WO2022027364A1

WO2022027364A1 - Access authentication method for bluetooth device, electronic device, and storage medium

Info

Publication number: WO2022027364A1
Application number: PCT/CN2020/107207
Authority: WO
Inventors: 张军; 罗朝明; 茹昭; 吕小强
Original assignee: Oppo广东移动通信有限公司
Priority date: 2020-08-05
Filing date: 2020-08-05
Publication date: 2022-02-10
Also published as: CN116210246A

Abstract

Disclosed is an access authentication method for a Bluetooth device, comprising: a gateway determining a verification credential of a Bluetooth device; and the gateway sending, to a cloud platform, the verification credential of the Bluetooth device, the verification credential of the Bluetooth device being used by the cloud platform to determine the validity of the Bluetooth device. Also disclosed are another access authentication method for a Bluetooth device, an electronic device, and a storage medium.

Description

A Bluetooth device access authentication method, electronic device and storage medium

technical field

The present application relates to the field of wireless communication technologies, and in particular, to a Bluetooth device access authentication method, an electronic device, and a storage medium.

Background technique

With the increasingly perfect function of Bluetooth Mesh and the widening of applications, how to realize the access authentication of different types of Bluetooth devices and improve the versatility of Bluetooth device access authentication has always been the goal of Bluetooth network technology.

SUMMARY OF THE INVENTION

Embodiments of the present application provide a Bluetooth device access authentication method, an electronic device, and a storage medium, which can improve the versatility of Bluetooth device access authentication.

In a first aspect, an embodiment of the present application provides a Bluetooth device access authentication method, including: a gateway determining a verification credential of the Bluetooth device;

The gateway sends the verification credential of the Bluetooth device to the cloud platform, and the verification credential of the Bluetooth device is used by the cloud platform to determine the validity of the Bluetooth device.

In a second aspect, an embodiment of the present application provides a Bluetooth device access authentication method, including: a cloud platform receiving a verification credential of a Bluetooth device sent by a gateway;

The cloud platform determines the validity of the Bluetooth device based on the verification certificate of the Bluetooth device.

In a third aspect, an embodiment of the present application provides a method for authentication of Bluetooth device access, including: the device authentication platform receives a fifth request message sent by a cloud platform; the fifth request message includes a verification credential of the Bluetooth device;

The device authentication platform verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.

In a fourth aspect, an embodiment of the present application provides a method for authenticating access to a Bluetooth device, including: a Bluetooth device sending a verification credential of the Bluetooth device to a gateway, where the verification credential of the Bluetooth device is used to determine the validity of the Bluetooth device .

In a fifth aspect, an embodiment of the present application provides a gateway, where the gateway includes: a first processing unit configured to determine a verification credential of a Bluetooth device;

The first sending unit is configured to send the verification certificate of the Bluetooth device to the cloud platform, where the verification certificate of the Bluetooth device is used for the cloud platform to determine the validity of the Bluetooth device.

In a sixth aspect, an embodiment of the present application provides a cloud platform, where the cloud platform includes: a first receiving unit configured to receive a verification credential of a Bluetooth device sent by a gateway;

The second processing unit is configured to determine the validity of the Bluetooth device based on the verification credential of the Bluetooth device.

In a seventh aspect, an embodiment of the present application provides a device authentication platform, where the device authentication platform includes: a second receiving unit configured to receive a fifth request message sent by the cloud platform; the fifth request message includes the authentication of the Bluetooth device. verification certificate;

The third processing unit verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.

In an eighth aspect, an embodiment of the present application provides a Bluetooth device, where the Bluetooth device includes: a second sending unit configured to send a verification credential of the Bluetooth device to a gateway, where the verification credential of the Bluetooth device is used to determine the Legality of Bluetooth devices.

In a ninth aspect, an embodiment of the present application provides a gateway, including a processor and a memory for storing a computer program that can be executed on the processor, wherein the processor is configured to execute the above-mentioned gateway execution when the computer program is executed. The steps of the Bluetooth device access authentication method.

In a tenth aspect, an embodiment of the present application provides a cloud platform, including a processor and a memory for storing a computer program that can be run on the processor, wherein the processor is configured to execute the above cloud when running the computer program The steps of the Bluetooth device access authentication method performed by the platform.

In an eleventh aspect, an embodiment of the present application provides a device authentication platform, including a processor and a memory for storing a computer program that can be run on the processor, wherein the processor is configured to execute the computer program when running the computer program. The steps of the Bluetooth device access authentication method performed by the above device authentication platform.

In a twelfth aspect, an embodiment of the present application provides a Bluetooth device, including a processor and a memory for storing a computer program that can be run on the processor, wherein the processor is configured to execute the above-mentioned computer program when running the computer program. The steps of the Bluetooth device access authentication method performed by the Bluetooth device.

In a thirteenth aspect, an embodiment of the present application provides a chip, including: a processor for invoking and running a computer program from a memory, so that a device installed with the chip executes the above-mentioned Bluetooth device access authentication method.

In a fourteenth aspect, an embodiment of the present application provides a storage medium storing an executable program, and when the executable program is executed by a processor, the above-mentioned Bluetooth device access authentication method is implemented.

In a fifteenth aspect, an embodiment of the present application provides a computer program product, including computer program instructions, the computer program instructions causing a computer to execute the above-mentioned Bluetooth device access authentication method.

In a sixteenth aspect, an embodiment of the present application provides a computer program, the computer program enables a computer to execute the above-mentioned Bluetooth device access authentication method.

The Bluetooth device access authentication method, electronic device, and storage medium provided by the embodiments of the present application include: a gateway determines a verification credential of a Bluetooth device; the gateway sends the verification credential of the Bluetooth device to a cloud platform, and the Bluetooth device The verification credential is used by the cloud platform to determine the validity of the Bluetooth device. In this way, the gateway performs network configuration of Bluetooth devices, decouples the functions of network configuration and access authentication of Bluetooth devices from the cloud platform, and improves the versatility of access authentication for Bluetooth devices.

Description of drawings

FIG. 1 is a schematic diagram of the processing flow of the Bluetooth device access authentication in a cross-platform manner of the application;

FIG. 2 is a schematic diagram of an optional processing flow of the Bluetooth device access authentication method applied to the gateway provided by the embodiment of the present application;

FIG. 3 is a schematic diagram of an optional processing flow of a Bluetooth device access authentication method applied to a cloud platform provided by an embodiment of the present application;

4 is a schematic diagram of an optional processing flow of the Bluetooth device access authentication method applied to the device authentication platform provided by the embodiment of the present application;

FIG. 5 is a schematic diagram of an optional processing flow of a Bluetooth device access authentication method applied to a Bluetooth device provided by an embodiment of the present application;

FIG. 6 is a schematic diagram of a first optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application;

FIG. 7 is a schematic diagram of a second optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application;

FIG. 8 is a schematic diagram of a third optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application;

FIG. 9 is a schematic diagram of a fourth optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application;

10 is a schematic diagram of a fifth optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application;

11 is a schematic diagram of a sixth optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application;

FIG. 12 is a schematic structural diagram of an optional composition of a gateway provided by an embodiment of the present application;

FIG. 13 is a schematic diagram of an optional composition structure of a cloud platform provided by an embodiment of the present application;

FIG. 14 is a schematic structural diagram of an optional composition of a device authentication platform provided by an embodiment of the present application;

15 is a schematic diagram of an optional composition structure of a Bluetooth device provided by an embodiment of the application;

FIG. 16 is a schematic structural diagram of a hardware composition of an electronic device provided by an embodiment of the present application.

detailed description

In order to understand the features and technical contents of the embodiments of the present application in more detail, the implementation of the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Before describing the embodiments of the present application, relevant contents are briefly described.

Bluetooth Mesh (Wireless Mesh Network): A mesh device network based on Bluetooth low energy technology, which can realize many-to-many Bluetooth device communication.

Gateway: Bluetooth Mesh network configuration device, responsible for configuring devices connected to the Bluetooth Mesh network.

Bluetooth device: The Bluetooth Mesh device to be deployed on the network needs to join the Bluetooth Mesh network through the Bluetooth Mesh network configuration process to become a Bluetooth Mesh device in the Bluetooth Mesh network.

Session key: used for encryption and decryption of network configuration data in the Bluetooth Mesh network configuration process.

Device key: used for the subsequent configuration of the Bluetooth Mesh device after the successful network configuration of the Bluetooth Mesh device. Only the gateway and the Bluetooth Mesh device know it for secure communication between the two.

In the related art, when the Bluetooth device and the gateway do not belong to the same manufacturer, the access authentication of the Bluetooth device needs to be performed in a cross-platform (that is, two cloud platforms are required), and the access authentication of the Bluetooth device needs to be processed in a cross-platform manner. The process is shown in Figure 1.

Step 1. The Bluetooth device broadcasts the Bluetooth Mesh unconfigured network broadcast packet according to the specification.

Among them, the Bluetooth device is a Bluetooth Mesh device developed by E company based on the B platform, and the Bluetooth Mesh unconfigured network broadcast package includes the platform identifier (CID) of the B platform.

Step 2: After the gateway accessing the A platform obtains the broadcast information of the unconfigured network broadcast, upload the information to the A platform, and query the type of the device.

Step 3. After receiving the device information reported by the gateway, platform A determines that the device is not a device developed based on platform A (requires authorization from other platforms) through CID, and first obtains platform B information corresponding to CID through the interconnection server (including B platform Auth Server and other information), and then obtain the device type through the B platform cloud.

Step 4. After the gateway and the device of company E complete the invitation, the gateway and the device exchange the Public Key, and the platform B calculates (provisioner confirmation) according to the static OOB information and sends it to the gateway.

Step 5. The gateway sends the provisioner confirmation to the device, the device calculates the device confirmation of the device according to the static OOB information and sends it to the gateway, the gateway sends the provisioner random to the device, and the device returns the device random of the device after passing the provisioner confirmation verification.

Step 6. The gateway reports the device confirmation and device random of the device to platform A, and platform A sends the device confirmation and device random to platform B for confirmation value authentication, and then returns the authentication result.

Step 7. If the authentication result is passed, the gateway and the Bluetooth Mesh device complete the network access configuration, and the Bluetooth Mesh device joins the Bluetooth Mesh network.

As can be seen from Figure 1, the cloud platform needs to perform Bluetooth Mesh device authentication in the Bluetooth Mesh distribution network communication process, that is, the cloud platform not only needs to support the functions of Bluetooth Mesh device network distribution such as calculating confirmation values, but also needs to provide Bluetooth device access authentication functions; This Bluetooth device access authentication method is not universal. For example, it is not suitable for access authentication of non-Bluetooth Mesh devices and access authentication of Bluetooth devices belonging to the same manufacturer as the gateway.

