WO2023011016A1

WO2023011016A1 - Internet of things device binding method, apparatus and system, and cloud server and storage medium

Info

Publication number: WO2023011016A1
Application number: PCT/CN2022/099279
Authority: WO
Inventors: 李辉
Original assignee: 深圳Tcl新技术有限公司
Priority date: 2021-08-05
Filing date: 2022-06-16
Publication date: 2023-02-09
Also published as: CN113746633B; CN113746633A

Abstract

Disclosed in the present application are an Internet of Things device binding method and a related device. The method comprises: receiving a binding request from a client for an Internet of Things device; in response to the binding request, instructing a second server, which matches the Internet of Things device, to perform identity verification on a first server matching the client; receiving first authorization authentication information that is sent by the second server after the identity verification is passed; and according to the first authorization authentication information, sending, to the client, second authorization authentication information that is required for binding the Internet of Things device on the basis of token information.

Description

IoT device binding method, device, system, cloud server and storage medium

This application claims the priority of a Chinese patent application with an application date of August 5, 2021, an application number of 202110898234.2, and an invention titled "Internet of Things Device Binding Method, Device, System, Cloud Server, and Storage Medium", the entire content of which Incorporated in this application by reference.

technical field

The present application relates to the field of communication technology, and in particular to a binding method, device, system, cloud server and storage medium for IoT devices.

Background technique

The Internet of Things (IoT) is an inevitable choice for the interconnection of all things in the future, and various manufacturers are committed to realizing the interconnection of IoT devices.

technical problem

At present, when a user configures the IoT device of the IoT system B through the client of the IoT system A, the user account information between the IoT system A and the IoT system B is generally bound based on a predetermined agreement, so it is necessary to The exchange of user information between the docking parties requires mutual trust based on the two parties. However, this trust is generally guaranteed through business contracts, which makes the interconnection of devices in the Internet of Things into point-to-point communication. The cost high and inefficient.

technical solution

Embodiments of the present application provide a method, device, system, cloud server, and storage medium for binding IoT devices, which can improve the efficiency of binding IoT devices.

An IoT device binding method provided in an embodiment of the present application includes:

receiving a first binding request for an IoT device initiated by a client, the client logging in with a user account;

Responding to the first binding request, indicating a second cloud server matching the IoT device, and performing identity verification on the first cloud server matching the client;

receiving the authorization authentication information returned by the second cloud server, where the first authorization authentication information is sent after the identity verification of the first cloud server by the second cloud server;

Send second authorization and authentication information to the client according to the first authorization and authentication information, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second The binding request is used to instruct the second cloud server to generate token information for the user account, and bind the IoT device based on the token information.

Another IoT device binding method provided in the embodiment of the present application includes:

Receive a verification request sent by the first cloud server, where the verification request is sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, and the client has a user account logged in;

performing identity verification on the first cloud server based on the verification request;

If the identity verification is passed, sending first authorization authentication information to the first cloud server, so that the first cloud server sends the first authorization authentication information to the client and sends second authorization authentication information;

In response to the request sent by the client based on the second authorization and authentication information, generate token information for the user account, and bind the IoT device based on the token information.

Correspondingly, the embodiment of the present application also provides an IoT device binding device, including:

The first receiving module is configured to receive a first binding request for an IoT device initiated by a client, the client logging in with a user account;

A response module, configured to, in response to the first binding request, indicate a second cloud server matching the IoT device, and perform identity verification on the first cloud server matching the client;

The second receiving module is configured to receive the first authorization and authentication information returned by the second cloud server, the first authorization and authentication information is sent after the second cloud server passes the identity verification of the first cloud server ;

The first binding module is configured to send second authorization and authentication information to the client according to the first authorization and authentication information, so that the client sends the second authorization and authentication information to the second cloud server based on the second authorization and authentication information. A binding request, the second binding request is used to instruct the second cloud server to generate token information for the user account, and bind the IoT device based on the token information.

Correspondingly, another IoT device binding device provided in the embodiment of the present application includes:

The third receiving module is configured to receive the verification request sent by the first cloud server, the verification request is a request sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, the client There is a user account for terminal login;

a verification module, configured to perform identity verification on the first cloud server based on the verification request;

A sending module, configured to send first authorization and authentication information to the first cloud server if the identity verification is passed, so that the first cloud server sends a second authorization to the client based on the first authorization and authentication information Certification Information;

The second binding module is configured to generate token information for the user account in response to the second binding request sent by the client based on the authorization and authentication information, and perform an authentication on the Internet of Things based on the token information The device is bound.

Correspondingly, the embodiment of the present application also provides an IoT device binding system, including a first cloud server, a second cloud server, a client matching the first cloud server, and a Matching IoT devices where:

The client is configured to send a binding request for the IoT device to the first cloud server, and the client is logged in with a user account;

The first cloud server is configured to, in response to the first binding request, send a verification request to the second cloud server, where the verification request carries verification information of the first cloud server;

The second cloud server is configured to perform identity verification on the first cloud server based on the verification information;

The second cloud server is configured to return first authorization and authentication information to the first cloud server if the identity verification is passed;

The first cloud server is configured to send second authorization and authentication information to the client based on the first authorization and authentication information;

The client is configured to send a second binding request to the second cloud server based on the second authorization and authentication information;

The second cloud server is configured to, in response to the second binding request, generate token information for the user account logged in on the client based on the second authorization and authentication information, and send the token information to the the client;

The second cloud server is configured to bind the IoT device based on the token information;

The client is configured to bind the user account with the IoT device based on the token information.

