device
server
executable program
name
Prior art date
Application number
PCT/CN2020/121377
Other languages
French (fr)
Chinese (zh)
Inventor
杜洪军
Original Assignee
京东方科技集团股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 京东方科技集团股份有限公司 filed Critical 京东方科技集团股份有限公司
Publication of WO2021082945A1 publication Critical patent/WO2021082945A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network

Abstract

The present application relates to a remote management method and system, a terminal device and a server. Data transmission is performed between a terminal device and a server on the basis of an MQTT protocol; the server sends a command message to the terminal device, the command message comprising a command name and a command body; the terminal device searches a memory registry for an executable program corresponding to the command name as a command processing program, and executes, by invoking the found command processing program, a command corresponding to the command message on the basis of a parameter in the command body.

Description

一种远程管理方法、系统、终端设备及服务器Remote management method, system, terminal equipment and server
相关申请的交叉引用本申请要求于2019年10月29日提交的中国专利申请201911039449.8的优先权,其内容通过引用的方式全文并入于此。CROSS-REFERENCE TO RELATED APPLICATIONS This application claims the priority of Chinese patent application 201911039449.8 filed on October 29, 2019, the content of which is incorporated herein by reference in its entirety.
技术领域Technical field
本申请涉及通信技术领域,特别是指一种远程管理方法、系统、终端设备及服务器。This application relates to the field of communication technology, in particular to a remote management method, system, terminal device and server.
背景技术Background technique
目前,各种场景中设置有各式各样的电子设备来执行相应的任务。比如,公共场所中设置的路由器可以提供无线网络,显示屏可以进行内容展示,摄像头可以进行监控,等等。Currently, various electronic devices are set in various scenarios to perform corresponding tasks. For example, a router set up in a public place can provide a wireless network, a display screen can display content, a camera can monitor, and so on.
一般来说,将电子设备安装在场景中的相关位置之后,如果再对设备进行管理,比如,更改路由器的相关配置,通过调节显示屏的控制设备调节显示屏的亮度,调整摄像头的采集范围等,只能依靠相关技术人员前往设备所在地,手动对设备进行相关的管理操作。技术人员前往设备所在地耗费较多人力及时间,因此,亟需一种对设备进行远程管理的方案。Generally speaking, after installing the electronic equipment in the relevant position in the scene, if you then manage the equipment, for example, change the relevant configuration of the router, adjust the brightness of the display by adjusting the control device of the display, and adjust the capture range of the camera, etc. , Can only rely on relevant technical personnel to go to the location of the equipment and manually perform related management operations on the equipment. It takes a lot of manpower and time for technicians to travel to the location of the equipment. Therefore, there is an urgent need for a solution for remote management of the equipment.
发明内容Summary of the invention
有鉴于此,本申请的目的在于提出一种远程管理方法、系统、终端设备及服务器,以对设备进行远程管理。In view of this, the purpose of this application is to propose a remote management method, system, terminal device and server to remotely manage the device.
基于上述目的,本申请实施例提供了一种远程管理方法,应用于终端设备,所述方法包括:Based on the foregoing objectives, the embodiments of the present application provide a remote management method, which is applied to a terminal device, and the method includes:
通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名记录至所述内存注册表;By calling the executable program in the designated directory, the command name supported by the executable program is obtained, and the command name supported by the executable program is recorded in the memory registry;
基于MQTT协议接收服务器发送的命令消息;其中,所述命令消息中包括命令名和命令体;The command message sent by the server is received based on the MQTT protocol; wherein, the command message includes the command name and the command body;
在所述内存注册表中,查找支持所述命令名的可执行程序,作为命令处理程序;In the memory registry, search for an executable program that supports the command name as a command processing program;
通过调用查找到的命令处理程序,基于所述命令体中的参数执行所述命令消息对应的命令。By calling the found command processing program, the command corresponding to the command message is executed based on the parameters in the command body.
可选的,所述通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,包括:Optionally, said obtaining the command name supported by the executable program by calling the executable program in the specified directory includes:
基于预设参数,依次调用指定目录下的可执行程序,分别得到每个可执行程序的支持的命令列表,所述命令列表中包括可执行程序支持的命令名;Based on the preset parameters, sequentially call the executable programs in the designated directory to obtain a list of commands supported by each executable program, and the command list includes the command names supported by the executable program;
所述将可执行程序支持的命令名记录至所述内存注册表,包括:The recording the command name supported by the executable program to the memory registry includes:
将所述命令列表和可执行程序的路径信息对应记录至所述内存注册表。The command list and the path information of the executable program are correspondingly recorded in the memory registry.
可选的,所述命令消息中还包括签名信息;在所述基于MQTT协议接收服务器发送 的命令消息之后,还包括:Optionally, the command message further includes signature information; after the command message sent by the server is received based on the MQTT protocol, it further includes:
利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;以及利用第二编码算法对应的解码算法对所述签名信息进行解码处理,得到第二解码后的签名信息;Use the first encoding algorithm to encode the command body to obtain the first encoded command body; and use the decoding algorithm corresponding to the second encoding algorithm to decode the signature information to obtain the second decoded signature information ;
基于预先约定的公钥,验证所述第一编码后的命令体与所述第二解码后的签名信息是否匹配;Verifying whether the first encoded command body matches the second decoded signature information based on the pre-appointed public key;
响应于所述第一编码后的命令体与所述第二解码后的签名信息匹配,执行所述在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序的步骤。In response to the first encoded command body being matched with the second decoded signature information, the step of searching the executable program corresponding to the command name in the memory registry is executed as a command processing program.
可选的,在验证所述第一编码后的命令体与所述第二解码后的签名信息匹配的情况下,还包括:Optionally, in the case of verifying that the first encoded command body matches the second decoded signature information, the method further includes:
验证所述命令体中的设备标识信息与所述终端设备的标识信息是否相同;Verifying whether the device identification information in the command body is the same as the identification information of the terminal device;
响应于所述命令体中的设备标识信息与所述终端设备的标识信息相同,执行所述在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序的步骤。In response to the device identification information in the command body being the same as the identification information of the terminal device, the step of searching the executable program corresponding to the command name in the memory registry is executed as a command processing program.
可选的,所述命令消息中还包括命令标识;所述方法还包括:Optionally, the command message further includes a command identifier; the method further includes:
响应于所述第一编码后的命令体与所述第二解码后的签名信息不匹配,基于MQTT协议向所述服务器发送包括所述命令标识的第一提示信息;Responding to the mismatch between the first encoded command body and the second decoded signature information, sending first prompt information including the command identifier to the server based on the MQTT protocol;
响应于所述命令体中的设备标识信息与所述终端设备的标识信息不相同,基于MQTT协议向所述服务器发送包括所述命令标识的第二提示信息;In response to the device identification information in the command body being different from the identification information of the terminal device, sending second prompt information including the command identification to the server based on the MQTT protocol;
若在内存注册表中,未查找到所述命令名对应的可执行程序,则基于MQTT协议向所述服务器发送包括所述命令标识的第三提示信息;If the executable program corresponding to the command name is not found in the memory registry, sending third prompt information including the command identifier to the server based on the MQTT protocol;
在所述通过调用查找到的命令处理程序,基于所述命令体中的参数执行所述命令消息对应的命令之后,还包括:After the command processing program found by invoking executes the command corresponding to the command message based on the parameters in the command body, the method further includes:
基于MQTT协议向所述服务器发送包括所述命令标识的第四提示信息。The fourth prompt information including the command identifier is sent to the server based on the MQTT protocol.
基于上述目的,本申请实施例还提供了一种远程管理方法,应用于服务器,所述方法包括:Based on the foregoing objective, an embodiment of the present application also provides a remote management method, which is applied to a server, and the method includes:
获取待执行命令的命令名、命令参数、以及指向的终端设备的标识信息;Obtain the command name, command parameters, and identification information of the pointed terminal device of the command to be executed;
基于所述命令参数和所述终端设备的标识信息,生成命令体;Generating a command body based on the command parameters and the identification information of the terminal device;
基于预先约定的私钥和所述命令体,生成签名信息;Generate signature information based on the pre-appointed private key and the command body;
基于MQTT协议向终端设备发送命令消息,所述命令消息中包括所述命令名、所述命令体和所述签名信息。A command message is sent to the terminal device based on the MQTT protocol, and the command message includes the command name, the command body, and the signature information.
可选的,所述基于预先约定的私钥和所述命令体,生成签名信息,包括:Optionally, the generating signature information based on the pre-appointed private key and the command body includes:
利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;Encoding the command body by using the first coding algorithm to obtain the first encoded command body;
基于预先约定的私钥和所述第一编码后的命令体,生成签名信息;Generating signature information based on the pre-appointed private key and the first encoded command body;
利用第二编码算法对所述签名信息进行编码处理,得到编码后的签名信息;Encoding the signature information by using the second encoding algorithm to obtain encoded signature information;
所述基于MQTT协议向终端设备发送命令消息,包括:The sending a command message to a terminal device based on the MQTT protocol includes:
基于MQTT协议向终端设备发送包括所述命令名、所述命令体和所述编码后的签名信息的命令消息。Send a command message including the command name, the command body, and the encoded signature information to the terminal device based on the MQTT protocol.
基于上述目的,本申请实施例还提供了一种终端设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上述任一种应用于终端设备的远程管理方法。Based on the foregoing objective, an embodiment of the present application also provides a terminal device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor. The processor implements any of the foregoing when the program is executed. A remote management method applied to terminal equipment.
基于上述目的,本申请实施例还提供了一种服务器,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上述任一种应用于服务器的远程管理方法。Based on the foregoing objective, an embodiment of the present application further provides a server, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor. The processor implements any of the foregoing when the program is executed. The remote management method applied to the server.
基于上述目的,本申请实施例还提供了一种远程管理系统,包括终端设备和服务器,所述终端设备与所述服务器之间基于MQTT协议进行数据传输;Based on the foregoing objective, an embodiment of the present application also provides a remote management system, including a terminal device and a server, and the terminal device and the server perform data transmission based on the MQTT protocol;
所述服务器,用于向终端设备发送命令消息,所述命令消息中包括命令名和命令体;The server is configured to send a command message to a terminal device, and the command message includes a command name and a command body;