The technical solutions of the embodiments of the present application can be applied to various communication systems, such as: global system of mobile communication (GSM) system, code division multiple access (CDMA) system, wideband code division multiple access (wideband code division multiple access, WCDMA) system, general packet radio service (general packet radio service, GPRS), long term evolution (long term evolution, LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE Time division duplex (TDD) systems, advanced long term evolution (LTE-A) systems, new radio (NR) systems, evolution systems of NR systems, LTE on unlicensed bands (LTE-based access to unlicensed spectrum, LTE-U) system, NR (NR-based access to unlicensed spectrum, NR-U) system on unlicensed frequency bands, universal mobile telecommunication system (UMTS), global Worldwide interoperability for microwave access (WiMAX) communication systems, wireless local area networks (WLAN), wireless fidelity (WiFi), next-generation communication systems or other communication systems, etc.

The system architecture and service scenarios described in the embodiments of the present application are for the purpose of illustrating the technical solutions of the embodiments of the present application more clearly, and do not constitute limitations on the technical solutions provided by the embodiments of the present application. The evolution of the architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems.

The network equipment involved in the embodiments of this application may be a common base station (such as a NodeB or eNB or gNB), a new radio controller (NR controller), a centralized network element (centralized unit), a new radio base station, Remote radio module, micro base station, relay, distributed unit (distributed unit), reception point (transmission reception point, TRP), transmission point (transmission point, TP) or any other equipment. The embodiments of the present application do not limit the specific technology and specific device form adopted by the network device. For the convenience of description, in all the embodiments of this application, the above-mentioned apparatuses for providing wireless communication functions for terminal equipment are collectively referred to as network equipment.

In this embodiment of the present application, the terminal device may be any terminal, for example, the terminal device may be user equipment of machine type communication. That is to say, the terminal device can also be called user equipment UE, mobile station (mobile station, MS), mobile terminal (mobile terminal), terminal (terminal), etc. network, RAN) communicates with one or more core networks, for example, the terminal device can be a mobile phone (or "cellular" phone), a computer with a mobile terminal, etc., for example, the terminal device can also be a portable, pocket-sized , handheld, computer built-in or vehicle mounted mobile devices that exchange language and/or data with the radio access network. There is no specific limitation in the embodiments of the present application.

Optionally, network equipment and terminal equipment can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; they can also be deployed on water; they can also be deployed on aircraft, balloons and artificial satellites in the air. The embodiments of the present application do not limit the application scenarios of the network device and the terminal device.

Optionally, communication between the network device and the terminal device and between the terminal device and the terminal device can be performed through licensed spectrum (licensed spectrum), or through unlicensed spectrum (unlicensed spectrum), or both through licensed spectrum and unlicensed spectrum for communications. Communication between network equipment and terminal equipment and between terminal equipment and terminal equipment can be carried out through the spectrum below 7 gigahertz (GHz), or through the frequency spectrum above 7 GHz, and can also use the frequency spectrum below 7 GHz and the frequency spectrum at the same time. The spectrum above 7GHz is used for communication. The embodiments of the present application do not limit the spectrum resources used between the network device and the terminal device.

Generally speaking, traditional communication systems support a limited number of connections and are easy to implement. However, with the development of communication technology, mobile communication systems will not only support traditional communication, but also support, for example, device to device (device to device, D2D) communication, machine to machine (M2M) communication, machine type communication (MTC), and vehicle to vehicle (V2V) communication, etc., the embodiments of the present application can also be applied to these communications system.

An optional processing flow of the Bluetooth device access authentication method applied to the gateway provided by the embodiment of the present application, as shown in FIG. 2 , may include the following steps:

Step S201, the gateway determines the verification certificate of the Bluetooth device.

In some embodiments, the Bluetooth Mesh device actively sends the verification credential of the Bluetooth Mesh device to the gateway.

In other embodiments, the gateway may send a first request message to the Bluetooth Mesh device, where the first request message is used to request to obtain the verification credential of the Bluetooth Mesh device; after receiving the first request message, the Bluetooth Mesh device, Send the verification credentials of the Bluetooth Mesh device to the gateway.

Step S202, the gateway sends the verification credential of the Bluetooth device to the cloud platform, where the verification credential of the Bluetooth device is used by the cloud platform to determine the validity of the Bluetooth device.

In some embodiments, the gateway requests the cloud platform accessed by the gateway to verify the validity of the Bluetooth Mesh device by sending the verification credential of the Bluetooth Mesh device to the cloud platform accessed by the gateway. The cloud platform connected by the gateway determines that the Bluetooth Mesh device is not a device developed based on the cloud platform according to the CID in the unconfigured broadcast packet broadcast by the Bluetooth device, and the cloud platform connected by the gateway obtains the corresponding CID according to the CID in the unconfigured broadcast packet. Device authentication platform; the cloud platform connected to the gateway sends the verification certificate of the Bluetooth Mesh device to the device authentication platform, and requests the device authentication platform to verify the legitimacy of the Bluetooth Mesh device. Or, if the cloud platform accessed by the gateway determines that the Bluetooth Mesh device is a device developed based on the cloud platform according to the CID in the unconfigured network broadcast packet, the cloud platform connected by the gateway verifies the validity of the Bluetooth Mesh device.

In some embodiments, the method may further include:

Step S203, the gateway receives a device verification result sent by the cloud platform, where the device verification result is used to indicate the validity of the Bluetooth device.

In some embodiments, the method may further include:

Step S204, the gateway determines the verification credential of the gateway and/or the cloud platform.

In some embodiments, the gateway pre-stores the verification credential of the gateway and/or the cloud platform; for example, the verification credential of the gateway and/or the cloud platform is pre-stored when the gateway leaves the factory or when the gateway is powered on and activated.

In other embodiments, the gateway sends a second request message to the cloud platform, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform; the gateway receives the cloud platform The sent verification credential of the gateway and/or the cloud platform.

Step S205, the gateway sends the verification credential of the gateway and/or the cloud platform to the Bluetooth device, and the verification credential of the gateway and/or the cloud platform is used for the Bluetooth device to verify the gateway /or the legality of the cloud platform.

In some embodiments, the gateway may actively send the verification credential of the gateway and/or the cloud platform to the Bluetooth device. The gateway may also receive a third request message sent by the Bluetooth device, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform; the gateway sends the Bluetooth device according to the third request message Verification credentials of the gateway and/or the cloud platform.

Step S206, the gateway receives the gateway and/or the cloud platform verification result sent by the Bluetooth device, and the gateway and/or the cloud platform verification result is used to indicate the gateway and/or the cloud platform. legitimacy.

In some embodiments, the method may further include:

Step S207, the gateway sends a fourth request message to the cloud platform according to the verification mark of the Bluetooth device, where the fourth request message is used to request to obtain the verification credential of the device authentication platform; the verification credential of the device authentication platform It is used for the Bluetooth device to verify the legitimacy of the device authentication platform.

Step S208, the gateway receives the verification credential of the device authentication platform sent by the cloud platform, and the gateway sends the verification credential of the device authentication platform to the Bluetooth device.

Step S209, the gateway requests the cloud platform to add the Bluetooth device.

In some embodiments, if the verification results of the Bluetooth device, the gateway and/or the cloud platform and the device authentication platform are all valid, after the gateway sends the configuration information for the network access configuration of the Bluetooth device to the Bluetooth device, the gateway can also Request the cloud platform to add the Bluetooth device; specifically, the gateway sends the information of the Bluetooth device to the cloud platform, and the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device.

In some embodiments, if one of the verification results of the Bluetooth device, the gateway and/or the cloud platform and the device authentication platform is invalid, the Bluetooth device is deleted from the Bluetooth Mesh network or the Bluetooth Mesh network configuration is stopped.

In some embodiments, the method may further include:

Step S200, the gateway receives a check mark sent by the Bluetooth device, where the check mark is used to indicate an object to be checked.

In some embodiments, the Bluetooth device broadcasts an Unprovisioned Device Beacon to the gateway; wherein, the Universal Unique Identifier (UUID) included in the unprovisioned broadcast packet is the key for identifying the device information.

In some embodiments, the format of the device UUID is shown in Table 1 below: the device UUID includes a verification flag (VerifiFlag), and the verification flag is used to indicate the object of legality authentication; for example, the verification flag is used to indicate the following At least one: Certified Bluetooth Mesh Device, Certified Gateway, Certified Cloud Platform, and Certified Device Certification Platform. The device UUID may also include: one or more of CID, DID, and PID; wherein, the CID is used to represent the manufacturer/cloud platform identifier of the device, the DID is used to represent the device identifier, and the PID is used to represent the device type identifier. In the embodiment of the present application, the check mark is used to indicate the authentication of the Bluetooth Mesh device.

Table 1: Device UUID Format

An optional processing flow of the Bluetooth device access authentication method applied to the cloud platform provided by the embodiment of the present application, as shown in FIG. 3 , may include the following steps:

Step S301, the cloud platform receives the verification certificate of the Bluetooth device sent by the gateway.

Step S302, the cloud platform determines the validity of the Bluetooth device based on the verification certificate of the Bluetooth device.

In some embodiments, if the Bluetooth device is not a device corresponding to the cloud platform, the cloud platform sends a fifth request message carrying the verification credential of the Bluetooth device to the device authentication platform; the fifth request The message is used to request the device authentication platform to verify the validity of the Bluetooth device; the cloud platform receives the device verification result sent by the device authentication platform, and the device verification result is used to indicate the Bluetooth device's validity. legality.

In some embodiments, if the Bluetooth device is a device corresponding to the cloud platform, the cloud platform verifies the validity of the Bluetooth device.

In some embodiments, the method may further include:

Step S303, the cloud platform receives a second request message sent by the gateway, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform; the cloud platform confirms the gateway and/or The verification certificate of the cloud platform.

During specific implementation, if the Bluetooth device is not a device corresponding to the cloud platform, the cloud platform determines a device authentication platform corresponding to the Bluetooth device; the cloud platform sends a sixth request message to the device authentication platform ; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the verification credential of the gateway and/or the cloud platform. The cloud platform receives the verification credential of the gateway and/or the cloud platform sent by the device authentication platform, and sends the verification credential of the gateway and/or the cloud platform to the gateway.

In some embodiments, the method may further include:

Step S304, the cloud platform receives a fourth request message sent by the gateway, where the fourth request message is used to request to obtain a verification credential of the device authentication platform.

Step S305, the cloud platform determines the verification credential of the device authentication platform.

In some embodiments, the cloud platform sends a seventh request message to the device authentication platform, where the seventh request message is used to request to obtain the verification credential of the device authentication platform; the cloud platform receives the device The verification credential of the device authentication platform sent by the authentication platform, and the verification credential of the device authentication platform is sent to the gateway.

In some embodiments, the method may further include:

Step S306, the cloud platform adds the Bluetooth device.