Correspondingly, an embodiment of the present application also provides a cloud server, including a memory and a processor; the memory stores a computer program, and the processor is used to run the computer program in the memory to execute the cloud server provided in the embodiment of the present application. Any IoT device binding method.

Correspondingly, the embodiment of the present application further provides a storage medium, the storage medium is used for storing a computer program, and the computer program is loaded by a processor to execute any IoT device binding method provided in the embodiment of the present application.

Beneficial effect

In the embodiment of the present application, the first binding request for the IoT device is received from the client, and the client logs in with a user account; in response to the first binding request, the second cloud server that matches the IoT device is indicated, and the The first cloud server matched by the client performs identity verification; receives the first authorization authentication information returned by the second cloud server, and the first authorization authentication information is sent after the second cloud server passes the identity verification of the first cloud server; according to the The first authorization and authentication information sends second authorization and authentication information to the client, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second binding request is used to indicate The second cloud server generates token information for the user account, and binds the IoT device based on the token information. In this solution, the user account logged in at the client and the IoT device pass the token information, and there is no need to exchange user information. Binding is carried out under certain circumstances, which can realize that there is no need to exchange user information between the first cloud server and the second cloud server, and under the premise that there is no need to guarantee through business contracts, the Internet of Things devices will be bound, which improves the IoT The efficiency of networked device binding protects the user's information security.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained based on these drawings without any creative effort.

FIG. 1 is a scene diagram of an IoT device binding method provided in an embodiment of the present application;

Fig. 2 is a flow chart of the IoT device binding method provided by the embodiment of the present application;

Fig. 3 is another flow chart of the IoT device binding method provided by the embodiment of the present application;

Fig. 4 is another flow chart of the IoT device binding method provided by the embodiment of the present application;

FIG. 5 is a schematic diagram of an IoT device binding device provided in an embodiment of the present application;

Fig. 6 is another schematic diagram of the IoT device binding device provided by the embodiment of the present application;

FIG. 7 is a schematic structural diagram of a cloud server provided by an embodiment of the present application.

Embodiments of the present invention

The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts belong to the scope of protection of this application.

Embodiments of the present application provide a method, device, system, cloud server, and storage medium for binding IoT devices. The IoT device binding device can be integrated in computer devices such as cloud servers.

Among them, the cloud server can provide cloud service, cloud database, cloud computing, cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content distribution service (Content Delivery Network, CDN), and cloud servers for basic cloud computing services such as big data and artificial intelligence platforms, but it is not limited to this. The cloud server may be a first cloud server or a second cloud server.

Please refer to FIG. 1 . FIG. 1 is a schematic diagram of an application scenario of an IoT device binding method provided by an embodiment of the present application. The scenario may include a first cloud server, a second cloud server, a client, and an IoT device. After the user logs in the user account on the client, the client can send the first binding request for the IoT device to the first cloud server through the client; after receiving the first binding request, the first cloud server can carry the first cloud server A digital certificate issued by a third-party trust agency that is mutually trusted with the second cloud server requests identity verification from the second cloud server; the second cloud server authenticates the first cloud server based on the digital certificate, if the second cloud server If the identity verification of a cloud server passes, the first authorization authentication information is sent to the first cloud server; the first cloud server sends the second authorization authentication information to the client after receiving the first authorization authentication information; After the second authorization and authentication information, the second cloud server can be requested to generate token information for it; after the second cloud server generates the token information, it sends the token information to the client, and communicates the token information with the IoT device Binding: After the client receives the token information, it binds the token information with the user account logged in the client to realize the binding of the IoT device. When the user account logged on the client controls the IoT device through the client, the client sends a control command carrying token information to the second cloud server, because the second cloud server binds the IoT device according to the token information , so the second cloud server can determine the IoT device to be controlled according to the token information, and send the instruction to the corresponding IoT device.

Wherein, the first cloud server may be a private cloud server corresponding to the client, that is, the client and the first cloud server may belong to the same IoT system, and may establish a communication connection with the client and perform data interaction. The second cloud server may be a private cloud server corresponding to the IoT device, that is, the second cloud server and the IoT device may belong to the same IoT system, and may establish a communication connection with the IoT device and perform data interaction. Wherein, the first cloud server and the second cloud server may be cloud servers belonging to different IoT systems, for example, the first cloud server and the second cloud server are private cloud servers provided by different manufacturers.

Wherein, the client may include a browser application program (also referred to as a Web application), an application program on a terminal (also referred to as an APP), and a small program. The Internet of Things device may be a physical device that can be connected to the Internet of Things (IOT for short), such as a refrigerator, an air conditioner, a TV, a sweeping robot, and a smart speaker.

Among them, the Internet of Things can refer to real-time collection of any object or process that needs to be monitored, connected, or interacted through various devices and technologies such as information sensors, radio frequency identification technology, global positioning system, infrared sensors, or laser scanners. , to collect various required information such as sound, light, heat, electricity, mechanics, chemistry, biology, or location, and realize the ubiquitous connection between things and things, things and people through various possible network accesses, and realize the Intelligent perception, identification and management of items and processes. The Internet of Things is an information carrier based on the Internet and traditional telecommunication networks. It allows all ordinary physical objects that can be independently addressed to form an interconnected network.

In order to improve the efficiency and reliability of data processing by the first cloud server and the second cloud server, the first cloud server can be divided into a first device management unit and a first user management unit, etc., and the second cloud server can be divided into The second device management unit, the second user management unit, etc., each management unit can divide and cooperate to process data.