所述终端设备,用于通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名记录至内存注册表;接收服务器发送的命令消息;读取接收到的命令消息中的命令名和命令体,作为待执行命令名和待执行命令体;在内存注册表中,查找支持所述待执行命令名的可执行程序,作为命令处理程序;通过调用查找到的命令处理程序,基于所述待执行命令体中的参数执行接收到的命令消息对应的命令。The terminal device is used to obtain the command name supported by the executable program by calling the executable program in the specified directory, and record the command name supported by the executable program in the memory registry; receive the command message sent by the server; read and receive The command name and command body in the received command message are used as the to-be-executed command name and the to-be-executed command body; in the memory registry, the executable program that supports the to-be-executed command name is searched as a command processing program; The command processing program executes the command corresponding to the received command message based on the parameters in the command body to be executed.
可选的,所述终端设备中配置有第一代理进程;所述服务器接入第二代理进程;所述第一代理进程与所述第二代理进程之间基于MQTT协议、或者MQTTS协议进行数据传输。Optionally, a first agent process is configured in the terminal device; the server accesses a second agent process; the first agent process and the second agent process perform data based on the MQTT protocol or the MQTTS protocol transmission.
应用本申请所示实施例,终端设备与服务器之间基于MQTT协议进行数据传输;服务器向终端设备发送命令消息,该命令消息中包括命令名和命令体;终端设备在内存注册表中,查找支持命令名的可执行程序,作为命令处理程序;通过调用查找到的命令处理程序,基于命令体中的参数执行该命令消息对应的命令;可见,本方案中,通过服务器发送命令消息,实现了对终端设备的远程管理。Applying the embodiment shown in this application, the terminal device and the server perform data transmission based on the MQTT protocol; the server sends a command message to the terminal device, the command message includes the command name and the command body; the terminal device searches for the supported command in the memory registry The executable program of the name is used as the command processing program; by calling the found command processing program, the command corresponding to the command message is executed based on the parameters in the command body; it can be seen that in this solution, the command message is sent through the server to realize the terminal Remote management of equipment.
附图说明Description of the drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative work.
图1为本申请实施例提供的一种远程管理系统的结构示意图;FIG. 1 is a schematic structural diagram of a remote management system provided by an embodiment of this application;
图2为本申请实施例提供的一种终端设备与服务器的交互示意图;FIG. 2 is a schematic diagram of interaction between a terminal device and a server according to an embodiment of the application;
图3为本申请实施例提供的另一种终端设备与服务器的交互示意图;FIG. 3 is a schematic diagram of another interaction between a terminal device and a server according to an embodiment of the application;
图4为本申请实施例提供的一种应用于终端设备的远程管理方法的流程示意图;4 is a schematic flowchart of a remote management method applied to terminal equipment according to an embodiment of the application;
图5为本申请实施例提供的一种应用于服务器的远程管理方法的流程示意图;FIG. 5 is a schematic flowchart of a remote management method applied to a server according to an embodiment of the application;
图6为本申请实施例提供的一种终端设备的结构示意图;FIG. 6 is a schematic structural diagram of a terminal device provided by an embodiment of this application;
图7为本申请实施例提供的一种服务器的结构示意图。Fig. 7 is a schematic structural diagram of a server provided by an embodiment of the application.
具体实施方式Detailed ways
为使本申请的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本申请进一步详细说明。In order to make the objectives, technical solutions, and advantages of the present application clearer, the following further describes the present application in detail in conjunction with specific embodiments and with reference to the accompanying drawings.
需要说明的是,本申请实施例中所有使用“第一”和“第二”的表述均是为了区分两个相同名称非相同的实体或者非相同的参量,可见“第一”“第二”仅为了表述的方便,不应理解为对本申请实施例的限定,后续实施例对此不再一一说明。It should be noted that all the expressions "first" and "second" used in the examples of this application are used to distinguish two entities with the same name but not the same or parameters that are not the same, as shown in "first" and "second" Only for the convenience of presentation, it should not be construed as a limitation to the embodiments of the present application, and subsequent embodiments will not describe this one by one.
为了达到上述目的,本申请实施例提供了一种应用于终端设备的远程管理方法、一种应用于服务器的远程管理方法、一种终端设备、一种服务器以及一种远程管理系统。该终端设备可以为各种需要进行远程管理的设备,比如,路由器、显示屏的控制设备、摄像头等等,具体不做限定。下面首先对该远程管理系统进行详细介绍。In order to achieve the foregoing objectives, the embodiments of the present application provide a remote management method applied to a terminal device, a remote management method applied to a server, a terminal device, a server, and a remote management system. The terminal device can be various devices that need to be remotely managed, such as a router, a control device for a display screen, a camera, etc., and the details are not limited. The following first introduces the remote management system in detail.
图1为本申请实施例提供的一种远程管理系统的结构示意图,包括:终端设备100和服务器200,终端设备100与服务器200的交互过程可以如图2所示:FIG. 1 is a schematic structural diagram of a remote management system provided by an embodiment of the application, including: a terminal device 100 and a server 200, and the interaction process between the terminal device 100 and the server 200 may be as shown in FIG. 2:
服务器200,用于向终端设备100发送命令消息,所述命令消息中包括命令名和命令体;The server 200 is configured to send a command message to the terminal device 100, where the command message includes a command name and a command body;
终端设备100,用于接收服务器200发送的命令消息;读取接收到的命令消息中的命令名和命令体,作为待执行命令名和待执行命令体;在内存注册表中,查找所述待执行命令名对应的可执行程序,作为命令处理程序;通过调用查找到的命令处理程序,基于所述待执行命令体中的参数执行接收到的命令消息对应的命令。The terminal device 100 is used to receive the command message sent by the server 200; read the command name and command body in the received command message as the name of the command to be executed and the command body to be executed; find the command to be executed in the memory registry The executable program corresponding to the name is used as a command processing program; by calling the found command processing program, the command corresponding to the received command message is executed based on the parameters in the command body to be executed.
一种实施方式中,终端设备100和服务器200之间基于MQTT((Message Queuing Telemetry Transport,消息队列遥测传输))协议进行数据传输。或者,另一种实施方式中,终端设备100和服务器200之间可以基于MQTTS((MQTT+TLS;TLS:Transport Layer Security,安全传输层))协议进行数据传输,这样,对传输通道进行了加密,提高了数据传输的安全性。或者,终端设备100与服务器200之间也可以基于其他协议进行数据传输,不再一一列举。In an implementation manner, the terminal device 100 and the server 200 perform data transmission based on the MQTT ((Message Queuing Telemetry Transport)) protocol. Or, in another implementation manner, the terminal device 100 and the server 200 may perform data transmission based on the MQTTS ((MQTT+TLS; TLS: Transport Layer Security, secure transport layer)) protocol, so that the transmission channel is encrypted , Improve the security of data transmission. Alternatively, the terminal device 100 and the server 200 may also perform data transmission based on other protocols, which will not be listed one by one.
一种实施方式中,终端设备100中配置有第一代理进程;服务器200接入第二代理进程;所述第一代理进程与所述第二代理进程之间基于MQTT协议、或者MQTTS协议进行数据传输。以下内容中,以MQTT协议为例进行说明。In one embodiment, the terminal device 100 is configured with a first agent process; the server 200 accesses a second agent process; the first agent process and the second agent process perform data based on the MQTT protocol or the MQTTS protocol transmission. In the following content, the MQTT protocol is taken as an example for description.
举例来说,可以在终端设备100中配置基于POSIX C(Portable Operating System Interface,可移植操作系统接口)实现的跨平台应用程序,该应用程序以daemon(守护进程)的方式在后台运行,该应用程序即为第一代理进程。For example, a cross-platform application based on POSIX C (Portable Operating System Interface) can be configured in the terminal device 100. The application runs in the background as a daemon. The application The program is the first agent process.
举例来说,第二代理进程可以为Broker(一种消息代理)。服务器200和终端设备中配置的第一代理进程均接入Broker。Broker可以配置在服务器200中,或者,Broker可以配 置在其他设备中,服务器200接入配置有Broker的设备中。终端设备100中配置的应用程序通过Broker接收服务器发送的命令消息。For example, the second agent process may be Broker (a message broker). Both the server 200 and the first agent process configured in the terminal device access the Broker. The Broker can be configured in the server 200, or the Broker can be configured in other devices, and the server 200 is connected to the device configured with the Broker. The application program configured in the terminal device 100 receives the command message sent by the server through the Broker.
该命令消息中包括命令名和命令体,命令名即为需要执行的命令的名称,命令体中可以包括执行该命令所需要的参数。举例来说,服务器可以将命令名和命令体组装为JSON(JavaScript Object Notation,JS对象简谱)格式的命令消息,命令消息的具体格式不做限定。The command message includes the command name and the command body. The command name is the name of the command to be executed, and the command body can include the parameters required to execute the command. For example, the server may assemble the command name and the command body into a command message in JSON (JavaScript Object Notation, JS object notation) format, and the specific format of the command message is not limited.
一种实施方式中,服务器生成命令消息的过程可以包括:获取待执行命令的命令名、命令参数、以及指向的终端设备的标识信息;基于所述命令参数和所述终端设备的标识信息,生成命令体;生成包括所述命令名和所述命令体的命令消息。In one embodiment, the process of the server generating the command message may include: obtaining the command name, command parameters, and identification information of the pointed terminal device of the command to be executed; generating based on the command parameters and the identification information of the terminal device Command body; generate a command message including the command name and the command body.
举例来说,服务器和终端设备接入Broker后,终端设备订阅主题,然后服务器便可以通过Publish(发布)将命令消息发送至终端设备。For example, after the server and terminal device access the Broker, the terminal device subscribes to the topic, and then the server can send the command message to the terminal device through Publish.
终端设备中存储有内存注册表,该内存注册表中记录有可执行程序支持的命令名,记录过程包括:通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名记录至所述内存注册表。A memory registry is stored in the terminal device, and the command name supported by the executable program is recorded in the memory registry. The recording process includes: by calling the executable program in the specified directory, obtaining the command name supported by the executable program, and executing The command names supported by the program are recorded in the memory registry.
一种实施方式中,记录过程可以包括:基于预设参数,依次调用指定目录下的可执行程序,分别得到每个可执行程序的命令列表,所述命令列表中包括可执行程序支持的命令名;将所述命令列表和可执行程序的路径信息对应记录至所述内存注册表。In one embodiment, the recording process may include: based on preset parameters, sequentially calling executable programs in a specified directory to obtain a command list of each executable program, and the command list includes command names supported by the executable program. ; Correspondingly record the command list and the path information of the executable program to the memory registry.