If the verification results of the Bluetooth device, the gateway and/or the cloud platform and the device authentication platform are all valid, the gateway requests the cloud platform to add the Bluetooth device; specifically, the gateway sends the cloud platform the Information of the Bluetooth device, the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device; the gateway sends configuration information to the Bluetooth device, and the configuration information is used to perform the network access configuration of the Bluetooth device.

An optional processing flow of the Bluetooth device access authentication method applied to the device authentication platform provided by the embodiment of the present application, as shown in FIG. 4 , may include the following steps:

Step S401, the device authentication platform receives a fifth request message sent by the cloud platform; the fifth request message includes a verification credential of the Bluetooth device.

Step S402, the device authentication platform verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.

In some embodiments, the method may further include:

Step S403, the device authentication platform receives the sixth request message sent by the cloud platform; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the gateway and/or the The verification certificate of the cloud platform.

Step S404, the device authentication platform generates a verification credential of the gateway and/or the cloud platform according to the identifier of the gateway and/or the cloud platform; the device authentication platform sends the gateway to the cloud platform and/or the verification credential of the cloud platform.

An optional processing flow of the Bluetooth device access authentication method applied to a Bluetooth device provided by the embodiment of the present application, as shown in FIG. 5 , may include the following steps:

Step S501, the Bluetooth device sends a verification certificate of the Bluetooth device to the gateway, and the verification certificate of the Bluetooth device is used to determine the validity of the Bluetooth device.

In some embodiments, the Bluetooth device may actively send the verification credential of the Bluetooth device to the gateway. It can also be that the bluetooth device receives the first request message sent by the gateway, and the first request message is used to request to obtain the verification credential of the bluetooth device; the bluetooth device sends the verification certificate of the bluetooth device to the gateway according to the first request message certificate.

In some embodiments, the method may further include:

Step S502, the Bluetooth device receives the verification credential of the gateway and/or the cloud platform, and the verification credential of the gateway and/or the cloud platform is used by the Bluetooth device to verify the gateway/or The legitimacy of the cloud platform.

In some embodiments, the Bluetooth device may send a third request message to the gateway, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform. After the gateway obtains the verification credential of the gateway and/or the cloud platform, the gateway sends the verification credential of the gateway and/or the cloud platform to the Bluetooth device.

Step S503, the Bluetooth device verifies the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.

Step S504, the bluetooth device sends the gateway and/or the cloud platform verification result sent by the bluetooth device to the gateway, and the gateway and/or the cloud platform verification result is used to indicate the gateway and/or the cloud platform verification result. or the legality of the cloud platform.

In some embodiments, the method may further include:

Step S505, the Bluetooth device receives the verification certificate of the device authentication platform sent by the gateway.

Step S506, the Bluetooth device verifies the legitimacy of the device authentication platform based on the verification certificate of the device authentication platform.

If the verification results of the Bluetooth device, the gateway and/or the cloud platform and the device authentication platform are all valid, the Bluetooth device receives the configuration information sent by the gateway, and the configuration information is used to perform network access configuration of the Bluetooth device.

In the embodiment of this application, the gateway performs the network configuration of the Bluetooth device, the cloud platform verifies the legality of the Bluetooth device (that is, the access authentication function), and decouples the network configuration and access authentication functions of the Bluetooth device from the cloud platform. Improve the versatility of Bluetooth device access authentication.

Before completing the Bluetooth Mesh network configuration, the validity of the Bluetooth device is checked by the gateway as an example. The first optional detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application, as shown in FIG. 6 , includes the following step:

Step S601, the Bluetooth Mesh device sends an unconfigured network broadcast packet to the gateway.

In some embodiments, if the Bluetooth Mesh device is in an unconfigured state, the Bluetooth Mesh device broadcasts an unconfigured broadcast packet, wherein the UUID included in the unconfigured broadcast packet is key information for identifying the device. The format of the device UUID is shown in Table 1 above.

Steps S602-S603, the Bluetooth Mesh device and the gateway start the Bluetooth Mesh network configuration process.

In some embodiments, starting the Bluetooth Mesh network configuration process may include: calculating a security key, where the security key is used to encrypt/decrypt the verification credential between the Bluetooth Mesh device and the gateway; wherein the security key may include One or more of session key, device key, network key, and application key.

In the embodiment of the present application, before the Bluetooth Mesh device and the gateway perform the Bluetooth Mesh configuration network, the gateway verifies the validity of the Bluetooth Mesh device; if the gateway verifies that the Bluetooth Mesh device is valid, the Bluetooth Mesh device and the gateway continue to perform the Bluetooth Mesh device network access Configuration; if the gateway verifies that the Bluetooth Mesh device is invalid, it will terminate the Bluetooth Mesh network configuration.

Step S604, the gateway obtains the verification certificate of the Bluetooth Mesh device.

In some embodiments, the verification mark in the unconfigured network broadcast packet indicates to verify the Bluetooth Mesh device, and the Bluetooth Mesh device actively sends the verification certificate of the Bluetooth Mesh device to the gateway.

Step S605, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

In some embodiments, the gateway requests the cloud platform accessed by the gateway to verify the validity of the Bluetooth Mesh device by sending the verification credential of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S606, the cloud platform accessed by the gateway requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

In some embodiments, if the cloud platform accessed by the gateway determines that the Bluetooth Mesh device is not a device developed based on the cloud platform according to the CID in the unconfigured broadcast packet, the cloud platform accessed by the gateway determines according to the CID in the unconfigured broadcast packet. Obtain the corresponding device authentication platform; the cloud platform connected to the gateway sends the verification certificate of the Bluetooth Mesh device to the device authentication platform, and requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

In other embodiments, if the cloud platform accessed by the gateway determines that the Bluetooth Mesh device is a device developed based on the cloud platform according to the CID in the unconfigured network broadcast packet, the cloud platform accessed by the gateway verifies the validity of the Bluetooth Mesh device .

Step S607, the device authentication platform verifies the validity of the Bluetooth Mesh device.

In some embodiments, if the verification certificate of the Bluetooth Mesh device is a security certificate, the device authentication platform verifies whether the security certificate is legal; if the security certificate is verified to be legal, it verifies that the Bluetooth Mesh device is legal; If the certificate is invalid, the authentication of the Bluetooth Mesh device is invalid.

During specific implementation, the device authentication platform can use asymmetric encryption or symmetric encryption to verify the legitimacy of the Bluetooth Mesh device. For example, for the asymmetric encryption method, the Bluetooth Mesh device pre-stores the public key of the device authentication platform, encrypts the verification certificate of the Bluetooth Mesh device with the public key of the device authentication platform, and uses its own private key after receiving the verification certificate. If it can be decrypted normally, it proves to be a legitimate Bluetooth Mesh device; if it cannot be decrypted normally, it proves to be an illegal Bluetooth Mesh device. For the symmetric encryption method, the device authentication platform and the Bluetooth Mesh device pre-share the same key (ie, the pre-shared key), and the Bluetooth Mesh device uses the pre-shared key to encrypt the verification credentials of the Bluetooth Mesh device. After verifying the certificate, decrypt it with the same pre-shared key. If it can be decrypted normally, it proves to be a legitimate Bluetooth Mesh device; if it cannot be decrypted normally, it proves to be an illegal Bluetooth Mesh device.

Step S608, the device authentication platform feeds back the verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S609, the cloud platform connected to the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

Step S610, if the verification result of the Bluetooth Mesh device is valid, the gateway executes the network access configuration of the Bluetooth Mesh device.

In some embodiments, if the verification result of the Bluetooth Mesh device is valid, the gateway starts the distribution of Bluetooth Mesh network access configuration data, and sends the network address and security key (eg, network key and/or device key) to the Bluetooth Mesh device. Wait for the configuration information to complete the network access configuration process of the Bluetooth Mesh device.

Step S611, the gateway requests the cloud platform accessed by the gateway to add a Bluetooth Mesh device.

In some embodiments, the gateway sends device information including the UUID of the Bluetooth Mesh device to the cloud platform connected to the gateway, and the cloud platform connected to the gateway adds the device information of the Bluetooth Mesh device.

In the above, taking the verification result of the Bluetooth Mesh device as valid as an example, steps S610 to S611 are performed. If the verification result of the Bluetooth Mesh device is invalid, the gateway terminates the network access configuration process of the Bluetooth Mesh device.

Taking the validity of the Bluetooth device verified by the gateway and the validity of the gateway/cloud platform verified by the Bluetooth Mesh device before completing the Bluetooth Mesh network distribution as an example, the first step of the Bluetooth device access authentication method provided by the embodiment of the present application is: Two optional detailed processing flows, as shown in Figure 7, include the following steps:

Step S801, the Bluetooth Mesh device sends an unconfigured network broadcast packet to the gateway.

In some embodiments, the description for the unconfigured network broadcast packet is the same as that of step S601 in the foregoing embodiment, and details are not repeated here.

Steps S802-S803, the Bluetooth Mesh device and the gateway start the Bluetooth Mesh network configuration process.

In some embodiments, the processing flow of the Bluetooth Mesh device and the gateway to start the Bluetooth Mesh network configuration process is the same as steps S602-S603 in the above-mentioned embodiment, and details are not repeated here.

Step S804, the gateway sends the verification certificate of the gateway/platform to the Bluetooth Mesh device.

In some embodiments, the gateway may actively send the gateway/platform verification credential to the Bluetooth Mesh device.

In other embodiments, as shown in step S804A, the Bluetooth Mesh device may send a third request message to the gateway according to the check mark, where the third request message is used to request to obtain the calibration of the gateway and/or the cloud platform. Verification certificate.

In this scenario, after the gateway receives the third request message, the gateway obtains the verification credential of the gateway and/or the cloud platform. The specific implementation process for the gateway to obtain the verification credential of the gateway and/or the cloud platform may include:

Step S804-1, the gateway sends a second request message to the cloud platform, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.

In some embodiments, the second request message carries the identifier of the gateway/cloud platform, and is used to request the cloud platform to obtain the verification credential of the gateway and/or the cloud platform.

Step S804-2, the cloud platform obtains the device authentication platform information corresponding to the gateway and/or the cloud platform.

In some embodiments, the cloud platform determines by CID that the Bluetooth Mesh device is not a device developed based on the cloud platform, and requires a device authentication platform for authentication, then the cloud platform obtains the device authentication platform information corresponding to the gateway and/or the cloud platform through the CID.

Step S804-3, the cloud platform sends a sixth request message to the device authentication platform; the sixth request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.

In some embodiments, the sixth request message carries the identifier of the gateway and/or the cloud platform, and the device authentication platform obtains the gateway and/or the cloud platform according to the identifier of the gateway and/or the cloud platform The verification certificate of the cloud platform.

Step S804-4, the device authentication platform sends the verification credential of the gateway and/or the cloud platform to the cloud platform.