For example, the first cloud server may receive the first binding request for the IoT device initiated by the client through the first user management unit, and the first cloud server may respond to the first binding request through the first user management unit to the second When the second cloud server sends a verification request, the first cloud server may generate second authorization and authentication information based on the received first authorization and authentication information through the first user management unit and send the second authorization and authentication information to the client. The first cloud server may also receive the control instruction sent by the client through the first device management unit, and send the control instruction to the IoT device, so as to control the IoT device based on the control instruction, and so on.

The second cloud server can receive the verification request sent by the first cloud server through the second user management unit, and perform identity verification on the first cloud server based on the verification request. The first cloud server sends the first authorization and authentication information. The second cloud server may respond to the second binding request sent by the client through the second device management unit, generate token information for the user account logged in at the client, and bind the IoT device based on the token information. The second cloud server may also receive the control instruction sent by the first device management unit through the second device management unit, and control the IoT device based on the control instruction through the second device management unit, and so on.

In the above-mentioned embodiments, the descriptions of each embodiment have their own emphases. For the part that is not described in detail in a certain embodiment, please refer to the detailed description of the IoT device binding method below, and details will not be described here.

It should be noted that the schematic diagram of the application scenario of the IoT device binding method shown in Figure 1 is just an example, and the application and scenarios of the IoT device binding method described in the embodiment of this application are for the purpose of illustrating the embodiment of the application more clearly The technical solution does not constitute a limitation to the technical solution provided by the embodiment of this application. Those of ordinary skill in the art know that with the evolution of the application of the IoT device binding method and the emergence of new business scenarios, the technology provided by the embodiment of this application The scheme is also applicable to similar technical problems.

Each will be described in detail below. It should be noted that the description sequence of the following embodiments is not intended to limit the preferred sequence of the embodiments.

This embodiment will be described from the perspective of an apparatus for binding an Internet of Things device. The apparatus for binding an Internet of Things device may specifically be integrated in a cloud server, and the cloud server may be a first cloud server.

Please refer to FIG. 2 . FIG. 2 is a schematic flowchart of a method for binding IoT devices provided by an embodiment of the present application. The IoT device binding method may include:

101. The first cloud server receives a first binding request for an IoT device initiated by a client, and the client logs in with a user account.

Wherein, the first binding request may be a request sent by the client for requesting to bind the user account logged on the client with the IoT device.

Wherein, the user account is an account corresponding to the client, and the user account can be registered through the client in advance, and the first cloud server stores the user account and the information corresponding to the user account, for example, the user's age, gender or constellation information, and information such as operation records.

For example, it may specifically be that the first cloud server receives the first binding request for the IoT device triggered by operations such as clicking or sliding on the client. Optionally, the client may display a setting interface including a list of IoT devices, and the list of IoT devices may include one or more IoT devices. For example, the IoT device list includes IoT device A, IoT device B and IoT device C.

The user can select the IoT device to be bound in the setting interface. For example, when the user currently wants to bind the IoT device A, the user can click to select the IoT device A in the setting interface, from The client is triggered to generate a first binding request for the selected IoT device A.

Optionally, the client may also receive voice information or gesture information input by the user, and generate a first binding request for the selected IoT device. For example, the client obtains voice information or gesture information input by the user, identifies or confirms the voice information or gesture information, determines the IoT device that the user wants to bind, and then generates the first IoT device according to the selected IoT device. bind request.

The first cloud server receives the first binding request sent by the client. The specific type and content of the first binding request can be flexibly set according to actual needs, and are not specifically limited here.

102. In response to the first binding request, the first cloud server instructs a second cloud server that matches the IoT device, and performs identity verification on the first cloud server that matches the client.

In this application, after receiving the first binding request, the first cloud server determines the second cloud server corresponding to the IoT device according to the first binding request, and sends a request to the second cloud server to indicate the The second cloud server matched with the IoT device performs identity verification on the first cloud server.

Optionally, the verification request sent by the first cloud server to the first cloud server in response to the first binding request may carry information capable of proving the identity of the first cloud server, and a white list may be stored in the second cloud server. The list includes trusted objects, and the second cloud server compares the information carried in the request sent by the first cloud server with the white list to determine whether the first cloud server exists in the white list, so as to authenticate the first cloud server and improve security sex.

Optionally, the verification request sent by the first cloud server to the first cloud server in response to the first binding request may carry verification information of the first cloud server, and the second cloud server can perform identity verification on the first cloud server based on the verification information.

Wherein, the verification information may be information used by the second cloud server to verify the identity of the first cloud server, for example, the verification information may be unique identification information of the first cloud server, or a digital certificate issued by an identity authentication authority.

For example, the digital certificate may be a digital certificate issued to the first cloud server by an identity authentication authority trusted by both the first cloud server and the second cloud server after authenticating the first cloud server.

The first cloud server instructs the second cloud server to perform identity authentication on the first cloud server based on the digital certificate. Since the second cloud server also trusts the identity authentication authority, when the second cloud server receives the first digital certificate sent by the first cloud server, it can confirm the identity of the first cloud server according to the digital certificate, and complete the identification of the first cloud server. certified.

It should be noted that, in this application, the request sent by the first cloud server to the second cloud server may include, in addition to the above-mentioned verification information of the first cloud server, information related to the first cloud server that enables the second Other information that the cloud server performs identity authentication on the first cloud server, which is not limited in this application.

103. If the second cloud server passes the identity verification of the first cloud server, the first cloud server receives the first authorization authentication information returned by the second cloud server.

Wherein, the first authorization and authentication information may include information required for mutual authentication between the client and the second cloud server, for example, may include the protocol for mutual authentication between the client and the second cloud server, the version number of the protocol, and information based on The relevant information of the authorization page for authentication by the protocol, etc. In addition, the authorization authentication information may also include other information required for mutual authentication between the client and the second cloud server, which is not limited in this application.