举例来说,第一代理进程可以扫描指定目录下的可执行程序,以supportedcommands为参数依次调用各可执行程序,若调用成功,则获取到该可执行程序对应的命令列表,命令列表中包括该可执行程序支持(能够执行)的一种或多种命令的名称,将该可执行程序的命令列表和该可执行程序的路径信息记录至内存注册表中。这样,终端设备便可以在内存注册表中查找命令名对应的可执行程序,也就是执行命令的可执行程序,为了方便描述,将其称为命令处理程序。For example, the first agent process can scan the executable programs in the specified directory, and call each executable program in turn with supportedcommands as a parameter. If the call is successful, the command list corresponding to the executable program is obtained, and the command list includes the The name of one or more commands that the executable program supports (can be executed), and the command list of the executable program and the path information of the executable program are recorded in the memory registry. In this way, the terminal device can find the executable program corresponding to the command name in the memory registry, that is, the executable program that executes the command. For the convenience of description, it is called a command processing program.
比如,假设调用与音量相关的可执行程序,调用成功并获取到该可执行程序对应的命令列表,该命令列表中包括该可执行程序支持的命令名volume,将该可执行程序的路径信息以及该命令列表记录至内存注册表中。For example, suppose the executable program related to volume is called, the call is successful and the command list corresponding to the executable program is obtained. The command list includes the command name volume supported by the executable program, the path information of the executable program, and The command list is recorded in the memory registry.
或者,一种情况下,可执行程序对应的命令列表中可以包括命令名和方法(method),这样,内存注册表中还可以包括命令名对应的方法。比如,假设调用与音量相关的可执行程序,调用成功并获取到该可执行程序对应的命令列表,该命令列表中包括该可执行程序支持的命令名volume,volume对应两种方法:set和get,其中,set表示设置音量,get表示获取音量值,将该可执行程序的路径信息以及该命令列表记录至内存注册表中。Or, in one case, the command list corresponding to the executable program may include the command name and the method (method), so that the memory registry may also include the method corresponding to the command name. For example, suppose you call an executable program related to volume, the call is successful and the command list corresponding to the executable program is obtained. The command list includes the command name volume supported by the executable program. Volume corresponds to two methods: set and get , Where set means to set the volume, get means to obtain the volume value, and record the path information of the executable program and the command list in the memory registry.
一种实施方式中,终端设备接收到命令消息后,解析该命令消息,得到命令名和命令体;在该内存注册表中,查找该命令名对应的可执行程序,作为命令处理程序;如果查找 到,则调用查找到的命令处理程序,基于该命令体中的参数执行命令消息对应的命令;如果未查找到,表示终端设备不支持执行命令消息对应的命令。In one embodiment, after receiving the command message, the terminal device parses the command message to obtain the command name and command body; in the memory registry, find the executable program corresponding to the command name as the command processing program; , The found command processing program is called, and the command corresponding to the command message is executed based on the parameters in the command body; if it is not found, it means that the terminal device does not support executing the command corresponding to the command message.
假设命令名为volume(音量)、方法为set、命令体中的参数为data:9,表示将终端设备的音量设置为9;终端设备查找该命令名对应的可执行程序,作为命令处理程序;如果查找到,则调用查找到的命令处理程序,将终端设备的音量设置为9。Suppose the command name is volume (volume), the method is set, and the parameter in the command body is data:9, which means that the volume of the terminal device is set to 9; the terminal device searches for the executable program corresponding to the command name as the command processing program; If found, call the found command processing program and set the volume of the terminal device to 9.
另一种实施方式中,服务器生成命令消息的过程可以包括:获取待执行命令的命令名、命令参数、以及指向的终端设备的标识信息;基于所述命令参数和所述终端设备的标识信息,生成命令体;基于预先约定的私钥和所述命令体,生成签名信息;生成包括所述命令名、所述命令体和所述签名信息的命令消息。In another embodiment, the process of generating the command message by the server may include: obtaining the command name, command parameters, and identification information of the terminal device to which the command is to be executed; based on the command parameters and the identification information of the terminal device, Generate a command body; generate signature information based on a pre-appointed private key and the command body; generate a command message including the command name, the command body, and the signature information.
举例来说,该命令消息中可以包括:命令消息的ID(Identity,身份标识号)、发送该命令消息的设备的类型、命令名、命令体和签名信息,该命令体中可以包括执行该命令所需要的参数、终端设备的设备标识信息等等。For example, the command message may include: the ID (Identity) of the command message, the type of the device sending the command message, the command name, the command body, and the signature information. The command body may include the execution of the command. The required parameters, the device identification information of the terminal device, and so on.
比如,命令消息的格式可以为:For example, the format of the command message can be:
{{
"id":20190730002,/命令消息的ID"id":20190730002,/ID of the command message
"from":"iot_web_console",/发送该命令消息的设备的类型,这里为物联网控制台"from":"iot_web_console",/The type of device sending the command message, here is the IoT console
"command":"volume",/命令名:音量"command":"volume",/command name: volume
"method":"set",/方法:设置"method":"set",/method: set
"body":{"data":9,"sn":"A0BB3ED2BF3D"},/命令体,其中的data:9表示将音量设置为9,sn表示终端设备的设备标识信息,"body":{"data":9,"sn":"A0BB3ED2BF3D"},/command body, where data:9 means to set the volume to 9, sn means the device identification information of the terminal device,
“sig”:“签名信息”/签名信息"Sig": "Signature Information"/Signature Information
}}
一种实施方式中,服务器生成签名信息的过程可以包括:In an implementation manner, the process of generating the signature information by the server may include:
利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;基于预先约定的私钥和所述第一编码后的命令体,生成签名信息;利用第二编码算法对所述签名信息进行编码处理,得到编码后的签名信息;这样,命令消息中包括的签名信息为编码后的签名信息。Use the first encoding algorithm to encode the command body to obtain the first encoded command body; generate signature information based on the pre-appointed private key and the first encoded command body; use the second encoding algorithm to The signature information is encoded to obtain encoded signature information; in this way, the signature information included in the command message is the encoded signature information.
举例来说,第一编码算法可以为sha256算法,第二编码算法可以为base64编码算法,命令消息中包括的签名信息可以为base64编码字符串。或者,也可以采用其他编码算法,具体算法不做限定。For example, the first encoding algorithm may be a sha256 algorithm, the second encoding algorithm may be a base64 encoding algorithm, and the signature information included in the command message may be a base64 encoded character string. Alternatively, other encoding algorithms can also be used, and the specific algorithm is not limited.
如果命令消息中还包括签名信息;终端设备接收到命令消息之后,可以先利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;以及利用第二编码算法对应的解码算法对所述签名信息进行解码处理,得到第二解码后的签名信息;基于预先约定 的公钥,验证所述第一编码后的命令体与所述第二解码后的签名信息是否匹配;如果匹配,再在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序。If the command message also includes signature information; after receiving the command message, the terminal device can first encode the command body using the first encoding algorithm to obtain the first encoded command body; and use the second encoding algorithm corresponding to the The decoding algorithm decodes the signature information to obtain the second decoded signature information; based on the pre-appointed public key, verify whether the first encoded command body matches the second decoded signature information; If it matches, the executable program corresponding to the command name is searched in the memory registry as a command processing program.
延续上述例子,可以利用base64编码算法对应的解码算法对命令消息中的签名信息进行解码处理,为了区分描述,将这里解码得到的数据称为“第二解码后的签名信息”;以及利用sha256算法对命令体进行编码处理,为了区分描述,将这里编码得到的数据称为“第一编码后的命令体”。Continuing the above example, you can use the decoding algorithm corresponding to the base64 encoding algorithm to decode the signature information in the command message. In order to distinguish the description, the data obtained by decoding here is called the "second decoded signature information"; and the sha256 algorithm is used The command body is coded. In order to distinguish the description, the data obtained by coding here is called the "first coded command body".
服务器与终端设备预先约定公私钥,举例来说,公钥可以为RSA(一种非对称加密算法)公钥,私钥可以为RSA私钥。服务器基于RSA私钥生成签名信息;终端设备基于RSA公钥,验证第一编码后的命令体与第二解码后的签名信息是否匹配,如果匹配,表示该命令消息未被篡改,也不是伪造的命令消息,终端设备再在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序。这可以理解为对命令消息进行安全验证,可以过滤掉被篡改的命令消息,也可以识别出伪造的命令消息,提高了远程管理的安全性。The server and the terminal device pre-appoint a public and private key. For example, the public key may be an RSA (an asymmetric encryption algorithm) public key, and the private key may be an RSA private key. The server generates the signature information based on the RSA private key; the terminal device verifies whether the first encoded command body matches the second decoded signature information based on the RSA public key. If they match, it means that the command message has not been tampered with or forged For the command message, the terminal device searches for the executable program corresponding to the command name in the memory registry as a command processing program. This can be understood as security verification of command messages, which can filter out tampered command messages, and can also identify forged command messages, which improves the security of remote management.
一种实施方式中,如果验证第一编码后的命令体与第二解码后的签名信息匹配,可以进一步验证命令体中的设备标识信息与终端设备的标识信息是否相同;如果相同,表示该命令消息未被篡改,也不是伪造的命令消息,终端设备再在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序。这可以理解为对命令消息进行安全验证,可以进一步过滤掉被篡改的命令消息,也可以进一步识别出伪造的命令消息,进一步提高了远程管理的安全性。In one embodiment, if it is verified that the first encoded command body matches the second decoded signature information, it can be further verified whether the device identification information in the command body is the same as the identification information of the terminal device; if they are the same, it means the command The message has not been tampered with, nor is it a forged command message. The terminal device then searches for the executable program corresponding to the command name in the memory registry as a command processing program. This can be understood as security verification of command messages, which can further filter out tampered command messages, and can also further identify forged command messages, which further improves the security of remote management.
一种实施方式中,终端设备在验证命令消息的安全性的过程中,可以将验证结果反馈给服务器。命令消息中还可以包括命令标识,终端设备可以基于该命令标识向服务器反馈安全验证结果,使得服务器确定该安全验证结果针对哪条命令消息。In an implementation manner, the terminal device may feed back the verification result to the server in the process of verifying the security of the command message. The command message may also include a command identifier, and the terminal device may feed back the security verification result to the server based on the command identifier, so that the server determines which command message the security verification result is for.
比如,若所述第一编码后的命令体与所述第二解码后的签名信息未匹配成功,则基于MQTT协议向所述服务器发送包括所述命令标识的第一提示信息。For example, if the first encoded command body does not match the second decoded signature information successfully, the first prompt information including the command identifier is sent to the server based on the MQTT protocol.
再比如,若所述命令体中的设备标识信息与所述终端设备的标识信息不相同,则基于MQTT协议向所述服务器发送包括所述命令标识的第二提示信息。For another example, if the device identification information in the command body is different from the identification information of the terminal device, the second prompt information including the command identification is sent to the server based on the MQTT protocol.
再比如,若在内存注册表中,未查找到所述命令名对应的可执行程序,则基于MQTT协议向所述服务器发送包括所述命令标识的第三提示信息。For another example, if the executable program corresponding to the command name is not found in the memory registry, the third prompt information including the command identifier is sent to the server based on the MQTT protocol.