In some embodiments, the device authentication platform generates a general verification credential according to the identifier of the gateway and/or the cloud platform (that is, the verification credential does not distinguish the gateway or the specific cloud platform accessed by the gateway, and the verification credential does not distinguish the gateway or the specific cloud platform accessed by the gateway, and the verification credential is used for all legal gateways or gateways. The cloud platform is universal), or the verification certificate dedicated to the gateway/cloud platform (that is, the verification certificate distinguishes the gateway or the specific cloud platform accessed by the gateway, and different legal gateways or cloud platforms accessed by the gateway use different schools. certificate). For example, the verification credential of the gateway/cloud platform generated by the device authentication platform is a security certificate, and the security certificate includes the unique identification information of the gateway and/or the cloud platform, which can only be verified by the gateway/cloud platform using the security certificate Passed, the cloud platform accessed by other gateways/gateways cannot pass the verification even if the security certificate is used, which improves the security of access authentication.

In some embodiments, after receiving the verification credential of the gateway and/or the cloud platform returned by the device authentication platform, the cloud platform may store the verification credential of the gateway and/or the platform locally, and the gateway and/or the platform needs to be verified later When the cloud platform directly obtains the verification credentials of the gateway and/or the platform from the local, it is no longer necessary to obtain the verification credentials of the gateway and/or the platform from the device authentication platform, which simplifies the verification process of the gateway and/or the platform and reduces the verification time delay.

Step S804-5, the cloud platform sends the gateway and/or the verification credential of the cloud platform to the gateway; the gateway sends the verification credential of the gateway and/or the cloud platform to the Bluetooth Mesh device.

The above steps S804-1 to S804-5 are specific implementation processes for the gateway to obtain the verification credentials of the gateway and/or the cloud platform from the network side (cloud platform and device authentication platform).

The specific implementation process for the gateway to obtain the verification credential of the gateway and/or the cloud platform may also be that the gateway pre-stores the verification credential of the gateway and/or the cloud platform; and/or verification credentials of the cloud platform.

Step S805, the Bluetooth Mesh device verifies the validity of the gateway and/or the cloud platform according to the received verification credentials of the gateway and/or the cloud platform, and feeds back the verification result of the gateway and/or the cloud platform to the gateway.

In some embodiments, when the verification result of the Bluetooth Mesh device on the gateway and/or the cloud platform is that the gateway and/or the cloud platform are legal, the Bluetooth device access authentication method provided in this embodiment of the present application performs the following steps S806- S812:

Step S806, the gateway obtains the verification certificate of the Bluetooth Mesh device.

Step S807, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S808, the cloud platform accessed by the gateway requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

Step S809, the device authentication platform verifies the validity of the Bluetooth Mesh device.

Step S810, the device authentication platform feeds back the verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S811, the cloud platform connected to the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

Step S812, if the verification result of the Bluetooth Mesh device is valid, the gateway executes the network access configuration of the Bluetooth Mesh device.

In the above, the verification result of the Bluetooth Mesh device is taken as an example, and step S812 is executed. If the verification result of the Bluetooth Mesh device is invalid, the gateway terminates the network access configuration process of the Bluetooth Mesh device.

Step S813, the gateway requests the cloud platform accessed by the gateway to add a Bluetooth Mesh device.

Therefore, in the Bluetooth device access authentication method shown in Figure 7, the Bluetooth Mesh device verifies the validity of the gateway and/or the cloud platform. When the verification result indicates that the gateway and/or the cloud platform are legal, the gateway will verify the validity of the gateway and/or the cloud platform. Verify the validity of the Bluetooth Mesh device; if the verification result indicates that the Bluetooth Mesh device is legal, perform the network access configuration of the Bluetooth Mesh device. Compared with the processing flow of the Bluetooth device access authentication method shown in Figure 6, the processing flow of the Bluetooth device access authentication method shown in Figure 7 adds the Bluetooth Mesh device verification method before the gateway verifies the validity of the Bluetooth Mesh device. Steps to verify the legitimacy of the gateway and/or cloud platform; further improve the security of Bluetooth Mesh network access authentication.

In the processing flow of the Bluetooth device access authentication method shown in FIG. 7 , the Bluetooth Mesh device verifies the validity of the gateway and/or the cloud platform first, and when the verification result indicates that the gateway and/or the cloud platform is legal, then The validity of the Bluetooth Mesh device is verified by the gateway. In specific implementation, the gateway can also verify the validity of the Bluetooth Mesh device first, and when the verification result indicates that the Bluetooth Mesh device is legal, then the Bluetooth Mesh device can verify the validity of the gateway and/or the cloud platform; that is, After steps S801 to S803 are performed, steps S806 to S811 are performed first, and then steps S804 to S805 are performed.

Taking the validity of the Bluetooth device verified by the gateway and the validity of the device authentication platform verified by the Bluetooth Mesh device before completing the Bluetooth Mesh distribution network as an example, the third type of the Bluetooth device access authentication method provided by the embodiments of the present application The optional detailed processing flow, as shown in Figure 8, includes the following steps:

Step S901, the Bluetooth Mesh device sends an unconfigured network broadcast packet to the gateway.

Steps S902-S903, the Bluetooth Mesh device and the gateway start the Bluetooth Mesh network configuration process.

Step S904, the gateway obtains the verification certificate of the Bluetooth Mesh device.

Step S905, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S906, the cloud platform accessed by the gateway requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

Step S907, the device authentication platform verifies the validity of the Bluetooth Mesh device.

Step S908, the device authentication platform feeds back the verification result of the Bluetooth Mesh device to the cloud platform connected to the gateway.

Step S909, the cloud platform connected to the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

The detailed processing flow of steps S901 to S909 in this embodiment of the present application is the same as the processing flow of steps S601 to S609 in the foregoing embodiment, and details are not repeated here.

Step S910, the gateway sends a fourth request message to the cloud platform according to the check mark of the Bluetooth device.

In some embodiments, the fourth request message is used to request to obtain a verification credential of a device authentication platform, and the verification credential of the device authentication platform is used by the Bluetooth Mesh device to verify the legitimacy of the device authentication platform .

In some embodiments, the fourth request message may further include a CID, which is used by the cloud platform to determine the device authentication platform corresponding to the Bluetooth Mesh device according to the DCI.

Step S911, the cloud platform sends a seventh request message to the device authentication platform.

In some embodiments, the seventh request message is used to request to obtain the verification credential of the device authentication platform.

Step S912, the device authentication platform sends the verification certificate of the device authentication platform to the cloud platform.

Step S913, the cloud platform sends the verification certificate of the device authentication platform to the gateway.

Step S914, the gateway sends the verification certificate of the device authentication platform to the Bluetooth Mesh device.

Step S915, the Bluetooth Mesh device verifies the validity of the device authentication platform.

In some embodiments, the Bluetooth Mesh device can use asymmetric encryption or symmetric encryption to verify the legitimacy of the device authentication platform. For example, for the asymmetric encryption method, the device authentication platform pre-stores the public key of the Bluetooth Mesh device. After the device authentication platform generates the verification certificate of the device authentication platform, it encrypts the verification certificate with the public key of the Bluetooth Mesh device, and the Bluetooth Mesh device receives the verification certificate. After verifying the certificate, decrypt it with your own private key. If it can be decrypted normally, it proves to be a legitimate device authentication platform. If it cannot be decrypted normally, it proves to be an illegal device authentication platform. For the symmetric encryption method, the device authentication platform and the Bluetooth Mesh device pre-share the same key (that is, the pre-shared key). After the device authentication platform generates the verification certificate of the device authentication platform, it encrypts the verification certificate with the pre-shared key. The verification certificate received by the Bluetooth Mesh device is decrypted with the same pre-shared key. If it can be decrypted normally, it proves to be a legitimate device authentication platform. If it cannot be decrypted normally, it proves to be an illegal device authentication platform.

Step S916, if the verification result of the Bluetooth Mesh device is legal, and the verification result of the device authentication platform is legal, the gateway performs network access configuration of the Bluetooth Mesh device.

In some embodiments, if the verification result of the Bluetooth Mesh device is legal and the verification result of the device authentication platform is legal, the gateway starts the distribution of the Bluetooth Mesh network access configuration data, and sends the network address and security key ( (such as network key and/or device key) and other configuration information to complete the network access configuration process of the Bluetooth Mesh device.

Step S917, the gateway requests the cloud platform accessed by the gateway to add a Bluetooth Mesh device.

In the above, the verification result of the Bluetooth Mesh device is taken as an example, and steps S916 to S917 are executed. If at least one of the verification result of the Bluetooth Mesh device and the verification result of the device authentication platform is invalid, the gateway terminates the network access configuration process of the Bluetooth Mesh device.

In the processing flow of the Bluetooth device access authentication method shown in Figure 8, the gateway verifies the validity of the Bluetooth Mesh device first, and when the verification result indicates that the Bluetooth Mesh device is legal, the Bluetooth Mesh device verifies the device authentication the legitimacy of the platform. In specific implementation, the Bluetooth Mesh device can also verify the validity of the device authentication platform first, and then the gateway can verify the validity of the Bluetooth Mesh device when the verification result indicates that the device authentication platform is legal; that is, after the execution is completed. After steps S901 to S903, steps S910 to S915 are performed first, and then steps S904-S909 are performed.

Based on the above-mentioned FIG. 7 , the validity of the Bluetooth Mesh device is verified by the gateway, and the validity of the gateway/cloud platform is verified by the Bluetooth Mesh device. The Bluetooth device access authentication method provided by the embodiment of the present application is described in detail. Based on the above-mentioned FIG. 8 , the validity of the Bluetooth Mesh device is verified by the gateway, and the validity of the device authentication platform is verified by the Bluetooth Mesh device. The Bluetooth device access authentication method provided by the embodiment of the present application is described in detail. In specific implementation, the gateway can verify the validity of the Bluetooth Mesh device, the Bluetooth Mesh device can verify the validity of the gateway/cloud platform, and the Bluetooth Mesh device can verify the legality of the device authentication platform. There is no sequence of execution between the validity of the Bluetooth Mesh device, the validity of the gateway/cloud platform verified by the Bluetooth Mesh device, and the validity of the device authentication platform verified by the Bluetooth Mesh device. Among them, there may be a priority between the Bluetooth Mesh device verifying the legitimacy of the gateway/cloud platform and the Bluetooth Mesh device verifying the legitimacy of the device authentication platform, such as the Bluetooth Mesh device verifying the legitimacy of the gateway/cloud platform. If the level is higher than the priority of the Bluetooth Mesh device verifying the validity of the device authentication platform, the Bluetooth Mesh device will give priority to verifying the validity of the gateway/cloud platform.

The Bluetooth device access authentication methods shown in Figures 6 to 8 above all perform Bluetooth Mesh device verification, or gateway/cloud platform verification, or device authentication platform verification before completing the Bluetooth Mesh network configuration. In further specific implementation, the embodiments of the present application may further perform Bluetooth Mesh device verification, or gateway/cloud platform verification, or device authentication platform verification after completing the Bluetooth Mesh network configuration.