In an embodiment, the first authorization authentication information may include the identity generated by the second cloud server for the first cloud server (such as ClientId@OAuth2), the Uniform Resource Locator (Uniform Resource Locator, URL) of the authorization page, and the protocol and version information. In addition, the authorization authentication information may also include other information required for mutual authentication between the client and the second cloud server, which is not limited in this application.

Wherein, the authorization page may be a webpage accessed through a URL, or a page displayed through a URL in an application (APP) corresponding to the second cloud server, or a page displayed through a URL in a small program corresponding to the second cloud server. redirected pages, etc.

In this application, after the second cloud server receives the request sent by the first cloud server and authenticates the first cloud server based on the request and passes the verification, the second cloud server sends the first authorization authentication information to the first cloud server .

For example, it may specifically be: if the first cloud server instructs the second cloud server to perform identity authentication, and if the identity authentication passes, it means that the first cloud server and the second cloud server trust each other, then the second cloud server sends the first cloud server The first authorization and authentication information is sent, and the first cloud server receives the first authorization and authentication information returned by the second cloud server.

For example, if the client and the second cloud server authenticate each other through OAuth2.0, the authorization authentication information received by the first cloud server from the second cloud server may include the OAuth protocol, the version of the OAuth protocol (for example, 2.0), and the authorization page access address (such as URL), etc.

104. Send second authorization and authentication information to the client according to the first authorization and authentication information, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second binding request is used to indicate the second The cloud server generates token information for the user account based on the second authorization and authentication information, and binds the IoT device based on the token information.

Wherein, the token information may be identification information representing an object having the authority to control the IoT device. For example, if a user account logged on to the client sends a control command to the IoT device based on the token information, the control command is important for the IoT device. As far as the device is concerned, it is legal and executable.

Wherein, binding may be a process of establishing an association relationship between the second cloud server and the IoT device and the user account logged in at the client, specifically, the identity of the IoT device in the second cloud server is identified as the serial number of the IoT device Take an example to illustrate: the second cloud server generates token information for the user account logged in on the client, and the object to send the request or instruction can be determined through the token information, and the second cloud server will log in the user account corresponding to the client. The license plate information is bound with the device serial number of the IoT device.

In this embodiment of the application, after the first cloud server receives the first authorization and authentication information sent by the second cloud server, it generates the second authorization and authentication information according to the first authorization and authentication information, and sends the second authorization and authentication information to the client .

In this embodiment of the present application, the second authorization and authentication information may include content of the first authorization and authentication information. Optionally, besides the content of the first authorization and authentication information, the second authorization and authentication information may also include other contents, for example, information about the first cloud server.

For example, the first authorization authentication information includes the identity of the first cloud server (such as ClientId@ OAuth2), the uniform resource locator (Uniform Resource Locator, URL) of the authorization page, and the protocol and version information, after the first cloud server receives the first authorization authentication information, it adds The callback address information callback_url of the first cloud server generates second authorization and authentication information, and sends the second authorization and authentication information to the client.

After receiving the second authorization and authentication information, the client sends a second binding request to the second cloud server after authenticating with the second cloud server through the second authorization and authentication information, requesting the second cloud server to , to generate token information for the user account logged in on the client. After the second cloud server generates token information for the user account logged in at the client, it binds the token information with the IoT device, specifically, it can bind the token information with the identity of the IoT device, and Card information is sent to the client. After receiving the token information sent by the second cloud server, the client binds the token information with the user account logged in the client, the second cloud server binds the token information with the IoT device, and the client Bind the user account with the token information to complete the binding process. The token information is used as an intermediate bridge for binding, so that the binding can be realized without interacting user information.

In one embodiment, when the user controls the Internet of Things through the client, the client sends a control instruction carrying token information to the second cloud server, and the second cloud server determines the Internet of Things device to be controlled by the user according to the token information, and Send control commands to IoT devices.

In another embodiment, after the second cloud server generates the token information for the user account logged in the client, the second cloud server sends the token information to the IoT device to be bound, and sends the token information to the client On the terminal, the client binds the user account with the token information to complete the binding process.

When the user controls the IoT device through the client, the client sends a control command carrying token information to the IoT device, and the IoT device judges whether the token information in the control command is consistent with the stored control command, and if they are consistent, execute If the control instruction is inconsistent, the control instruction will not be executed.

It is understandable that the second cloud server does not obtain the user account information logged in at the client. When the second cloud server authenticates the first cloud server, it uses the digital certificate of the first cloud server. After the verification is passed, the second cloud server The second cloud server will generate token information for the user account logged in on the client, and the client accesses the second cloud server through the token information. Therefore, during the binding process, the second cloud server and the IoT device do not obtain the information logged on the client. The relevant information of the user account and the user's information are not leaked, which improves the information security in the binding process.

In practical applications, the first cloud server and the second cloud server can be divided into units according to functions or purposes, etc., to balance the loads of the first cloud server and the second cloud server, and to increase the capacity of the first cloud server and the second cloud server. Response rate, that is, in an embodiment, the first cloud server may include a first device management unit, and the second cloud server may include a second device management unit. After the IoT device binding method binds the IoT device, specifically Can include:

receiving a control instruction sent by the client through the first device management unit;

The first device management unit sends the control command to the IoT device through the second device management unit, so as to control the IoT device based on the control command.

Wherein, the first device management unit may be a unit in the first cloud server that performs a specified function, for example, may perform a function of receiving a control instruction sent by a client.