再比如,在终端设备执行命令消息对应的命令之后,可以基于MQTT协议向所述服务器发送包括所述命令标识的第四提示信息,使得服务器获取到命令的执行情况。For another example, after the terminal device executes the command corresponding to the command message, the fourth prompt information including the command identifier may be sent to the server based on the MQTT protocol, so that the server obtains the execution status of the command.
举例来说,如果终端设备为路由器,则执行的命令可以包括更改路由器的配置,这种情况下,命令参数可以包括更改后的配置信息;或者,执行的命令还可以包括开启/关闭路由器,等等。如果终端设备为显示屏的控制设备,则执行的命令可以包括调节显示屏亮度、显示区域等等,这种情况下,命令参数可以包括更改后的显示屏亮度、显示屏区域等信息。如果终端设备为摄像头,则执行的命令可以为包括调整摄像头的俯仰角、旋转角、 焦距等等,这种情况下,命令参数可以包括更改后的俯仰角、旋转角、焦距等信息。本方案中并不对终端设备的类型及其执行的命令进行限定,不再一一列举。For example, if the terminal device is a router, the executed command may include changing the configuration of the router. In this case, the command parameter may include the modified configuration information; or the executed command may also include turning on/off the router, etc. Wait. If the terminal device is a control device of the display screen, the executed command may include adjusting the brightness of the display screen, the display area, and so on. In this case, the command parameters may include information such as the changed display brightness and display area. If the terminal device is a camera, the executed command may include adjusting the pitch angle, rotation angle, focal length, etc. of the camera. In this case, the command parameters may include the changed pitch angle, rotation angle, focal length, and other information. This solution does not limit the type of terminal equipment and the commands it executes, and will not list them one by one.
下面参考图3,介绍一种具体的实施方式:The following describes a specific implementation manner with reference to FIG. 3.
对终端设备来说:For terminal equipment:
终端设备启动第一代理进程,加载RSA公钥,通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名和可执行程序的路径信息记录至内存注册表。此外,终端设备接入第二代理进程,第一代理进程与第二代理进程之间基于MQTT协议进行通信,终端设备订阅主题。延续上述例子,终端设备的标识信息为序列号A0BB3ED2BF3D,则终端设备可以订阅topic cmd/A0BB3ED2BF3D,topic表示订阅主题,cmd是command的缩写,表示命令提示符。The terminal device starts the first agent process, loads the RSA public key, obtains the command name supported by the executable program by calling the executable program in the specified directory, and records the command name supported by the executable program and the path information of the executable program to the memory registration table. In addition, the terminal device accesses the second agent process, the first agent process and the second agent process communicate based on the MQTT protocol, and the terminal device subscribes to the topic. Continuing the above example, the identification information of the terminal device is the serial number A0BB3ED2BF3D, then the terminal device can subscribe to topic cmd/A0BB3ED2BF3D, topic represents the subscription topic, cmd is the abbreviation of command, which represents the command prompt.
终端设备中的第一代理进程可以为基于POSIX C实现的跨平台应用程序,该应用程序以daemon的方式在后台运行,该应用程序可以接入第二代理进程,可以提供用于发送消息的HTTP接口,可以装载可执行程序,可以订阅接收服务器发送的命令消息,可以验证签名信息是否合法,可以调用可执行程序执行相应的命令。The first agent process in the terminal device can be a cross-platform application based on POSIX C. The application runs in the background as a daemon. The application can access the second agent process and can provide HTTP for sending messages. The interface can load executable programs, subscribe to receive command messages sent by the server, verify whether the signature information is legal, and call executable programs to execute corresponding commands.
对于服务器来说:For the server:
服务器接入第二代理进程,加载RSA私钥,经业务触发后,组装命令体,生成签名信息,组装命令消息。由于终端设备订阅了topic cmd/A0BB3ED2BF3D,服务器便可以通过Publish(发布)将命令消息发送至终端设备。The server accesses the second agent process, loads the RSA private key, and assembles the command body after being triggered by the service, generates signature information, and assembles the command message. Since the terminal device subscribes to topic cmd/A0BB3ED2BF3D, the server can send the command message to the terminal device through Publish.
终端设备接收到命令消息后,验证命令消息中的签名信息是否合法,如果合法,在内存注册表中查找命令名对应的可执行程序,作为命令处理程序;调用查找到的命令处理程序,执行命令消息对应的命令。如果验证命令消息中的签名信息不合法,或者,在内存注册表中未查找到命令名对应的可执行程序,可以向服务器反馈提示信息。After receiving the command message, the terminal device verifies whether the signature information in the command message is legal. If it is legal, find the executable program corresponding to the command name in the memory registry as the command processing program; call the found command processing program and execute the command The command corresponding to the message. If the signature information in the verification command message is illegal, or the executable program corresponding to the command name is not found in the memory registry, you can feed back prompt information to the server.
应用本申请所示实施例,第一方面,通过服务器发送命令消息,实现了对终端设备的远程管理。第二方面,服务器与终端设备之间基于MQTT协议进行通信,相比于HTTP(Hyper Text Transfer Protocol,超文本传输协议)轮询的通信方式,本方案通信过程的时效性更佳。第三方面,MQTT协议的通信方式的通用性较佳,不需要专门定制的终端设备和服务器,只需要在终端设备中配置第一处理进程,并且将服务器接入第二处理进程即可。第四方面,本方案中定义的命令消息中可以添加多种命令的相关信息,该命令消息的可扩展性较佳。第五方面,终端设备对命令消息进行签名验证和/或设备标识信息验证,可以过滤掉被篡改的命令消息,也可以识别出伪造的命令消息,提高了远程管理的安全性。Applying the embodiment shown in this application, in the first aspect, the remote management of the terminal device is realized by sending the command message through the server. In the second aspect, the communication between the server and the terminal device is based on the MQTT protocol. Compared with the HTTP (Hyper Text Transfer Protocol) polling communication method, the communication process of this solution has better timeliness. In the third aspect, the communication mode of the MQTT protocol has better versatility. It does not require specially customized terminal devices and servers. It only needs to configure the first processing process in the terminal device and connect the server to the second processing process. In the fourth aspect, the command message defined in this solution can add information related to multiple commands, and the command message has better scalability. In the fifth aspect, the terminal device performs signature verification and/or device identification information verification on the command message, which can filter out tampered command messages, and can also identify forged command messages, which improves the security of remote management.
下面对应用于终端设备的远程管理方法进行介绍,该终端设备可以为各种需要进行远程管理的设备,比如,路由器、显示屏的控制设备、摄像头等等,具体不做限定。如图4所示,图4为一种应用于终端设备的远程管理方法的流程示意图,包括:The following describes the remote management method for the terminal device. The terminal device can be various devices that need to be remotely managed, such as routers, display control devices, cameras, etc., which are not specifically limited. As shown in FIG. 4, FIG. 4 is a schematic flowchart of a remote management method applied to terminal equipment, including:
S401:基于MQTT协议接收服务器发送的命令消息;其中,所述命令消息中包括命 令名和命令体。S401: Receive a command message sent by a server based on the MQTT protocol; wherein, the command message includes a command name and a command body.
一种实施方式中,终端设备和服务器之间基于MQTT协议进行数据传输。或者,另一种实施方式中,终端设备和服务器之间可以基于MQTTS协议进行数据传输,这样,对传输通道进行了加密,提高了数据传输的安全性。或者,终端设备与服务器之间也可以基于其他协议进行数据传输,不再一一列举。In an implementation manner, data transmission is performed between the terminal device and the server based on the MQTT protocol. Or, in another implementation manner, data transmission between the terminal device and the server can be based on the MQTTS protocol. In this way, the transmission channel is encrypted, which improves the security of data transmission. Or, the data transmission between the terminal device and the server can also be based on other protocols, which will not be listed here.
一种实施方式中,终端设备中配置有第一代理进程;服务器接入第二代理进程;所述第一代理进程与所述第二代理进程之间基于MQTT协议、或者MQTTS协议进行数据传输。以下内容中,以MQTT协议为例进行说明。In an implementation manner, the terminal device is configured with a first proxy process; the server accesses the second proxy process; the first proxy process and the second proxy process perform data transmission based on the MQTT protocol or the MQTTS protocol. In the following content, the MQTT protocol is taken as an example for description.
举例来说,可以在终端设备中配置基于POSIX C实现的跨平台应用程序,该应用程序以daemon的方式在后台运行,该应用程序即为第一代理进程。该应用程序可以接入第二代理进程,可以提供用于发送消息的HTTP接口,可以装载可执行程序,可以订阅接收服务器发送的命令消息,可以验证签名信息是否合法,可以调用可执行程序执行相应的命令。For example, a cross-platform application based on POSIX C can be configured in the terminal device. The application runs in the background as a daemon, and the application is the first agent process. The application program can access the second agent process, can provide an HTTP interface for sending messages, can load executable programs, can subscribe to receive command messages sent by the server, can verify whether the signature information is legal, and can call executable programs to execute the corresponding The command.
该命令消息中包括命令名和命令体,命令名即为需要执行的命令的名称,命令体中可以包括执行该命令所需要的参数。The command message includes the command name and the command body. The command name is the name of the command to be executed, and the command body can include the parameters required to execute the command.
S402:在内存注册表中,查找命令名对应的可执行程序,作为命令处理程序。如果查找到,执行S403。S402: Find the executable program corresponding to the command name in the memory registry as the command processing program. If found, execute S403.
终端设备中存储有内存注册表,该内存注册表中记录有可执行程序支持的命令名,记录过程包括:通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名记录至所述内存注册表。A memory registry is stored in the terminal device, and the command name supported by the executable program is recorded in the memory registry. The recording process includes: by calling the executable program in the specified directory, obtaining the command name supported by the executable program, and executing The command names supported by the program are recorded in the memory registry.
一种实施方式中,记录过程可以包括:基于预设参数,依次调用指定目录下的可执行程序,分别得到每个可执行程序的命令列表,所述命令列表中包括可执行程序支持的命令名;将所述命令列表和可执行程序的路径信息对应记录至所述内存注册表。In one embodiment, the recording process may include: based on preset parameters, sequentially calling executable programs in a specified directory to obtain a command list of each executable program, and the command list includes command names supported by the executable program. ; Correspondingly record the command list and the path information of the executable program to the memory registry.
举例来说,第一代理进程可以扫描指定目录下的可执行程序,以supportedcommands为参数依次调用各可执行程序,若调用成功,则获取到该可执行程序对应的命令列表,命令列表中包括该可执行程序支持(能够执行)的一种或多种命令的名称,将该可执行程序的命令列表和该可执行程序的路径信息记录至内存注册表中。这样,终端设备便可以在内存注册表中查找命令名对应的可执行程序,也就是执行命令的可执行程序,为了方便描述,将其称为命令处理程序。For example, the first agent process can scan the executable programs in the specified directory, and call each executable program in turn with supportedcommands as a parameter. If the call is successful, the command list corresponding to the executable program is obtained, and the command list includes the The name of one or more commands that the executable program supports (can be executed), and the command list of the executable program and the path information of the executable program are recorded in the memory registry. In this way, the terminal device can find the executable program corresponding to the command name in the memory registry, that is, the executable program that executes the command. For the convenience of description, it is called a command processing program.