The fourth detailed processing flow of the Bluetooth device access authentication method provided by the embodiment of the present application, as shown in Figure 9, includes:

Step S1001, the Bluetooth Mesh device sends an unconfigured network broadcast packet to the gateway.

In some embodiments, the description of the Bluetooth Mesh device sending an unconfigured network broadcast packet to the gateway is the same as the above step S601, and will not be repeated here.

Steps S1002-S1003, the Bluetooth Mesh device and the gateway start the Bluetooth Mesh network configuration process, and complete the Bluetooth Mesh network configuration process.

Wherein, starting the Bluetooth Mesh network configuration process may include: calculating a security key, and the security key is used to encrypt/decrypt the verification credential between the Bluetooth Mesh device and the gateway; wherein, the security key may include a session key, One or more of Device Key, Network Key, and App Key.

The process of completing the Bluetooth Mesh network configuration includes: the gateway starts the distribution of configuration data for Bluetooth Mesh network access, sends configuration information such as network addresses and security keys (such as network keys and/or device keys) to the Bluetooth Mesh devices, and completes the network access of the Bluetooth Mesh devices. configuration process.

Step S1004, the gateway obtains the verification certificate of the Bluetooth Mesh device.

Step S1005, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1006, the cloud platform accessed by the gateway requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

Step S1007, the device authentication platform verifies the validity of the Bluetooth Mesh device.

Step S1008, the device authentication platform feeds back the verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1009, the cloud platform connected by the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

Step S1010, if the verification result of the Bluetooth Mesh device is valid, the gateway requests the cloud platform accessed by the gateway to add the Bluetooth Mesh device.

In the above, taking the verification result of the Bluetooth Mesh device as valid as an example, step S1010 is executed. If the verification result of the Bluetooth Mesh device is invalid, delete the Bluetooth Mesh device from the Bluetooth Mesh network.

Taking the validity of the Bluetooth device verified by the gateway and the validity of the gateway/cloud platform verified by the Bluetooth Mesh device after the Bluetooth Mesh network configuration is completed as an example, the first step of the Bluetooth device access authentication method provided by the embodiment of the present application is: Five optional detailed processing flows, as shown in Figure 10, include the following steps:

Step S1101, the Bluetooth Mesh device sends an unconfigured network broadcast packet to the gateway.

Steps S1102-S1103, the Bluetooth Mesh device and the gateway start the Bluetooth Mesh network configuration process.

Step S1104, the gateway sends the verification certificate of the gateway/platform to the Bluetooth Mesh device.

In other embodiments, the Bluetooth Mesh device may send a third request message to the gateway according to the verification mark, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.

Step S1104-1, the gateway sends a second request message to the cloud platform, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.

Step S1104-2, the cloud platform obtains the device authentication platform information corresponding to the gateway and/or the cloud platform.

Step S1104-3, the cloud platform requests the device authentication platform to obtain the verification credential of the gateway and/or the cloud platform.

In some embodiments, the cloud platform sends a sixth request message to the device authentication platform; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the gateway and/or the The verification certificate of the cloud platform.

Step S1104-4, the device authentication platform sends the verification credential of the gateway and/or the cloud platform to the cloud platform.

Step S1104-5, the cloud platform sends the gateway and/or the verification credential of the cloud platform to the gateway.

The above steps S1104-1 to S1104-5 are specific implementation processes for the gateway to obtain the verification credentials of the gateway and/or the cloud platform from the network side (cloud platform and device authentication platform).

Step S1105, the Bluetooth Mesh device verifies the validity of the gateway and/or the cloud platform according to the received verification credentials of the gateway and/or the cloud platform, and feeds back the verification result of the gateway and/or the cloud platform to the gateway.

In some embodiments, when the verification result of the Bluetooth Mesh device on the gateway and/or the cloud platform is that the gateway and/or the cloud platform are legal, the Bluetooth device access authentication method provided by the embodiments of the present application performs the following steps S1106- S1112:

Step S1106, the gateway obtains the verification certificate of the Bluetooth Mesh device.

Step S1107, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform.

Step S1108, the cloud platform requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

Step S1109, the device authentication platform verifies the validity of the Bluetooth Mesh device.

Step S1110, the device authentication platform feeds back the verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1111, the cloud platform connected to the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

Step S1112, if the verification result of the Bluetooth Mesh device is valid, the gateway requests the cloud platform accessed by the gateway to add the Bluetooth Mesh device.

Therefore, in the Bluetooth device access authentication method shown in Figure 10, the Bluetooth mesh device verifies the legitimacy of the gateway and/or the cloud platform, and when the verification result indicates that the gateway and/or the cloud platform are legal, the gateway verifies the legitimacy of the gateway and/or the cloud platform. Verify the validity of the Bluetooth Mesh device; if the verification result indicates that the Bluetooth Mesh device is legal, perform the network access configuration of the Bluetooth Mesh device. Compared with the processing flow of the Bluetooth device access authentication method shown in Figure 9, the processing flow of the Bluetooth device access authentication method shown in Figure 7 adds the Bluetooth Mesh device verification method before the gateway verifies the validity of the Bluetooth Mesh device. Steps to verify the legitimacy of the gateway and/or cloud platform; further improve the security of Bluetooth Mesh network access authentication.

Taking the validity of the Bluetooth device verified by the gateway and the legality of the device authentication platform verified by the Bluetooth Mesh device after the Bluetooth Mesh network configuration is completed as an example, the sixth step of the Bluetooth device access authentication method provided by the embodiment of the present application is: An optional detailed processing flow, as shown in Figure 11, includes the following steps:

Step S1201, the Bluetooth Mesh device sends an unconfigured network broadcast packet to the gateway.

Steps S1202-S1203, the Bluetooth Mesh device and the gateway start the Bluetooth Mesh network configuration process.

Step S1204, the gateway sends a fourth request message to the cloud platform according to the check mark of the Bluetooth device.

Step S1205, the cloud platform sends a seventh request message to the device authentication platform.

Step S1206, the device authentication platform sends the verification certificate of the device authentication platform to the cloud platform.

Step S1207, the cloud platform sends the verification certificate of the device authentication platform to the gateway.

Step S1208, the gateway sends the verification certificate of the device authentication platform to the Bluetooth Mesh device.

Step S1209, the Bluetooth Mesh device verifies the validity of the device authentication platform.

Step S1210, the gateway obtains the verification certificate of the Bluetooth Mesh device.

Step S1211, the gateway sends the verification certificate of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1212, the cloud platform accessed by the gateway requests the device authentication platform to verify the validity of the Bluetooth Mesh device.

Step S1213, the device authentication platform verifies the validity of the Bluetooth Mesh device.

Step S1214, the device authentication platform feeds back the verification result of the Bluetooth Mesh device to the cloud platform accessed by the gateway.

Step S1215, the cloud platform connected to the gateway feeds back the verification result of the Bluetooth Mesh device to the gateway.

Step S1216, if the verification result of the Bluetooth Mesh device is valid, the gateway requests the cloud platform accessed by the gateway to add the Bluetooth Mesh device.

In the above, taking the verification result of the Bluetooth Mesh device as valid as an example, step S1216 is executed. If the verification result of the Bluetooth Mesh device is invalid, delete the Bluetooth Mesh device from the Bluetooth Mesh network.

In the processing flow of the Bluetooth device access authentication method shown in Figure 11, the Bluetooth Mesh device verifies the validity of the device authentication platform first, and when the verification result indicates that the device authentication platform is legal, the gateway verifies the Bluetooth Mesh Legality of the device. In specific implementation, the gateway can also verify the validity of the Bluetooth Mesh device first, and when the verification result indicates that the Bluetooth Mesh device is legal, then the Bluetooth Mesh device can verify the validity of the device authentication platform; that is, after the execution is completed. After steps S1201 to S1203, steps S1210 to S1215 are performed first, and then steps S1204-1209 are performed.

Based on the above-mentioned FIG. 10 , the validity of the Bluetooth Mesh device is verified by the gateway, and the validity of the gateway/cloud platform is verified by the Bluetooth Mesh device. The Bluetooth device access authentication method provided by the embodiment of the present application is described in detail. Based on the above-mentioned FIG. 11 , the validity of the Bluetooth Mesh device is verified by the gateway, and the validity of the device authentication platform is verified by the Bluetooth Mesh device. The Bluetooth device access authentication method provided by the embodiment of the present application is described in detail. In specific implementation, the gateway can verify the validity of the Bluetooth Mesh device, the Bluetooth Mesh device can verify the validity of the gateway/cloud platform, and the Bluetooth Mesh device can verify the legality of the device authentication platform. There is no sequence of execution between the validity of the Bluetooth Mesh device, the validity of the gateway/cloud platform verified by the Bluetooth Mesh device, and the validity of the device authentication platform verified by the Bluetooth Mesh device. Among them, there may be a priority between the Bluetooth Mesh device verifying the legitimacy of the gateway/cloud platform and the Bluetooth Mesh device verifying the legitimacy of the device authentication platform, such as the Bluetooth Mesh device verifying the legitimacy of the gateway/cloud platform. If the level is higher than the priority of the Bluetooth Mesh device verifying the validity of the device authentication platform, the Bluetooth Mesh device will give priority to verifying the validity of the gateway/cloud platform.

It should be noted that the "Bluetooth device" described in the embodiments of the present application may also be a Bluetooth Mesh device applied in a Bluetooth Mesh network, and the "cloud platform" described in the embodiments of the present application is a cloud platform accessed by a gateway.

It should be understood that, in various embodiments of the present application, the size of the sequence numbers of the above-mentioned processes does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not be dealt with in the embodiments of the present application. implementation constitutes any limitation.

In order to implement the Bluetooth device access authentication method provided by the embodiment of the present application, the embodiment of the present application further provides a gateway. The optional composition structure of the gateway 1300, as shown in FIG. 12 , includes:

The first processing unit 1301 is configured to determine the verification credential of the Bluetooth device;

The first sending unit 1302 is configured to send the verification credential of the Bluetooth device to the cloud platform, where the verification credential of the Bluetooth device is used for the cloud platform to determine the validity of the Bluetooth device.

In some embodiments, the first processing unit 1301 is configured to receive a verification credential of the Bluetooth device sent by the Bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to send a first request message to the Bluetooth device, where the first request message is used to request to obtain a verification credential of the Bluetooth device.

In some embodiments, the first processing unit 1301 is configured to receive a device verification result sent by the cloud platform, where the device verification result is used to indicate the validity of the Bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to determine the verification credential of the gateway and/or the cloud platform.

In some embodiments, the verification credentials of the gateway and/or the cloud platform are pre-stored.