Wherein, the second device management unit may be a unit designated to perform a specific function in the second cloud server, for example, may perform a function of sending a control command to an IoT device.

Wherein, the control instruction may be a code for the client to tell the IoT device to perform a specific operation.

For example, it may be specifically that the first cloud server receives the control instruction for the IoT device sent by the client through the first device management unit, and saves the control instruction in the database or the cache, and the first device management unit retrieves the information from the database or the cache. The control instruction is obtained from the cloud server, and the control instruction is sent to the second device management unit of the second cloud server, and the second device management unit sends the control instruction to the IoT device, so that the IoT device performs corresponding operations based on the control instruction.

In order to reduce the interaction of data and improve the response speed to the control command, the first cloud server directly sends the control command to the IoT device after receiving the control command, that is, in one embodiment, the first cloud server includes a first device management unit , after the IoT device binding method binds the IoT device, it can also specifically include:

The first device management unit sends the control instruction to the Internet of Things device, so as to control the Internet of Things device based on the control instruction.

For example, specifically, the first cloud server may receive the control instruction sent by the client through the first device management unit, and send the control instruction to the Internet of Things device through the first device management unit, so that the Internet of Things executes corresponding operations based on the control instruction. operate.

In an embodiment, the client may generate a control command in response to the user's operation, and directly send the control command to the IoT device, so that the IoT device performs a corresponding operation based on the control command.

As can be seen from the above, the embodiment of the present application can receive the first binding request for the IoT device initiated by the client, and the client has logged in with a user account; in response to the first binding request, indicate the second cloud that matches the IoT device. The server performs identity verification on the first cloud server that matches the client; receives the first authorization authentication information returned by the second cloud server, and the first authorization authentication information is sent after the second cloud server passes the identity verification of the first cloud server based on the first authorization and authentication information to send the second authorization and authentication information to the client, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second binding request is used to indicate the second The cloud server generates token information for the user account based on the second authorization and authentication information, and binds the IoT device based on the token information. This solution can bind the user account logged in the client to the IoT device under the premise that the first cloud server and the second cloud server do not need to exchange user information and do not need to be guaranteed by a business contract, which improves the Internet of Things. The efficiency of IoT device bonding.

On the basis of the above-mentioned embodiments, examples will be given below for further detailed description.

This embodiment will be described from the perspective of an apparatus for binding an Internet of Things device. The apparatus for binding an Internet of Things device may specifically be integrated in a cloud server, and the cloud server may be a second cloud server.

An IoT device binding method provided in an embodiment of the present application can be executed by a second cloud server. As shown in FIG. 3 , the specific process of the IoT device binding method can be as follows:

201. Receive a verification request sent by a first cloud server, where the verification request is sent by the first cloud server in response to a first binding request for an IoT device initiated by a client, and the client has a user account logged in.

Wherein, the first cloud server and the second cloud server may be the first cloud server mentioned in the foregoing embodiments. For example, the first cloud server and the second cloud server may be private cloud servers provided by different manufacturers.

Wherein, the verification request may be request information sent by the first cloud server for requesting the second cloud server to perform identity verification.

For example, it may specifically be: the first cloud server may generate a verification request in response to the binding request sent by the client for the IoT device, and send the verification request to the second cloud server. At this time, the second cloud server may receive the first The verification request sent by the cloud server.

202. Perform identity verification on the first cloud server based on the verification request.

For example, after receiving the verification request sent by the first cloud server, the first cloud server may perform identity verification on the first cloud server according to the information carried in the verification request. For example, the first cloud server may carry an identification, and the second cloud server may According to the identification, compare with the preset identification list, if the identification list includes the identification, then the verification of the first cloud server is passed, if the identification list does not include the identification, then the verification of the first cloud server fails .

In order to prevent the situation of obtaining the trust of the second cloud server by modifying the identification information and improve the security and reliability of identity verification, the verification request can also carry verification information, which can be used by the second cloud server to verify the first cloud server. The server identity information, for example, may be a digital certificate provided by a third-party trust agency, that is, in one embodiment, the step "receive the verification request sent by the first cloud server, and perform identity verification on the first cloud server based on the verification request", Specifically can include:

receiving a verification request sent by the first cloud server based on the binding request in response to the client, where the verification request carries verification information of the first cloud server;

Perform identity verification on the first cloud server based on the verification information.

Wherein, the verification information may be information used by the second cloud server to verify the identity of the first cloud server, for example, unique identification information of the first cloud server, or a digital certificate issued by an identity authentication authority.

For example, specifically, the user triggers sending a binding request to the first cloud server on the client side, and the first cloud server sends a verification request to the second cloud server in response to the request, and the verification request carries verification information.

After receiving the verification request, the second cloud server verifies the first cloud server according to the verification information carried in the request.

In an embodiment, the verification information may be a digital certificate issued to the first cloud server by an identity authentication authority trusted by both the first cloud server and the second cloud server after authenticating the first cloud server.

Since the second cloud server trusts the identity authentication authority, when the second cloud server receives the digital certificate, it can be determined according to the digital certificate that the first cloud server is trustworthy, that is, the second cloud server is trustworthy to the first cloud server. Verification passed.

203. If the identity verification passes, send first authorization and authentication information to the first cloud server, so that the first cloud server sends second authorization and authentication information to the client based on the first authorization and authentication information.

Wherein, the first authorization authentication information may be information required for mutual authentication between the client and the second cloud server, for example, the protocol for mutual authentication between the client and the second cloud server, the version number of the protocol, the Authorization page and other information.