比如,假设调用与音量相关的可执行程序,调用成功并获取到该可执行程序对应的命令列表,该命令列表中包括该可执行程序支持的命令名volume,将该可执行程序的路径信息以及该命令列表记录至内存注册表中。For example, suppose the executable program related to volume is called, the call is successful and the command list corresponding to the executable program is obtained. The command list includes the command name volume supported by the executable program, the path information of the executable program, and The command list is recorded in the memory registry.
或者,一种情况下,可执行程序对应的命令列表中可以包括命令名和方法(method),这样,内存注册表中还可以包括命令名对应的方法。比如,假设调用与音量相关的可执行 程序,调用成功并获取到该可执行程序对应的命令列表,该命令列表中包括该可执行程序支持的命令名volume,volume对应两种方法:set和get,其中,set表示设置音量,get表示获取音量值,将该可执行程序的路径信息以及该命令列表记录至内存注册表中。Or, in one case, the command list corresponding to the executable program may include the command name and the method (method), so that the memory registry may also include the method corresponding to the command name. For example, suppose you call an executable program related to volume, the call is successful and the command list corresponding to the executable program is obtained. The command list includes the command name volume supported by the executable program. Volume corresponds to two methods: set and get , Where set means to set the volume, get means to obtain the volume value, and record the path information of the executable program and the command list in the memory registry.
S403:通过调用查找到的命令处理程序,基于命令体中的参数执行命令消息对应的命令。S403: By invoking the found command processing program, execute the command corresponding to the command message based on the parameters in the command body.
一种实施方式,终端设备接收到命令消息后,解析该命令消息,得到命令名和命令体;在该内存注册表中,查找该命令名对应的可执行程序,作为命令处理程序;如果查找到,则调用查找到的命令处理程序,基于该命令体中的参数执行命令消息对应的命令;如果未查找到,表示终端设备不支持执行命令消息对应的命令。In an implementation manner, after receiving the command message, the terminal device parses the command message to obtain the command name and command body; in the memory registry, find the executable program corresponding to the command name as the command processing program; if found, The command processing program found is called, and the command corresponding to the command message is executed based on the parameters in the command body; if it is not found, it means that the terminal device does not support executing the command corresponding to the command message.
假设命令名为volume(音量)、方法为set、命令体中的参数为data:9,表示将终端设备的音量设置为9;终端设备查找该命令名对应的可执行程序,作为命令处理程序;如果查找到,则调用查找到的命令处理程序,将终端设备的音量设置为9。Suppose the command name is volume (volume), the method is set, and the parameter in the command body is data:9, which means that the volume of the terminal device is set to 9; the terminal device searches for the executable program corresponding to the command name as the command processing program; If found, call the found command processing program and set the volume of the terminal device to 9.
另一种实施方式中,如果命令消息中还包括签名信息;S401之后,终端设备可以先利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;以及利用第二编码算法对应的解码算法对所述签名信息进行解码处理,得到第二解码后的签名信息;基于预先约定的公钥,验证所述第一编码后的命令体与所述第二解码后的签名信息是否匹配;如果匹配,再执行S402。In another implementation manner, if the command message also includes signature information; after S401, the terminal device may first use the first encoding algorithm to encode the command body to obtain the first encoded command body; and use the second The decoding algorithm corresponding to the encoding algorithm decodes the signature information to obtain the second decoded signature information; based on the pre-appointed public key, verify the first encoded command body and the second decoded signature Whether the information matches; if it matches, execute S402 again.
举例来说,第一编码算法可以为sha256算法,第二编码算法可以为base64编码算法。可以利用base64编码算法对应的解码算法对命令消息中的签名信息进行解码处理,为了区分描述,将这里解码得到的数据称为“第二解码后的签名信息”;以及利用sha256算法对命令体进行编码处理,为了区分描述,将这里编码得到的数据称为“第一编码后的命令体”。For example, the first encoding algorithm may be a sha256 algorithm, and the second encoding algorithm may be a base64 encoding algorithm. You can use the decoding algorithm corresponding to the base64 encoding algorithm to decode the signature information in the command message. In order to distinguish the description, the data obtained by decoding here is called the "second decoded signature information"; and the sha256 algorithm is used to perform the command body For encoding processing, in order to distinguish the description, the data obtained by encoding here is called the "first encoded command body".
服务器与终端设备预先约定公私钥,举例来说,公钥可以为RSA(一种非对称加密算法)公钥,私钥可以为RSA私钥。终端设备基于该RSA公钥,验证第一编码后的命令体与第二解码后的签名信息是否匹配,如果匹配,表示该命令消息未被篡改,也不是伪造的命令消息,终端设备再在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序。这可以理解为对命令消息进行安全验证,可以过滤掉被篡改的命令消息,也可以识别出伪造的命令消息,提高了远程管理的安全性。The server and the terminal device pre-appoint a public and private key. For example, the public key may be an RSA (an asymmetric encryption algorithm) public key, and the private key may be an RSA private key. Based on the RSA public key, the terminal device verifies whether the first encoded command body matches the second decoded signature information. If it matches, it means that the command message has not been tampered with, nor is it a forged command message. The terminal device is then stored in the memory In the registry, the executable program corresponding to the command name is searched for as a command processing program. This can be understood as security verification of command messages, which can filter out tampered command messages, and can also identify forged command messages, which improves the security of remote management.
一种实施方式中,如果验证第一编码后的命令体与第二解码后的签名信息匹配,可以进一步验证命令体中的设备标识信息与终端设备的标识信息是否相同;如果相同,表示该命令消息未被篡改,也不是伪造的命令消息,终端设备再执行S402。这可以理解为对命令消息进行安全验证,可以进一步过滤掉被篡改的命令消息,也可以进一步识别出伪造的命令消息,进一步提高了远程管理的安全性。In one embodiment, if it is verified that the first encoded command body matches the second decoded signature information, it can be further verified whether the device identification information in the command body is the same as the identification information of the terminal device; if they are the same, it means the command If the message has not been tampered with, nor is it a forged command message, the terminal device executes S402 again. This can be understood as security verification of command messages, which can further filter out tampered command messages, and can also further identify forged command messages, which further improves the security of remote management.
一种实施方式中,终端设备在验证命令消息的安全性的过程中,可以将验证结果反馈 给服务器。命令消息中还可以包括命令标识,终端设备可以基于该命令标识向服务器反馈安全验证结果,使得服务器确定该安全验证结果针对哪条命令消息。In an implementation manner, the terminal device may feed back the verification result to the server during the process of verifying the security of the command message. The command message may also include a command identifier, and the terminal device may feed back the security verification result to the server based on the command identifier, so that the server determines which command message the security verification result is for.
比如,若所述第一编码后的命令体与所述第二解码后的签名信息未匹配成功,则基于MQTT协议向所述服务器发送包括所述命令标识的第一提示信息。For example, if the first encoded command body does not match the second decoded signature information successfully, the first prompt information including the command identifier is sent to the server based on the MQTT protocol.
再比如,若所述命令体中的设备标识信息与所述终端设备的标识信息不相同,则基于MQTT协议向所述服务器发送包括所述命令标识的第二提示信息。For another example, if the device identification information in the command body is different from the identification information of the terminal device, the second prompt information including the command identification is sent to the server based on the MQTT protocol.
再比如,若在内存注册表中,未查找到所述命令名对应的可执行程序,则基于MQTT协议向所述服务器发送包括所述命令标识的第三提示信息。For another example, if the executable program corresponding to the command name is not found in the memory registry, the third prompt information including the command identifier is sent to the server based on the MQTT protocol.
再比如,在终端设备执行命令消息对应的命令之后,可以基于MQTT协议向所述服务器发送包括所述命令标识的第四提示信息,使得服务器获取到命令的执行情况。For another example, after the terminal device executes the command corresponding to the command message, the fourth prompt information including the command identifier may be sent to the server based on the MQTT protocol, so that the server obtains the execution status of the command.
举例来说,如果终端设备为路由器,则执行的命令可以包括更改路由器的配置,这种情况下,命令参数可以包括更改后的配置信息;或者,执行的命令还可以包括开启/关闭路由器,等等。如果终端设备为显示屏的控制设备,则执行的命令可以包括调节显示屏亮度、显示区域等等,这种情况下,命令参数可以包括更改后的显示屏亮度、显示屏区域等信息。如果终端设备为摄像头,则执行的命令可以为包括调整摄像头的俯仰角、旋转角、焦距等等,这种情况下,命令参数可以包括更改后的俯仰角、旋转角、焦距等信息。本方案中并不对终端设备的类型及其执行的命令进行限定,不再一一列举。For example, if the terminal device is a router, the executed command may include changing the configuration of the router. In this case, the command parameter may include the modified configuration information; or the executed command may also include turning on/off the router, etc. Wait. If the terminal device is a control device of the display screen, the executed command may include adjusting the brightness of the display screen, the display area, and so on. In this case, the command parameters may include information such as the changed display brightness and display area. If the terminal device is a camera, the executed command may include adjusting the pitch angle, rotation angle, and focal length of the camera. In this case, the command parameters may include the changed pitch angle, rotation angle, and focal length. This solution does not limit the type of terminal equipment and the commands it executes, and will not list them one by one.
应用本申请所示实施例,第一方面,通过服务器发送命令消息,实现了对终端设备的远程管理。第二方面,服务器与终端设备之间基于MQTT协议进行通信,相比于HTTP(Hyper Text Transfer Protocol,超文本传输协议)轮询的通信方式,本方案通信过程的时效性更佳。第三方面,MQTT协议的通信方式的通用性较佳,不需要专门定制的终端设备和服务器,只需要在终端设备中配置第一处理进程,并且将服务器接入第二处理进程即可。第四方面,本方案中定义的命令消息中可以添加多种命令的相关信息,该命令消息的可扩展性较佳。第五方面,终端设备对命令消息进行签名验证和/或设备标识信息验证,可以过滤掉被篡改的命令消息,也可以识别出伪造的命令消息,提高了远程管理的安全性。Applying the embodiment shown in this application, in the first aspect, the remote management of the terminal device is realized by sending the command message through the server. In the second aspect, the communication between the server and the terminal device is based on the MQTT protocol. Compared with the HTTP (Hyper Text Transfer Protocol) polling communication method, the communication process of this solution has better timeliness. In the third aspect, the communication mode of the MQTT protocol has better versatility. It does not require specially customized terminal devices and servers. It only needs to configure the first processing process in the terminal device and connect the server to the second processing process. In the fourth aspect, the command message defined in this solution can add information related to multiple commands, and the command message has better scalability. In the fifth aspect, the terminal device performs signature verification and/or device identification information verification on the command message, which can filter out tampered command messages, and can also identify forged command messages, which improves the security of remote management.
下面对应用于服务器的远程管理方法进行介绍,如图5所示,图5为一种应用于服务器的远程管理方法的流程示意图,包括:The following is an introduction corresponding to the remote management method for the server, as shown in Fig. 5, which is a schematic flowchart of a remote management method applied to the server, including:
S501:获取待执行命令的命令名、命令参数、以及指向的终端设备的标识信息。S501: Acquire the command name, command parameters, and identification information of the pointed terminal device of the command to be executed.