In some embodiments, the first processing unit 1301 is configured to send a second request message to the cloud platform, where the second request message is used to request to obtain the verification of the gateway and/or the cloud platform certificate;

Receive the verification credential of the gateway and/or the cloud platform sent by the cloud platform.

In some embodiments, the first sending unit 1302 is further configured to send the verification credentials of the gateway and/or the cloud platform to the Bluetooth device, the verification credentials of the gateway and/or the cloud platform The verification credential is used by the Bluetooth device to verify the validity of the gateway/or the cloud platform.

In some embodiments, the first processing unit 1301 is further configured to receive a third request message sent by the Bluetooth device, where the third request message is used to request to obtain the information of the gateway and/or the cloud platform Verify credentials.

In some embodiments, the first processing unit 1301 is further configured to receive the gateway and/or the cloud platform verification result sent by the Bluetooth device, the gateway and/or the cloud platform verification result using to indicate legitimacy against the gateway and/or the cloud platform.

In some embodiments, the first sending unit 1302 is configured to send a fourth request message to the cloud platform according to the check mark of the Bluetooth device, where the fourth request message is used to request to obtain a device authentication platform verification certificate;

The verification credential of the device authentication platform is used for the Bluetooth device to verify the legitimacy of the device authentication platform.

In some embodiments, the first processing unit 1301 is further configured to receive the verification credential of the device authentication platform sent by the cloud platform;

The first sending unit 1302 is further configured to send the verification credential of the device authentication platform to the Bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to request the cloud platform to add the Bluetooth device.

In some embodiments, the first processing unit 1301 is configured to send the information of the Bluetooth device to the cloud platform, where the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device.

In some embodiments, the first sending unit 1302 is further configured to send configuration information to the Bluetooth device, where the configuration information is used to perform network access configuration of the Bluetooth device.

In some embodiments, the first processing unit 1301 is further configured to receive a check mark sent by the Bluetooth device, where the check mark is used to indicate an object to be checked.

In some embodiments, the verification mark includes at least one of: verifying the Bluetooth device, verifying the gateway and/or the cloud platform, and verifying a device authentication platform.

In order to implement the Bluetooth device access authentication method provided by the embodiment of the present application, the embodiment of the present application further provides a cloud platform. The optional composition structure of the cloud platform 1400, as shown in FIG. 13 , includes:

The first receiving unit 1401 is configured to receive the verification certificate of the Bluetooth device sent by the gateway;

The second processing unit 1402 is configured to determine the validity of the Bluetooth device based on the verification credential of the Bluetooth device.

In some embodiments, the second processing unit 1402 is configured to send a fifth request message carrying the verification credential of the Bluetooth device to the device authentication platform if the Bluetooth device is not a device corresponding to the cloud platform ; The fifth request message is used to request the device authentication platform to verify the legitimacy of the Bluetooth device;

If the Bluetooth device is a device corresponding to the cloud platform, verify the validity of the Bluetooth device.

In some embodiments, the first receiving unit 1401 is further configured to receive a device verification result sent by the device authentication platform, where the device verification result is used to indicate the validity of the Bluetooth device.

In some embodiments, the second processing unit 1402 is further configured to send the device verification result to the gateway.

In some embodiments, the first receiving unit 1401 is further configured to receive a second request message sent by the gateway, where the second request message is used for requesting to obtain the calibration of the gateway and/or the cloud platform verification certificate;

The second processing unit 1402 is further configured to confirm the verification credentials of the gateway and/or the cloud platform.

In some embodiments, the second processing unit 1402 is configured to, if the Bluetooth device is not a device corresponding to the cloud platform, the cloud platform determines a device authentication platform corresponding to the Bluetooth device; The authentication platform sends a sixth request message; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the verification credential of the gateway and/or the cloud platform.

The first receiving unit 1401 is configured to receive the verification credential of the gateway and/or the cloud platform sent by the device authentication platform.

In some embodiments, the second processing unit 1402 is further configured to send the gateway and/or the verification credential of the cloud platform to the gateway.

In some embodiments, the first receiving unit 1401 is further configured to receive a fourth request message sent by the gateway, where the fourth request message is used to request to obtain the verification credential of the device authentication platform; determine the device authentication Platform verification credentials.

In some embodiments, the second processing unit 1402 is configured to send a seventh request message to the device authentication platform, where the seventh request message is used to request to obtain the verification credential of the device authentication platform;

The first receiving unit 1401 is configured to receive the verification credential of the device authentication platform sent by the device authentication platform.

In some embodiments, the second processing unit 1402 is configured to send the verification credential of the device authentication platform to the gateway.

In some embodiments, the second processing unit 1402 is further configured to add the Bluetooth device.

In some embodiments, the second processing unit 1402 is configured to receive the information of the Bluetooth device sent by the gateway; and add the Bluetooth device according to the information of the Bluetooth device.

In order to realize the Bluetooth device access authentication method provided by the embodiment of the present application, the embodiment of the present application further provides a device authentication platform. The optional composition structure of the device authentication platform 1500, as shown in FIG. 14 , includes:

The second receiving unit 1501 is configured to receive a fifth request message sent by the cloud platform; the fifth request message includes the verification credential of the Bluetooth device;

The third processing unit 1502 verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.

In some embodiments, the second receiving unit 1501 is further configured to receive a sixth request message sent by the cloud platform; the sixth request message carries the identifier of the gateway and/or the cloud platform, and uses upon request to obtain the verification credential of the gateway and/or the cloud platform.

In some embodiments, the third processing unit 1502 is configured to generate a verification credential of the gateway and/or the cloud platform according to the identifier of the gateway and/or the cloud platform;

Send the verification credential of the gateway and/or the cloud platform to the cloud platform.

In order to implement the Bluetooth device access authentication method provided by the embodiment of the present application, the embodiment of the present application further provides a Bluetooth device. The optional composition structure of the Bluetooth device 1600, as shown in FIG. 15 , includes:

The second sending unit 1601 is configured to send a verification certificate of the Bluetooth device to the gateway, where the verification certificate of the Bluetooth device is used to determine the validity of the Bluetooth device.

In some embodiments, the Bluetooth device 1600 further includes:

The fourth processing unit 1602 is configured to receive a first request message sent by the gateway, where the first request message is used to request to obtain a verification credential of the Bluetooth device.

In some embodiments, the Bluetooth device 1600 further includes:

The fifth processing unit 1603 is configured to receive the verification credential of the gateway and/or the cloud platform, and the verification credential of the gateway and/or the cloud platform is used for the Bluetooth device to verify the gateway/ or the legality of the cloud platform.

In some embodiments, the second sending unit 1601 is further configured to send a third request message to the gateway, where the third request message is used to request to obtain the verification of the gateway and/or the cloud platform certificate.

In some embodiments, the fifth processing unit 1603 is configured to verify the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.

In some embodiments, the second sending unit 1601 is configured to send the gateway and/or the cloud platform verification result sent by the Bluetooth device to the gateway, the gateway and/or the cloud platform verification result. The verification result is used to indicate the legitimacy of the gateway and/or the cloud platform.

In some embodiments, the Bluetooth device 1600 further includes: the sixth processing unit 1604, configured to receive the verification credential of the device authentication platform sent by the gateway; based on the verification credential of the device authentication platform, the verification Verify the legitimacy of the device authentication platform.

In some embodiments, the Bluetooth device 1600 further includes: a third receiving unit 1605, configured to receive configuration information sent by the gateway, where the configuration information is used to perform network access configuration of the Bluetooth device.

An embodiment of the present application provides a gateway, including a processor and a memory for storing a computer program that can be executed on the processor, wherein the processor is configured to execute the Bluetooth device interface executed by the gateway when the computer program is executed. Enter the steps of the authentication method.

An embodiment of the present application provides a cloud platform, including a processor and a memory for storing a computer program that can be run on the processor, wherein the processor is configured to execute the bluetooth executed by the cloud platform when running the computer program The steps of the device access authentication method.

An embodiment of the present application provides a device authentication platform, including a processor and a memory for storing a computer program that can be run on the processor, wherein the processor is configured to execute the above-mentioned device authentication platform when running the computer program. The steps of the Bluetooth device access authentication method.

An embodiment of the present application provides a Bluetooth device, including a processor and a memory for storing a computer program that can be run on the processor, wherein the processor is configured to execute the Bluetooth program executed by the Bluetooth device when the computer program is executed. The steps of the device access authentication method.

An embodiment of the present application further provides a chip, including: a processor configured to call and run a computer program from a memory, so that a device installed with the chip executes the above-mentioned Bluetooth device access authentication method.

An embodiment of the present application further provides a storage medium storing an executable program, and when the executable program is executed by a processor, the above-mentioned Bluetooth device access authentication method is implemented.

The embodiments of the present application further provide a computer program product, including computer program instructions, the computer program instructions enable a computer to execute the above-mentioned Bluetooth device access authentication method.

The embodiment of the present application further provides a computer program, the computer program enables a computer to execute the above-mentioned Bluetooth device access authentication method.

16 is a schematic diagram of the hardware composition of an electronic device (gateway, or cloud platform, or Bluetooth device, or device authentication platform) according to an embodiment of the present application. The electronic device 700 includes: at least one processor 701, memory 702, and at least one network interface 704. The various components in electronic device 700 are coupled together by bus system 705 . It can be understood that the bus system 705 is used to implement the connection communication between these components. In addition to the data bus, the bus system 705 also includes a power bus, a control bus and a status signal bus. However, for the sake of clarity, the various buses are labeled as bus system 705 in FIG. 16 .

It will be appreciated that memory 702 may be either volatile memory or non-volatile memory, and may include both volatile and non-volatile memory. Among them, the non-volatile memory can be ROM, Programmable Read-Only Memory (PROM, Programmable Read-Only Memory), Erasable Programmable Read-Only Memory (EPROM, Erasable Programmable Read-Only Memory), Electrically Erasable Programmable Read-Only Memory Programmable read-only memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), magnetic random access memory (FRAM, ferromagnetic random access memory), flash memory (Flash Memory), magnetic surface memory, optical disk, or CD-ROM -ROM, Compact Disc Read-Only Memory); magnetic surface memory can be disk memory or tape memory. Volatile memory may be Random Access Memory (RAM), which acts as an external cache. By way of example but not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory Memory (DRAM, Dynamic Random Access Memory), Synchronous Dynamic Random Access Memory (SDRAM, Synchronous Dynamic Random Access Memory), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM, Double Data Rate Synchronous Dynamic Random Access Memory), Enhanced Type Synchronous Dynamic Random Access Memory (ESDRAM, Enhanced Synchronous Dynamic Random Access Memory), Synchronous Link Dynamic Random Access Memory (SLDRAM, SyncLink Dynamic Random Access Memory), Direct Memory Bus Random Access Memory (DRRAM, Direct Rambus Random Access Memory) ). The memory 702 described in the embodiments of the present application is intended to include, but not limited to, these and any other suitable types of memory.