Wherein, the second authorization authentication information may include the content of the first authorization authentication information. Optionally, the second authorization and authentication information may include other contents besides the content of the first authorization and authentication information, for example, information about the first cloud server.

For example, if the second cloud server passes the verification of the first cloud server, it may send the first authorization and authentication information to the first cloud server, so that the first cloud server adds own callback address information, generate the second authorization authentication information, and send the second authorization authentication information to the client.

204. In response to the second binding request sent by the client based on the second authorization and authentication information, generate token information for the user account, and bind the IoT device based on the token information.

For example, after the first cloud server sends the second authorization authentication information to the client, after the user account logged in on the client is authenticated with the second cloud server through the content contained in the second authorization authentication information, the second authorization authentication information is sent to the second cloud server. The second cloud server sends a second binding request.

The second cloud server responds to the second binding request sent by the terminal, generates token information for the user account logged on the client, and binds the token information to the IoT device requested by the client to be bound, specifically , which can be to bind the token information with the device identifier of the IoT device.

In an embodiment, the step of "generating token information for the user account in response to the second binding request sent by the client based on the second authorization and authentication information, and binding the IoT device based on the token information" can specifically be include:

Receiving the consent binding information fed back by the client based on the second authorization authentication information sent by the first cloud server;

Based on the agreed binding information, generate token information for the user account, and send the token information to the client, so that the client can bind the user account with the IoT device based on the token information;

Bind IoT devices based on token information.

Wherein, the consent binding information may be information indicating that the client agrees to bind with the IoT device, for example, the information indicating that the client agrees to bind with the IoT device is 1, indicating that the client does not agree to bind with the IoT device The binding information is 0, that is, if the user agrees to the binding, the consent binding information is 1.

For example, specifically, if the second cloud server passes the verification of the first cloud server, it sends the first authorization and authentication information to the first cloud server, and the first cloud server sends the second authorization and authentication information to the client based on the first authorization and authentication information. end, the client accesses the authorized webpage according to the URL of the authorized webpage in the second authorization authentication information, the user confirms the binding on the authorized webpage, and the client responds to the user's confirmation operation on the authorized webpage, and sends a consent to the second cloud server binding information.

The second cloud server can generate token information according to the agreed binding information, bind the token information with the IoT device requested by the client, and send the token information to the client, so that the client receives After obtaining the token information, bind the token information with the user account logged in on the client.

In an embodiment, the step of "binding the IoT device based on the token information" may specifically include:

Respond to the information acquisition request sent by the client carrying the token information, generate device binding information, and send the device binding information to the client;

If the information returned by the client matches the device binding information, the IoT device is bound based on the token information.

Wherein, the information acquisition request may be a request for requesting the second cloud server to generate device binding information.

Among them, the device binding information can be a device binding code, and the specific type and content of the device binding information can be flexibly set according to actual needs, which is not limited here. For example, the device binding information can be a string of numbers or strings.

For example, it may specifically be that the client carries the token information and initiates an information acquisition request for acquiring device binding information to the second cloud server, that is, requests the second cloud service to generate the device binding information.

The second cloud server can verify the identity of the object sending the information acquisition request according to the token information carried in the received information acquisition request, and if the verification is passed, generate corresponding device binding information and send the device binding information to the client end.

The user can view the device binding information through the client, and input the obtained device binding information on the user interface provided by the client, and the client responds to the user's input operation and returns the information entered by the user to the second cloud server. The second cloud server compares the information returned by the client with the device binding information generated by itself, and if the two are consistent, binds the token information with the IoT device requested by the client.

Optionally, in order to improve security, a validity period can be set for the device binding information. If the client sends the device binding information outside the validity period, the second cloud server will determine that the device binding information sent by the terminal is invalid information, which is not valid. Internet-connected devices are bound.

In an embodiment, the step of "sending token information to the client" may specifically include:

Obtain the callback address information of the first cloud server;

Based on the callback address information, the token information is sent to the first cloud server.

Wherein, the callback address information may be address information of the first cloud server, and is used to instruct the second cloud server to return token information based on the callback address information.

For example, it may specifically be that the first cloud server obtains the callback address information, and sends the callback address information and the first authorization authentication information to the client, so that the client accesses the authorization page according to the received second authorization authentication information. A confirmation control can be included, and the confirmation control can be used for user operation to confirm the binding. The client responds to the user's operation on the confirmation control on the authorization page, such as clicking and other operations to trigger the control, and sends the consent binding information to the second cloud server , and send callback address information.

The second cloud server sends the token information to the first cloud server according to the callback address information.

In practical applications, the first cloud server and the second cloud server can be divided into units according to functions or purposes, etc., to balance the loads of the first cloud server and the second cloud server, and to increase the capacity of the first cloud server and the second cloud server. Response rate, that is, in an embodiment, the first cloud server may include a first device management unit, and after binding the IoT device, the IoT device binding method may specifically include:

receiving a control instruction sent by the first device management unit;

IoT devices are controlled based on control commands.

Wherein, the first device management unit may be a unit in the first cloud server that performs a specified function, for example, may perform a function of sending a control command sent by the client to the second cloud server.

For example, it may specifically be that the second cloud server receives the control instruction sent by the first device management unit of the first cloud server, and sends the control instruction to the IoT device, so that the IoT device performs a corresponding operation based on the received control instruction .

Optionally, the second cloud server may include a second device management unit, and the second device management unit may be a unit designated to perform a specific function in the second cloud server, for example, it may receive the first device management of the first cloud server The control command sent by the unit is the function of sending the control command to the IoT device to control the IoT device.