命令名即为需要执行的命令的名称,命令参数即为执行命令所需要的参数。比如,假设命令名为volume(音量)、命令参数可以为data:9,表示将终端设备的音量设置为9。指向的终端设备也就是需要进行远程管理的终端设备,终端设备的标识信息可以为设备序列号,或者也可以为其他能够标识终端设备的信息,具体不做限定。The command name is the name of the command that needs to be executed, and the command parameters are the parameters needed to execute the command. For example, if the command name is volume and the command parameter can be data:9, it means that the volume of the terminal device is set to 9. The pointed terminal device is the terminal device that needs to be remotely managed. The identification information of the terminal device may be the device serial number, or may also be other information that can identify the terminal device, which is not specifically limited.
S502:基于命令参数和终端设备的标识信息,生成命令体。S502: Generate a command body based on the command parameters and the identification information of the terminal device.
一种实施方式中,可以将命令参数和终端设备的标识信息组装成命令体。或者,命令体中还可以包括其他数据,具体不做限定。In an implementation manner, the command parameters and the identification information of the terminal device may be assembled into a command body. Or, the command body may also include other data, which is not specifically limited.
S503:基于预先约定的私钥和命令体,生成签名信息。S503: Generate signature information based on the pre-appointed private key and command body.
一种实施方式中,S503可以包括:利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;基于预先约定的私钥和所述第一编码后的命令体,生成签名信息;利用第二编码算法对所述签名信息进行编码处理,得到编码后的签名信息。In an implementation manner, S503 may include: encoding the command body using a first encoding algorithm to obtain a first encoded command body; based on the pre-appointed private key and the first encoded command body, Generate signature information; use the second encoding algorithm to encode the signature information to obtain encoded signature information.
举例来说,第一编码算法可以为sha256算法,第二编码算法可以为base64编码算法,命令消息中包括的签名信息可以为base64编码字符串。或者,也可以采用其他编码算法,具体算法不做限定。服务器与终端设备预先约定RSA公私钥,S503中基于该RSA私钥进行签名。For example, the first encoding algorithm may be a sha256 algorithm, the second encoding algorithm may be a base64 encoding algorithm, and the signature information included in the command message may be a base64 encoded character string. Alternatively, other encoding algorithms can also be used, and the specific algorithm is not limited. The server and the terminal device pre-appoint an RSA public and private key, and S503 performs a signature based on the RSA private key.
S504:基于MQTT协议向终端设备发送命令消息,所述命令消息中包括所述命令名、所述命令体和所述签名信息。S504: Send a command message to the terminal device based on the MQTT protocol, where the command message includes the command name, the command body, and the signature information.
一种实施方式中,终端设备和服务器之间基于MQTT协议进行数据传输。或者,另一种实施方式中,终端设备和服务器之间可以基于MQTTS协议进行数据传输,这样,对传输通道进行了加密,提高了数据传输的安全性。或者,终端设备与服务器之间也可以基于其他协议进行数据传输,不再一一列举。以下内容中,以MQTT协议为例进行说明。In an implementation manner, data transmission is performed between the terminal device and the server based on the MQTT protocol. Or, in another implementation manner, data transmission between the terminal device and the server can be based on the MQTTS protocol. In this way, the transmission channel is encrypted, which improves the security of data transmission. Or, the data transmission between the terminal device and the server can also be based on other protocols, which will not be listed here. In the following content, the MQTT protocol is taken as an example for description.
上述一种实施方式中,得到了编码后的签名信息,这种实施方式中,S504可以包括:基于MQTT协议向终端设备发送包括所述命令名、所述命令体和所述编码后的签名信息的命令消息。In the foregoing implementation manner, the encoded signature information is obtained. In this implementation manner, S504 may include: sending the command name, the command body, and the encoded signature information to the terminal device based on the MQTT protocol Command message.
举例来说,该命令消息中可以包括:命令消息的ID、发送该命令消息的设备的类型、命令名、命令体和签名信息,该命令体中可以包括执行该命令所需要的参数、终端设备的设备标识信息等等。For example, the command message may include: the ID of the command message, the type of the device sending the command message, the command name, the command body, and the signature information. The command body may include the parameters and terminal equipment required to execute the command. Device identification information and so on.
比如,命令消息的格式可以为:For example, the format of the command message can be:
{{
"id":20190730002,/命令消息的ID"id":20190730002,/ID of the command message
"from":"iot_web_console",/发送该命令消息的设备的类型,这里为物联网控制台"from":"iot_web_console",/The type of device sending the command message, here is the IoT console
"command":"volume",/命令名:音量"command":"volume",/command name: volume
"method":"set",/方法:设置"method":"set",/method: set
"body":{"data":9,"sn":"A0BB3ED2BF3D"},/命令体,其中的data:9表示将音量设置为9,sn表示终端设备的设备标识信息,"body":{"data":9,"sn":"A0BB3ED2BF3D"},/command body, where data:9 means to set the volume to 9, sn means the device identification information of the terminal device,
“sig”:“签名信息”/签名信息"Sig": "Signature Information"/Signature Information
}}
举例来说,服务器可以将命令名和命令体组装为JSON格式的命令消息,命令消息的 具体格式不做限定。服务器和终端设备接入Broker后,终端设备订阅主题,然后服务器便可以通过Publish(发布)将命令消息发送至终端设备。For example, the server may assemble the command name and the command body into a command message in JSON format, and the specific format of the command message is not limited. After the server and terminal device access the Broker, the terminal device subscribes to the topic, and then the server can send the command message to the terminal device through Publish.
应用本申请所示实施例,第一方面,通过服务器发送命令消息,实现了对终端设备的远程管理。第二方面,服务器与终端设备之间基于MQTT协议进行通信,相比于HTTP(Hyper Text Transfer Protocol,超文本传输协议)轮询的通信方式,本方案通信过程的时效性更佳。第三方面,MQTT协议的通信方式的通用性较佳,不需要专门定制的终端设备和服务器,只需要在终端设备中配置第一处理进程,并且将服务器接入第二处理进程即可。第四方面,本方案中定义的命令消息中可以添加多种命令的相关信息,该命令消息的可扩展性较佳。第五方面,终端设备对命令消息进行签名验证和/或设备标识信息验证,可以过滤掉被篡改的命令消息,也可以识别出伪造的命令消息,提高了远程管理的安全性。Applying the embodiment shown in this application, in the first aspect, the remote management of the terminal device is realized by sending the command message through the server. In the second aspect, the communication between the server and the terminal device is based on the MQTT protocol. Compared with the HTTP (Hyper Text Transfer Protocol) polling communication method, the communication process of this solution has better timeliness. In the third aspect, the communication mode of the MQTT protocol has better versatility. It does not require specially customized terminal devices and servers. It only needs to configure the first processing process in the terminal device and connect the server to the second processing process. In the fourth aspect, the command message defined in this solution can add information related to multiple commands, and the command message has better scalability. In the fifth aspect, the terminal device performs signature verification and/or device identification information verification on the command message, which can filter out tampered command messages, and can also identify forged command messages, which improves the security of remote management.
与上述方法实施例相对应,本申请实施例还提供了一种终端设备,如图6所示,包括:存储器602、处理器601及存储在存储器602上并可在处理器601上运行的计算机程序,处理器601执行所述程序时实现上述任一种应用于终端设备的远程管理方法。Corresponding to the foregoing method embodiment, the embodiment of the present application also provides a terminal device, as shown in FIG. 6, including: a memory 602, a processor 601, and a computer stored in the memory 602 and running on the processor 601 A program, when the processor 601 executes the program, any one of the above-mentioned remote management methods applied to a terminal device is implemented.
与上述方法实施例相对应,本申请实施例还提供了一种服务器,如图7所示,包括:存储器702、处理器701及存储在存储器702上并可在处理器701上运行的计算机程序,处理器701执行所述程序时实现上述任一种应用于服务器的远程管理方法。Corresponding to the foregoing method embodiment, the embodiment of the present application also provides a server, as shown in FIG. 7, including: a memory 702, a processor 701, and a computer program stored on the memory 702 and running on the processor 701 When the processor 701 executes the program, any one of the foregoing remote management methods applied to the server is implemented.
本申请实施例还提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行上述任一种远程管理方法。An embodiment of the present application also provides a non-transitory computer-readable storage medium that stores computer instructions, and the computer instructions are used to make the computer execute any of the above-mentioned remote management methods.
所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本公开的范围(包括权利要求)被限于这些例子;在本申请的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,步骤可以以任意顺序实现,并存在如上所述的本申请的不同方面的许多其它变化,为了简明它们没有在细节中提供。Those of ordinary skill in the art should understand that the discussion of any of the above embodiments is only exemplary, and is not intended to imply that the scope of the present disclosure (including the claims) is limited to these examples; under the idea of this application, the above embodiments or The technical features in different embodiments can also be combined, the steps can be implemented in any order, and there are many other changes in different aspects of the present application as described above, which are not provided in the details for the sake of brevity.
另外,为简化说明和讨论,并且为了不会使本申请难以理解,在所提供的附图中可以示出或可以不示出与集成电路(IC)芯片和其它部件的公知的电源/接地连接。此外,可以以框图的形式示出装置,以便避免使本申请难以理解,并且这也考虑了以下事实,即关于这些框图装置的实施方式的细节是高度取决于将要实施本申请的平台的(即,这些细节应当完全处于本领域技术人员的理解范围内)。在阐述了具体细节(例如,电路)以描述本申请的示例性实施例的情况下,对本领域技术人员来说显而易见的是,可以在没有这些具体细节的情况下或者这些具体细节有变化的情况下实施本申请。因此,这些描述应被认为是说明性的而不是限制性的。In addition, in order to simplify the description and discussion, and in order not to make the application difficult to understand, the well-known power/ground connections to integrated circuit (IC) chips and other components may or may not be shown in the provided drawings. . In addition, the devices may be shown in the form of block diagrams in order to avoid making the application difficult to understand, and this also takes into account the fact that the details of the implementation of these block diagram devices are highly dependent on the platform on which the application will be implemented (ie , These details should be completely within the understanding of those skilled in the art). In the case where specific details (for example, a circuit) are described to describe the exemplary embodiments of the present application, it is obvious to those skilled in the art that it may be possible without these specific details or when these specific details are changed. Implement this application under. Therefore, these descriptions should be considered illustrative rather than restrictive.
尽管已经结合了本申请的具体实施例对本申请进行了描述,但是根据前面的描述,这些实施例的很多替换、修改和变型对本领域普通技术人员来说将是显而易见的。例如,其它存储器架构(例如,动态RAM(DRAM))可以使用所讨论的实施例。Although the present application has been described in conjunction with the specific embodiments of the present application, many substitutions, modifications and variations of these embodiments will be apparent to those of ordinary skill in the art based on the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the discussed embodiments.
本申请的实施例旨在涵盖落入所附权利要求的宽泛范围之内的所有这样的替换、修改 和变型。因此,凡在本申请的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本申请的保护范围之内。The embodiments of the present application are intended to cover all such substitutions, modifications and variations that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of this application should be included in the scope of protection of this application.