The memory 702 in this embodiment of the present application is used to store various types of data to support the operation of the electronic device 700 . Examples of such data include: any computer program used to operate on electronic device 700, such as application 7022. The program for implementing the method of the embodiment of the present application may be included in the application program 7022 .

The methods disclosed in the above embodiments of the present application may be applied to the processor 701 or implemented by the processor 701 . The processor 701 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above-mentioned method can be completed by an integrated logic circuit of hardware in the processor 701 or an instruction in the form of software. The above-mentioned processor 701 may be a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The processor 701 may implement or execute the methods, steps, and logical block diagrams disclosed in the embodiments of this application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application can be directly embodied as being executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the memory 702, and the processor 701 reads the information in the memory 702, and completes the steps of the foregoing method in combination with its hardware.

In an exemplary embodiment, the electronic device 700 may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs) , Complex Programmable Logic Device), FPGA, general-purpose processor, controller, MCU, MPU, or other electronic component implementation for performing the aforementioned method.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

It should be understood that the terms "system" and "network" in this application are often used interchangeably herein. The term "and/or" in this application is only an association relationship to describe associated objects, which means that there can be three kinds of relationships, for example, A and/or B, which can mean that A exists alone, A and B exist at the same time, independently There are three cases of B. In addition, the character "/" in this application generally indicates that the related objects are an "or" relationship.

The above descriptions are only preferred embodiments of the present application, and are not intended to limit the protection scope of the present application. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present application shall be included in the within the scope of protection of this application.

Claims

A Bluetooth device access authentication method, the method comprising:

The gateway determines the verification certificate of the Bluetooth device;

The gateway sends the verification credential of the Bluetooth device to the cloud platform, and the verification credential of the Bluetooth device is used by the cloud platform to determine the validity of the Bluetooth device.
The method according to claim 1, wherein the gateway determines the verification credential of the Bluetooth device, comprising:

The gateway receives the verification credential of the Bluetooth device sent by the Bluetooth device.
The method according to claim 2, wherein the gateway determines the verification credential of the Bluetooth device, further comprising:

The gateway sends a first request message to the Bluetooth device, where the first request message is used to request to obtain a verification credential of the Bluetooth device.
The method according to any one of claims 1 to 3, wherein the method further comprises:

The gateway receives a device verification result sent by the cloud platform, where the device verification result is used to indicate the validity of the Bluetooth device.
The method according to any one of claims 1 to 4, wherein the method further comprises:

The gateway determines the verification credential of the gateway and/or the cloud platform.
The method according to claim 5, wherein the verification credentials of the gateway and/or the cloud platform are pre-stored.
The method according to claim 5, wherein the gateway determines the verification credential of the gateway and/or the cloud platform, comprising:

sending, by the gateway, a second request message to the cloud platform, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform;

The gateway receives the verification credential of the gateway and/or the cloud platform sent by the cloud platform.
The method according to any one of claims 5 to 7, wherein the method further comprises:

The gateway sends the verification credential of the gateway and/or the cloud platform to the Bluetooth device, and the verification credential of the gateway and/or the cloud platform is used by the Bluetooth device to verify the gateway/ or the legality of the cloud platform.
The method of claim 8, wherein the method further comprises:

The gateway receives a third request message sent by the Bluetooth device, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.
The method according to claim 8 or 9, wherein the method further comprises:

The gateway receives the gateway and/or the cloud platform verification result sent by the Bluetooth device, and the gateway and/or the cloud platform verification result is used to indicate the gateway and/or the cloud platform. legality.
The method according to any one of claims 1 to 10, wherein the method further comprises:

The gateway sends a fourth request message to the cloud platform according to the verification mark of the Bluetooth device, where the fourth request message is used to request to obtain the verification credential of the device authentication platform;

The verification credential of the device authentication platform is used for the Bluetooth device to verify the legitimacy of the device authentication platform.
The method of claim 11, wherein the method further comprises:

receiving, by the gateway, the verification credential of the device authentication platform sent by the cloud platform;

The gateway sends the verification credential of the device authentication platform to the Bluetooth device.
The method according to any one of claims 1 to 12, wherein the method further comprises:

The gateway requests the cloud platform to add the Bluetooth device.
The method of claim 13, wherein the gateway requests the cloud platform to add the Bluetooth device, comprising:

The gateway sends the information of the Bluetooth device to the cloud platform, and the information of the Bluetooth device is used by the cloud platform to add the Bluetooth device.
The method according to any one of claims 1 to 14, wherein the method further comprises:

The gateway sends configuration information to the Bluetooth device, where the configuration information is used to perform network access configuration of the Bluetooth device.
The method according to any one of claims 1 to 15, wherein the method further comprises:

The gateway receives a check mark sent by the Bluetooth device, where the check mark is used to indicate an object to be checked.
The method of claim 16, wherein the check mark comprises at least one of the following:

verifying the bluetooth device;

verifying the gateway and/or the cloud platform;

Verify the device authentication platform.
A Bluetooth device access authentication method, the method comprising:

The cloud platform receives the verification certificate of the Bluetooth device sent by the gateway;

The cloud platform determines the validity of the Bluetooth device based on the verification certificate of the Bluetooth device.
The method according to claim 18, wherein the cloud platform determining the validity of the Bluetooth device based on the verification credential of the Bluetooth device comprises:

If the Bluetooth device is not a device corresponding to the cloud platform, the cloud platform sends a fifth request message carrying the verification credential of the Bluetooth device to the device authentication platform; the fifth request message is used to request the The device authentication platform verifies the validity of the Bluetooth device;

If the Bluetooth device is a device corresponding to the cloud platform, the cloud platform verifies the validity of the Bluetooth device.
The method of claim 19, wherein the method further comprises:

The cloud platform receives a device verification result sent by the device authentication platform, where the device verification result is used to indicate the validity of the Bluetooth device.
The method of claim 20, wherein the method further comprises:

The cloud platform sends the device verification result to the gateway.
The method of any one of claims 18 to 21, wherein the method further comprises:

receiving, by the cloud platform, a second request message sent by the gateway, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform;

The cloud platform confirms the verification credentials of the gateway and/or the cloud platform.
The method according to claim 22, wherein the cloud platform confirms the legitimacy of the gateway and/or the cloud platform, comprising:

If the Bluetooth device is not a device corresponding to the cloud platform, the cloud platform determines a device authentication platform corresponding to the Bluetooth device;

The cloud platform sends a sixth request message to the device authentication platform; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the gateway and/or the cloud platform verification certificate;

The cloud platform receives the verification credential of the gateway and/or the cloud platform sent by the device authentication platform.
The method of claim 22 or 23, wherein the method further comprises:

The cloud platform sends the gateway and/or the verification credential of the cloud platform to the gateway.
The method of any one of claims 18 to 24, wherein the method further comprises:

receiving, by the cloud platform, a fourth request message sent by the gateway, where the fourth request message is used to request to obtain the verification credential of the device authentication platform;

The cloud platform determines the verification credential of the device authentication platform.
The method according to claim 25, wherein the cloud platform determines the verification credential of the device authentication platform, comprising:

The cloud platform sends a seventh request message to the device authentication platform, where the seventh request message is used to request to obtain the verification credential of the device authentication platform;

The cloud platform receives the verification certificate of the device authentication platform sent by the device authentication platform.
The method of claim 25 or 26, wherein the method further comprises:

The cloud platform sends the verification credential of the device authentication platform to the gateway.
The method of any one of claims 18 to 27, wherein the method further comprises:

The cloud platform adds the Bluetooth device.
The method of claim 28, wherein adding the Bluetooth device to the cloud platform comprises:

receiving, by the cloud platform, the information of the Bluetooth device sent by the gateway;

The cloud platform adds the Bluetooth device according to the information of the Bluetooth device.
A Bluetooth device access authentication method, the method comprising:

The device authentication platform receives the fifth request message sent by the cloud platform; the fifth request message includes the verification certificate of the Bluetooth device;

The device authentication platform verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.
The method of claim 30, wherein the method further comprises:

The device authentication platform receives the sixth request message sent by the cloud platform; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the gateway and/or the cloud platform Platform verification credentials.
The method of claim 31, wherein the method further comprises:

The device authentication platform generates the verification credential of the gateway and/or the cloud platform according to the identifier of the gateway and/or the cloud platform;

The device authentication platform sends the verification credential of the gateway and/or the cloud platform to the cloud platform.
A Bluetooth device access authentication method, the method comprising:

The Bluetooth device sends a verification certificate of the Bluetooth device to the gateway, where the verification certificate of the Bluetooth device is used to determine the validity of the Bluetooth device.
The method of claim 33, wherein the method further comprises:

The Bluetooth device receives a first request message sent by the gateway, where the first request message is used to request to obtain a verification credential of the Bluetooth device.
The method of claim 33 or 34, wherein the method further comprises:

The Bluetooth device receives the verification credential of the gateway and/or the cloud platform, and the verification credential of the gateway and/or the cloud platform is used by the Bluetooth device to verify the gateway/or the cloud the legitimacy of the platform.
The method of claim 35, wherein the method further comprises:

The Bluetooth device sends a third request message to the gateway, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.
The method of claim 35 or 36, wherein the method further comprises:

The Bluetooth device verifies the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.
The method of any one of claims 35 to 37, wherein the method further comprises:

The bluetooth device sends the gateway and/or the cloud platform verification result sent by the bluetooth device to the gateway, and the gateway and/or the cloud platform verification result is used to indicate the gateway and/or the cloud platform verification result. The legitimacy of the cloud platform.
The method of any one of claims 33 to 38, wherein the method further comprises:

The Bluetooth device receives the verification certificate of the device authentication platform sent by the gateway;

The Bluetooth device verifies the legitimacy of the device authentication platform based on the verification credential of the device authentication platform.
The method of any one of claims 33 to 39, wherein the method further comprises:

The Bluetooth device receives configuration information sent by the gateway, where the configuration information is used to perform network access configuration of the Bluetooth device.
A gateway that includes:

a first processing unit, configured to determine the verification credential of the Bluetooth device;

The first sending unit is configured to send the verification certificate of the Bluetooth device to the cloud platform, where the verification certificate of the Bluetooth device is used for the cloud platform to determine the validity of the Bluetooth device.
The gateway according to claim 41, wherein the first processing unit is configured to receive a verification credential of the Bluetooth device sent by the Bluetooth device.
The gateway of claim 42, wherein,

The first processing unit is further configured to send a first request message to the Bluetooth device, where the first request message is used to request to obtain a verification credential of the Bluetooth device.
The gateway according to any one of claims 41 to 43, wherein the first processing unit is configured to receive a device verification result sent by the cloud platform, where the device verification result is used to indicate the Bluetooth device legitimacy.
A gateway according to any one of claims 41 to 44, wherein,