For example, specifically, the second cloud server may receive the control instruction sent by the first device management unit of the first cloud server through the second device management unit, and send the control instruction to the IoT device through the second device management unit, so that the IoT Networked devices perform corresponding operations based on the received control instructions.

In the above-mentioned embodiments, the descriptions of each embodiment have their own emphases. For the part not described in detail in a certain embodiment, please refer to the detailed description of the binding method for IoT devices above, and will not be repeated here.

As can be seen from the above, the embodiment of the present application receives the verification request sent by the first cloud server, and the verification request is sent by the first cloud server in response to the first binding request sent by the client, and the client has a user account logged in; The first cloud server performs identity verification; if the identity verification is passed, the first authorization authentication information is sent to the first cloud server, so that the first cloud server generates second authorization authentication information based on the first authorization authentication information, and the second authorization The authentication information is sent to the client; in response to the second binding request sent by the client based on the second authorization and authentication information, token information is generated for the user account, and the IoT device is bound based on the token information. This solution can realize the binding of IoT devices on the premise that the first cloud server and the second cloud server do not need to exchange user information and do not need to be guaranteed by business contracts, which improves the binding efficiency of IoT devices. efficiency.

This embodiment will be described from the perspective of the IoT device binding system, wherein the IoT device binding system includes a first cloud server, a second cloud server, a client that matches the first cloud server, and a client that matches the second cloud server. The IoT device matched by the server, where,

The client may be used to send the first binding request for the IoT device to the first cloud server.

The first cloud server may be configured to, in response to the binding request, send a verification request to the second cloud server, where the verification request carries verification information of the first cloud server, and the client is logged in with a user account.

The second cloud server may be used to authenticate the first cloud server based on the verification information.

The second cloud server may be configured to, if the identity verification is passed, return the first authorization authentication information to the first cloud server.

The first cloud server may be configured to send second authorization and authentication information to the client based on the first authorization and authentication information.

The client may be configured to send a second binding request to the second cloud server based on the second authorization and authentication information.

The second cloud server may be configured to, in response to the second binding request, generate token information for the user account logged in the client based on the authorization and authentication information, and send the token information to the client.

The second cloud server can be used to bind the IoT device based on the token information;

The client can be used to bind the user account with the IoT device based on the token information.

The meanings of the nouns are the same as those in the above-mentioned IoT device binding method, and for specific implementation details, refer to the detailed description in the above-mentioned embodiment of the IoT device binding method.

Specifically, based on the above IoT device binding system, an embodiment of the present application may provide a method for binding an IoT device, as shown in FIG. 4 , the specific process of the IoT device binding method may be as follows:

301. The client establishes a connection with the IoT device.

For example, it can be specifically that the IoT device is in the network distribution state, the client can search for the IoT device, configure with the IoT device, and the IoT device verifies the client, for example, the client sends the first number to the IoT device Certificate, the first digital certificate can be the first digital certificate granted to the client by a third-party certification body trusted by both the IoT device and the client. Since the IoT device trusts the third-party certification body, when the first digital certificate sent by the client is received The certificate can confirm the identity of the client and complete mutual authentication.

For another example, the client sends authentication information to the IoT device. The authentication information can be the identification information of the IoT device, such as a pin code (Personal identification number, PIN for short), or a key. The authentication information sent by the client is compared, and if they are consistent, the authentication of the client is completed, and the client establishes a connection with the IoT device.

The Internet of Things device can send the information required for binding to the client, for example, the identity of the client is required, and the client can use the second cloud server in the first authorization and authentication information as the first cloud server during the subsequent binding process. Identity (ClientId@ OAuth2), sent to the IoT device as its own identity.

Optionally, when the client discovers the IoT device, it may display a connection page, which is for the user to perform a confirmation operation to confirm the connection, and the client responds to the user's confirmation operation on the connection page to configure with the IoT device.

Wherein, the network distribution state may be a state in which the IoT device is waiting to be associated with the client.

Among them, the network distribution method for client and IoT device configuration can be broadcast packet method, multicast address method, device hotspot distribution network, Bluetooth distribution network, mobile phone hotspot distribution network, and router distribution network, etc. Different distribution network methods Determines the communication method between the IoT device and the associated client. For example, the client and the IoT device are configured through a router network configuration, and the communication between the client and the IoT is realized through a LAN.

302. The client sends a first binding request to the first user management unit of the first cloud server.

For example, specifically, the client may initiate a first binding request to the first user management unit of the first cloud server.

303. The first user management unit of the first cloud server sends an identity verification request to the second user management unit of the second cloud server in response to the first binding request of the client.

For example, after receiving the first binding request sent by the client, the first user management unit of the first cloud server may initiate an identity verification request to the second user management unit of the second cloud server to communicate with the second cloud server Mutual authentication.

For example, the identity verification request sent by the first cloud server may carry a second digital certificate, wherein the second digital certificate may be a third-party certification authority trusted by both the first cloud server and the second cloud server, and granted to the first cloud server. digital certificate.

304. The second user management unit of the second cloud server performs identity verification on the first cloud server.

For example, it may specifically be that the second user management unit of the second cloud server performs identity verification on the first cloud server through the second digital certificate sent by the first user management unit of the first cloud server. If it is granted by a trusted third-party organization, the verification of the first cloud server is passed. If the second digital certificate is not granted by a mutually trusted third-party organization, the verification of the first cloud server fails.

305. If the verification passes, the second user management unit of the second cloud server returns the first authorization and authentication information to the first user management unit of the first cloud server.