Claims (12)

  1. 一种远程管理方法,应用于终端设备,所述方法包括:A remote management method, applied to a terminal device, the method including:
    通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名记录至内存注册表;By calling the executable program in the specified directory, the command name supported by the executable program is obtained, and the command name supported by the executable program is recorded in the memory registry;
    基于MQTT协议接收服务器发送的命令消息;其中,所述命令消息中包括命令名和命令体;The command message sent by the server is received based on the MQTT protocol; wherein, the command message includes the command name and the command body;
    在所述内存注册表中,查找支持所述命令名的可执行程序,作为命令处理程序;In the memory registry, search for an executable program that supports the command name as a command processing program;
    通过调用查找到的所述命令处理程序,基于所述命令体中的参数执行所述命令消息对应的命令。By calling the found command processing program, the command corresponding to the command message is executed based on the parameters in the command body.
  2. 根据权利要求1所述的方法,其中,所述通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,包括:The method according to claim 1, wherein said obtaining the command name supported by the executable program by calling the executable program in the specified directory comprises:
    基于预设参数,依次调用指定目录下的可执行程序,分别得到每个可执行程序的支持的命令列表,所述命令列表中包括可执行程序支持的命令名;Based on the preset parameters, sequentially call the executable programs in the designated directory to obtain a list of commands supported by each executable program, and the command list includes the command names supported by the executable program;
    所述将可执行程序支持的命令名记录至所述内存注册表,包括:The recording the command name supported by the executable program to the memory registry includes:
    将所述命令列表和所述可执行程序的路径信息对应记录至所述内存注册表。The command list and the path information of the executable program are correspondingly recorded in the memory registry.
  3. 根据权利要求1所述的方法,其中,所述命令消息中还包括签名信息;在所述基于MQTT协议接收服务器发送的命令消息之后,还包括:The method according to claim 1, wherein the command message further includes signature information; after the command message sent by the server is received based on the MQTT protocol, the method further includes:
    利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;以及利用第二编码算法对应的解码算法对所述签名信息进行解码处理,得到第二解码后的签名信息;Use the first encoding algorithm to encode the command body to obtain the first encoded command body; and use the decoding algorithm corresponding to the second encoding algorithm to decode the signature information to obtain the second decoded signature information ;
    基于预先约定的公钥,验证所述第一编码后的命令体与所述第二解码后的签名信息是否匹配;Verifying whether the first encoded command body matches the second decoded signature information based on the pre-appointed public key;
    响应于所述第一编码后的命令体与所述第二解码后的签名信息匹配,执行所述在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序的步骤。In response to the first encoded command body being matched with the second decoded signature information, the step of searching the executable program corresponding to the command name in the memory registry is executed as a command processing program.
  4. 根据权利要求3所述的方法,其中,响应于所述第一编码后的命令体与所述第二解码后的签名信息匹配,执行所述在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序的步骤,包括:The method according to claim 3, wherein, in response to the first encoded command body matching the second decoded signature information, executing the in-memory registry to find the command name corresponding to the The executable program, as the steps of the command processing program, includes:
    验证所述命令体中的设备标识信息与所述终端设备的标识信息是否相同;Verifying whether the device identification information in the command body is the same as the identification information of the terminal device;
    响应于所述命令体中的设备标识信息与所述终端设备的标识信息相同,执行所述在内存注册表中,查找所述命令名对应的可执行程序,作为命令处理程序的步骤。In response to the device identification information in the command body being the same as the identification information of the terminal device, the step of searching the executable program corresponding to the command name in the memory registry is executed as a command processing program.
  5. 根据权利要求4所述的方法,其中,所述命令消息中还包括命令标识;所述方法还包括:The method according to claim 4, wherein the command message further includes a command identifier; the method further comprises:
    响应于所述第一编码后的命令体与所述第二解码后的签名信息不匹配,基于MQTT协议向所述服务器发送包括所述命令标识的第一提示信息;Responding to the mismatch between the first encoded command body and the second decoded signature information, sending first prompt information including the command identifier to the server based on the MQTT protocol;
    响应于所述命令体中的设备标识信息与所述终端设备的标识信息不相同,基于MQTT协议向所述服务器发送包括所述命令标识的第二提示信息;In response to the device identification information in the command body being different from the identification information of the terminal device, sending second prompt information including the command identification to the server based on the MQTT protocol;
    若在内存注册表中,未查找到所述命令名对应的可执行程序,则基于MQTT协议向所述服务器发送包括所述命令标识的第三提示信息;If the executable program corresponding to the command name is not found in the memory registry, sending third prompt information including the command identifier to the server based on the MQTT protocol;
    在所述通过调用查找到的命令处理程序,基于所述命令体中的参数执行所述命令消息对应的命令之后,还包括:After the command processing program found by invoking executes the command corresponding to the command message based on the parameters in the command body, the method further includes:
    基于MQTT协议向所述服务器发送包括所述命令标识的第四提示信息。The fourth prompt information including the command identifier is sent to the server based on the MQTT protocol.
  6. 一种远程管理方法,应用于服务器,所述方法包括:A remote management method applied to a server, the method includes:
    获取待执行命令的命令名、命令参数、以及指向的终端设备的标识信息;Obtain the command name, command parameters, and identification information of the pointed terminal device of the command to be executed;
    基于所述命令参数和所述终端设备的标识信息,生成命令体;Generating a command body based on the command parameters and the identification information of the terminal device;
    基于预先约定的私钥和所述命令体,生成签名信息;Generate signature information based on the pre-appointed private key and the command body;
    基于MQTT协议向终端设备发送命令消息,所述命令消息中包括所述命令名、所述命令体和所述签名信息。A command message is sent to the terminal device based on the MQTT protocol, and the command message includes the command name, the command body, and the signature information.
  7. 根据权利要求6所述的方法,其中,所述基于预先约定的私钥和所述命令体,生成签名信息,包括:The method according to claim 6, wherein the generating the signature information based on the pre-appointed private key and the command body comprises:
    利用第一编码算法对所述命令体进行编码处理,得到第一编码后的命令体;Encoding the command body by using the first coding algorithm to obtain the first encoded command body;
    基于预先约定的私钥和所述第一编码后的命令体,生成签名信息;Generating signature information based on the pre-appointed private key and the first encoded command body;
    利用第二编码算法对所述签名信息进行编码处理,得到编码后的签名信息;Encoding the signature information by using the second encoding algorithm to obtain encoded signature information;
    所述基于MQTT协议向终端设备发送命令消息,包括:The sending a command message to a terminal device based on the MQTT protocol includes:
    基于MQTT协议向终端设备发送包括所述命令名、所述命令体和所述编码后的签名信息的命令消息。Send a command message including the command name, the command body, and the encoded signature information to the terminal device based on the MQTT protocol.
  8. 一种终端设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,所述处理器执行所述程序时实现如权利要求1至5任意一项所述的方法。A terminal device, comprising a memory, a processor, and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program as described in any one of claims 1 to 5 method.
  9. 一种服务器,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,所述处理器执行所述程序时实现如权利要求6至7任意一项所述的方法。A server comprising a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor implements the method according to any one of claims 6 to 7 when the processor executes the program .
  10. 一种远程管理系统,包括终端设备和服务器,所述终端设备与所述服务器之间基于MQTT协议进行数据传输;A remote management system includes a terminal device and a server, and the terminal device and the server perform data transmission based on the MQTT protocol;
    所述服务器,用于向终端设备发送命令消息,所述命令消息中包括命令名和命令体;The server is configured to send a command message to a terminal device, and the command message includes a command name and a command body;
    所述终端设备,用于通过调用指定目录下的可执行程序,获取可执行程序支持的命令名,将可执行程序支持的命令名记录至内存注册表;接收服务器发送的命令消息;读取接收到的命令消息中的命令名和命令体,作为待执行命令名和待执行命 令体;在所述内存注册表中,查找所述待执行命令名对应的可执行程序,作为命令处理程序;通过调用查找到的命令处理程序,基于所述待执行命令体中的参数执行接收到的命令消息对应的命令。The terminal device is used to obtain the command name supported by the executable program by calling the executable program in the specified directory, and record the command name supported by the executable program in the memory registry; receive the command message sent by the server; read and receive The command name and command body in the received command message are used as the command name to be executed and the command body to be executed; in the memory registry, the executable program corresponding to the command name to be executed is searched as a command processing program; The received command processing program executes the command corresponding to the received command message based on the parameters in the command body to be executed.
  11. 根据权利要求10所述的系统,其中,所述终端设备中配置有第一代理进程;所述服务器接入第二代理进程;所述第一代理进程与所述第二代理进程之间基于MQTT协议、或者MQTTS协议进行数据传输。The system according to claim 10, wherein a first agent process is configured in the terminal device; the server accesses a second agent process; the communication between the first agent process and the second agent process is based on MQTT Protocol, or MQTTS protocol for data transmission.
  12. 一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行权利要求1至7中任意一项所述的远程管理方法。A non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the remote management according to any one of claims 1 to 7 method.
PCT/CN2020/121377 2019-10-29 2020-10-16 Remote management method and system, terminal device and server WO2021082945A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911039449.8 2019-10-29
CN201911039449.8A CN110769065A (en) 2019-10-29 2019-10-29 Remote management method, system, terminal equipment and server