The first processing unit is further configured to determine the verification credential of the gateway and/or the cloud platform.
The gateway according to claim 45, wherein the verification credentials of the gateway and/or the cloud platform are pre-stored.
The gateway of claim 45, wherein,

The first processing unit is configured to send a second request message to the cloud platform, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform;

Receive the verification credential of the gateway and/or the cloud platform sent by the cloud platform.
A gateway according to any one of claims 45 to 47, wherein,

The first sending unit is further configured to send the verification credential of the gateway and/or the cloud platform to the Bluetooth device, and the verification credential of the gateway and/or the cloud platform is used for the Bluetooth The device verifies the validity of the gateway and/or the cloud platform.
The gateway of claim 48, wherein,

The first processing unit is further configured to receive a third request message sent by the Bluetooth device, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.
A gateway according to claim 48 or 49, wherein,

The first processing unit is further configured to receive the gateway and/or the cloud platform verification result sent by the Bluetooth device, where the gateway and/or the cloud platform verification result is used to indicate the gateway and/or the cloud platform verification result. /or the legality of the cloud platform.
A gateway according to any one of claims 41 to 50, wherein,

The first sending unit is configured to send a fourth request message to the cloud platform according to the verification mark of the Bluetooth device, where the fourth request message is used to request to obtain the verification credential of the device authentication platform;

The verification credential of the device authentication platform is used for the Bluetooth device to verify the legitimacy of the device authentication platform.
The gateway of claim 51, wherein,

The first processing unit is further configured to receive the verification certificate of the device authentication platform sent by the cloud platform;

The first sending unit is further configured to send the verification credential of the device authentication platform to the Bluetooth device.
A gateway according to any one of claims 41 to 52, wherein,

The first processing unit is further configured to request the cloud platform to add the Bluetooth device.
The gateway of claim 53, wherein,

The first processing unit is configured to send the information of the Bluetooth device to the cloud platform, where the information of the Bluetooth device is used for the cloud platform to add the Bluetooth device.
A gateway according to any one of claims 41 to 54, wherein,

The first sending unit is further configured to send configuration information to the Bluetooth device, where the configuration information is used to perform network access configuration of the Bluetooth device.
A gateway according to any one of claims 41 to 55, wherein,

The first processing unit is further configured to receive a check mark sent by the Bluetooth device, where the check mark is used to indicate an object to be checked.
The gateway of claim 56, wherein the check mark comprises at least one of the following:

verifying the bluetooth device;

verifying the gateway and/or the cloud platform;

Verify the device authentication platform.
A cloud platform that includes:

a first receiving unit, configured to receive the verification certificate of the Bluetooth device sent by the gateway;

The second processing unit is configured to determine the validity of the Bluetooth device based on the verification credential of the Bluetooth device.
The cloud platform of claim 58, wherein,

The second processing unit is configured to send a fifth request message carrying the verification credential of the Bluetooth device to the device authentication platform if the Bluetooth device is not a device corresponding to the cloud platform; the fifth request message for requesting the device authentication platform to verify the validity of the Bluetooth device;

If the Bluetooth device is a device corresponding to the cloud platform, verify the validity of the Bluetooth device.
The cloud platform of claim 59, wherein,

The first receiving unit is further configured to receive a device verification result sent by the device authentication platform, where the device verification result is used to indicate the validity of the Bluetooth device.
The cloud platform of claim 60, wherein,

The second processing unit is further configured to send the device verification result to the gateway.
The cloud platform according to any one of claims 58 to 61, wherein,

The first receiving unit is further configured to receive a second request message sent by the gateway, where the second request message is used to request to obtain the verification credential of the gateway and/or the cloud platform;

The second processing unit is further configured to confirm the verification credentials of the gateway and/or the cloud platform.
The cloud platform of claim 62, wherein,

The second processing unit is configured to, if the Bluetooth device is not a device corresponding to the cloud platform, the cloud platform determines a device authentication platform corresponding to the Bluetooth device; and sends a sixth request message to the device authentication platform ; The sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the verification credential of the gateway and/or the cloud platform;

The first receiving unit is configured to receive the verification credential of the gateway and/or the cloud platform sent by the device authentication platform.
The cloud platform according to claim 62 or 63, wherein,

The second processing unit is further configured to send the gateway and/or the verification credential of the cloud platform to the gateway.
The cloud platform according to any one of claims 58 to 64, wherein,

The first receiving unit is further configured to receive a fourth request message sent by the gateway, where the fourth request message is used to request to obtain the verification credential of the device authentication platform; and determine the verification credential of the device authentication platform.
The cloud platform of claim 65, wherein,

The second processing unit is configured to send a seventh request message to the device authentication platform, where the seventh request message is used to request to obtain the verification credential of the device authentication platform;

The first receiving unit is configured to receive the verification certificate of the device authentication platform sent by the device authentication platform.
The cloud platform according to claim 65 or 66, wherein,

The second processing unit is configured to send the verification credential of the device authentication platform to the gateway.
The cloud platform according to any one of claims 58 to 67, wherein,

The second processing unit is further configured to add the Bluetooth device.
The cloud platform of claim 68, wherein,

The second processing unit is configured to receive the information of the Bluetooth device sent by the gateway; and add the Bluetooth device according to the information of the Bluetooth device.
A device authentication platform including:

The second receiving unit is configured to receive the fifth request message sent by the cloud platform; the fifth request message includes the verification credential of the Bluetooth device;

The third processing unit verifies the validity of the Bluetooth device according to the verification certificate of the Bluetooth device.
The device authentication platform of claim 70, wherein,

The second receiving unit is further configured to receive a sixth request message sent by the cloud platform; the sixth request message carries the identifier of the gateway and/or the cloud platform, and is used to request to obtain the gateway and/or the cloud platform. /or the verification certificate of the cloud platform.
The device authentication platform of claim 71, wherein,

the third processing unit, configured to generate a verification credential of the gateway and/or the cloud platform according to the identifier of the gateway and/or the cloud platform;

Send the verification credential of the gateway and/or the cloud platform to the cloud platform.
A Bluetooth device comprising:

The second sending unit is configured to send the verification certificate of the Bluetooth device to the gateway, where the verification certificate of the Bluetooth device is used to determine the validity of the Bluetooth device.
The Bluetooth device of claim 73, wherein the Bluetooth device further comprises:

The fourth processing unit is configured to receive a first request message sent by the gateway, where the first request message is used to request to obtain a verification credential of the Bluetooth device.
The Bluetooth device of claim 73 or 74, wherein the Bluetooth device further comprises:

A fifth processing unit, configured to receive a verification credential of the gateway and/or the cloud platform, and the verification credential of the gateway and/or the cloud platform is used for the Bluetooth device to verify the gateway/or The legitimacy of the cloud platform.
The Bluetooth device of claim 75, wherein,

The second sending unit is further configured to send a third request message to the gateway, where the third request message is used to request to obtain the verification credential of the gateway and/or the cloud platform.
A Bluetooth device according to claim 75 or 76, wherein,

The fifth processing unit is configured to verify the validity of the gateway and/or the cloud platform according to the verification credentials of the gateway and/or the cloud platform.
A Bluetooth device according to any one of claims 75 to 77, wherein,

The second sending unit is configured to send the gateway and/or the cloud platform verification result sent by the Bluetooth device to the gateway, where the gateway and/or the cloud platform verification result is used to indicate the legality of the gateway and/or the cloud platform.
The Bluetooth device according to any one of claims 73 to 78, wherein the Bluetooth device further comprises:

The sixth processing unit is configured to receive the verification credential of the device authentication platform sent by the gateway; based on the verification credential of the device authentication platform, verify the legitimacy of the device authentication platform.
The Bluetooth device according to any one of claims 73 to 79, wherein the Bluetooth device further comprises:

The third receiving unit is configured to receive configuration information sent by the gateway, where the configuration information is used to perform network access configuration of the Bluetooth device.
A gateway comprising a processor and a memory for storing a computer program executable on the processor, wherein,

The processor is configured to execute the steps of the Bluetooth device access authentication method according to any one of claims 1 to 17 when running the computer program.
A cloud platform comprising a processor and a memory for storing a computer program executable on the processor, wherein,

The processor is configured to execute the steps of the Bluetooth device access authentication method according to any one of claims 18 to 29 when running the computer program.
A device authentication platform includes a processor and a memory for storing a computer program executable on the processor, wherein,

The processor is configured to execute the steps of the Bluetooth device access authentication method according to any one of claims 30 to 32 when running the computer program.
A cloud platform comprising a processor and a memory for storing a computer program executable on the processor, wherein,

The processor is configured to execute the steps of the Bluetooth device access authentication method according to any one of claims 33 to 40 when running the computer program.
A storage medium stores an executable program, and when the executable program is executed by a processor, implements the Bluetooth device access authentication method according to any one of claims 1 to 17.
A storage medium stores an executable program, and when the executable program is executed by a processor, implements the Bluetooth device access authentication method according to any one of claims 18 to 29.
A storage medium stores an executable program, and when the executable program is executed by a processor, implements the Bluetooth device access authentication method according to any one of claims 30 to 32.
A storage medium stores an executable program, and when the executable program is executed by a processor, implements the Bluetooth device access authentication method according to any one of claims 33 to 40.
A computer program product comprising computer program instructions, the computer program instructions causing a computer to execute the Bluetooth device access authentication method according to any one of claims 1 to 17.
A computer program product comprising computer program instructions that cause a computer to perform the Bluetooth device access authentication method as claimed in any one of claims 18 to 29.
A computer program product comprising computer program instructions, the computer program instructions causing a computer to execute the Bluetooth device access authentication method as claimed in any one of claims 30 to 32.
A computer program product comprising computer program instructions, the computer program instructions causing a computer to execute the Bluetooth device access authentication method as claimed in any one of claims 33 to 40.
A computer program, the computer program causing a computer to execute the Bluetooth device access authentication method according to any one of claims 1 to 17.
A computer program, the computer program causing a computer to execute the Bluetooth device access authentication method according to any one of claims 18 to 29.
A computer program, the computer program causing a computer to execute the Bluetooth device access authentication method according to any one of claims 30 to 32.
A computer program, the computer program causing a computer to execute the Bluetooth device access authentication method according to any one of claims 33 to 40.
A chip, comprising: a processor for calling and running a computer program from a memory, so that a device installed with the chip executes the Bluetooth device access authentication method according to any one of claims 1 to 17.
A chip, comprising: a processor for calling and running a computer program from a memory, so that a device installed with the chip executes the Bluetooth device access authentication method according to any one of claims 18 to 29.
A chip, comprising: a processor for calling and running a computer program from a memory, so that a device installed with the chip executes the Bluetooth device access authentication method according to any one of claims 30 to 32.
A chip, comprising: a processor for calling and running a computer program from a memory, so that a device installed with the chip executes the Bluetooth device access authentication method according to any one of claims 33 to 40.