Publications (1)

Publication Number Publication Date
WO2021082945A1 true WO2021082945A1 (en) 2021-05-06

Family

ID=69334763

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/121377 WO2021082945A1 (en) 2019-10-29 2020-10-16 Remote management method and system, terminal device and server

Country Status (2)

Country Link
CN (1) CN110769065A (en)
WO (1) WO2021082945A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110769065A (en) * 2019-10-29 2020-02-07 京东方科技集团股份有限公司 Remote management method, system, terminal equipment and server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160112213A1 (en) * 2014-10-21 2016-04-21 Electronics And Telecommunications Research Institute Apparatus and methods for providing home network service
US20170163671A1 (en) * 2015-12-08 2017-06-08 Sudhir Pendse System and method for Using Simulators in network security and useful in IoT Security
CN109495375A (en) * 2018-11-02 2019-03-19 广州小鹏汽车科技有限公司 Processing method, device, electronic equipment and the storage medium of MQTT message
CN109995873A (en) * 2019-04-10 2019-07-09 阿里巴巴集团控股有限公司 A kind of management client, equipment monitoring system and method
CN110769065A (en) * 2019-10-29 2020-02-07 京东方科技集团股份有限公司 Remote management method, system, terminal equipment and server

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050283662A1 (en) * 2004-06-21 2005-12-22 Li Yi Q Secure data backup and recovery
CN102136085B (en) * 2011-02-17 2013-03-13 北京握奇数据系统有限公司 Telecom smart card and telecom smart card-based non-contact application management method
CN103001774B (en) * 2012-11-30 2015-06-17 飞天诚信科技股份有限公司 Method and device for managing package file
JP2017207909A (en) * 2016-05-18 2017-11-24 株式会社リコー Authentication system, communication system, authentication method, and program
CN107435150A (en) * 2016-05-25 2017-12-05 西安电子科技大学 A kind of oil pipeline cathodic protection potential detecting system and detection method
CN108337120A (en) * 2018-02-01 2018-07-27 北京安控科技股份有限公司 A kind of remote upgrade method of internet-of-things terminal equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160112213A1 (en) * 2014-10-21 2016-04-21 Electronics And Telecommunications Research Institute Apparatus and methods for providing home network service
US20170163671A1 (en) * 2015-12-08 2017-06-08 Sudhir Pendse System and method for Using Simulators in network security and useful in IoT Security
CN109495375A (en) * 2018-11-02 2019-03-19 广州小鹏汽车科技有限公司 Processing method, device, electronic equipment and the storage medium of MQTT message
CN109995873A (en) * 2019-04-10 2019-07-09 阿里巴巴集团控股有限公司 A kind of management client, equipment monitoring system and method
CN110769065A (en) * 2019-10-29 2020-02-07 京东方科技集团股份有限公司 Remote management method, system, terminal equipment and server

Also Published As

Publication number Publication date
CN110769065A (en) 2020-02-07

Similar Documents

Publication Publication Date Title
US11108570B2 (en) Method and apparatus for multimedia communication, and storage medium
US9231904B2 (en) Deploying and managing networked devices
US10650119B2 (en) Multimedia data processing method, apparatus, system, and storage medium
JP5714690B2 (en) Pluggable token provider model that enforces authentication across multiple web services
US8547974B1 (en) Generating communication protocol test cases based on network traffic
US9648006B2 (en) System and method for communicating with a client application
US9491124B2 (en) Remote control using instant messaging
US20120246226A1 (en) System and method for sharing data from a local network to a remote device
US10034057B2 (en) Message processing method, device, gateway, STB and IPTV
CN109413219B (en) Domain name resolution method and device, server and storage medium
US20160050128A1 (en) System and Method for Facilitating Communication with Network-Enabled Devices
US11907700B2 (en) Upgrading method and system, server, and terminal device
WO2017088634A1 (en) Third-party application authentication method, authentication server, terminal and management server
US10616302B1 (en) Media relay
CN111404695B (en) Token request verification method and device
WO2023103318A1 (en) Media streaming method and system
US10708326B2 (en) Secure media casting bypassing mobile devices
WO2021082945A1 (en) Remote management method and system, terminal device and server
CN110266736A (en) A kind of optimization method and device for the portal certification based on https agreement
US10277698B1 (en) Remote display using a proxy
US9979722B2 (en) Method and apparatus for processing a RTCWEB authentication
US8819794B2 (en) Integrating server applications with multiple authentication providers
CN109286665B (en) Real-time mobile game long link processing method and device
WO2016131358A1 (en) Home gateway, communication management method and communication system thereof
EP2942925B1 (en) A method and system for providing a private network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20882798

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20882798

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08/02/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 20882798

Country of ref document: EP

Kind code of ref document: A1