If the second cloud server passes the verification of the first cloud server, it will return the first authorization authentication information to the first user management unit of the first cloud server, and the first authorization authentication information may include the interaction between the client and the second cloud server. The authentication protocol, the version number of the protocol, the relevant information of the authorization page that provides mutual authentication, etc. For example, if the client and the second cloud server perform mutual authentication through OAuth2.0, then the first cloud server receives the identity and authorization information generated by the second cloud server for the first cloud server returned by the second cloud server. agreement, and version 2.0, the access address of the authorization page, etc.

If the authentication fails, the second cloud server does not return authorization authentication information to the first cloud server, and the second cloud server may also send a prompt message that the identity authentication fails to pass to the client.

306. The first user management unit of the first cloud server sends the first authorization authentication information and callback address information to the client.

For example, it may specifically be that the first user management unit of the first cloud server acquires callback address information of the first cloud server, and sends the first authorization authentication information and callback address information to the client.

307. The client accesses the authorization page according to the first authorization authentication information.

For example, it may specifically be that the client accesses the authorization page according to the access address (URL) of the authorization page in the first authorization authentication information, such as accessing the authorization page pointed to by the URL through a browser, or jumping to the corresponding URL of the second cloud server according to the URL. The authorization page in the app, or jump to the authorization page in the applet corresponding to the second cloud server according to the URL.

The user can enter the account password on the authorization page. The account password can be the account and password applied by the user for the second cloud server. By entering the account and password, the user indicates that the user account logged in at the client is authorized to access the specified information of the first cloud server. After verifying the account number and password, the second cloud server generates token information for the user account logged in at the client.

Optionally, before binding the user account logged in on the client (for the sake of distinction, hereinafter referred to as the first user account) to the IoT device, the IoT device can first be bound to the user account registered by the user on the second cloud server. account (the user account is the account entered by the user on the authorization page, for the sake of distinction, hereinafter referred to as the second user account) for binding, when the first user account logged in on the client sends instructions to the IoT device, the IoT device can Synchronize the command to the corresponding data of the second user account in the second cloud server. Specifically, you can first bind the second user account with the IoT device, and then bind the first user account with the IoT device. Realize that even if the IoT device is controlled by a user account of a different IoT system, the second cloud server can obtain the information of the IoT device being controlled, and the staff of the manufacturer corresponding to the second cloud server can obtain the control status of the IoT device in time , Prevent attacks on IoT devices in time, and improve the security of IoT devices.

308. The client responds to the user's confirmation operation on the authorization page, and generates an information acquisition request.

For example, after the user enters the second user account and the password of the second user account in the authorization page, the user performs a confirmation operation on the confirmation control, such as clicking the confirmation control, and the terminal responds to the user's confirmation operation on the authorization page to obtain the user's password. The input second user account and password send a request to the second device management unit, and the second device management unit returns a temporary token to the client in response to the request after the second device management unit has verified the second user account and password. It can be a code. After the client receives the code, it obtains the token information from the second device management unit based on the code and the callback address information. The token information can be a token, and the second user management unit of the second cloud server generates it based on the temporary token. Token information, and send the token information to the client based on the address indicated by the callback address information.

The client generates an information acquisition request based on the token information, and the information acquisition request carries the token information.

309. The client sends an information acquisition request to the second device management unit.

For example, it may specifically be that the client carries the token information and sends an information acquisition request to the second device management unit.

310. The second device management unit of the second cloud server sends device binding information to the client in response to the information acquisition request.

For example, specifically, the client may initiate a request to the second device management unit of the second cloud server to obtain device binding information based on the token information, that is, request the second device management unit to generate the device binding information. The second device management unit checks whether the token information is valid, and if it is valid, generates device binding information and sends the device binding information to the client.

311. The client sends device binding information to the IoT device.

For example, after receiving the device binding information, the client may display the device binding information and display a user interface for inputting information based on the received device binding information. Entered information, and send the information to the IoT device.

312. The IoT device sends device binding information to the second device management unit of the second cloud server.

For example, it may specifically be that the IoT device sends the information input by the user sent by the client to the second device management unit of the second cloud server.

313. The second device management unit of the second cloud server binds the IoT device.

For example, it may specifically be that the second device management unit compares the information input by the user sent by the IoT device with the generated device binding information, and if the information sent by the IoT device is consistent with the generated device binding information, then the second The cloud server will bind the token information generated by the first user account logged in the client with the IoT device.

Optionally, after the second cloud server binds the token information with the IoT device, it returns a prompt message indicating that the binding is successful to the client. It is understandable that the first user account logged in to the client uses the token information as an intermediate bridge to realize the binding with the IoT device, and through the binding relationship between the first user account-token information and token Information-Internet of Things device, realizes the indirect binding of the first user account and the Internet of Things device.

Optionally, in order to improve security, a valid period can be set for the token information. When the token information expires, the user can bind the IoT device again through the above method, and the second cloud server and the client will update the binding accordingly. relation.

Optionally, each time the user accesses the second cloud server or controls the IoT device through the token information, the validity period of the token information can be updated. For example, if the user does not access the second cloud server for 48 consecutive hours, the token The information expires, and when the user visits within 48 hours, the validity period will be updated to 48 hours again.

314. The client generates a control instruction in response to the user's control operation.

For example, it may specifically be that the user performs a control operation on the IoT device in the display page of the client, and the client responds to the user's control operation and generates a control command carrying token information corresponding to the user account logged in on the client. For example, when the IoT device is an air conditioner, the adjustment operation of the air conditioner's temperature, operation mode, and wind speed input by the user can be received in the display page of the client for air conditioner control, and the carrying token can be generated based on the adjustment operation. information control instructions. For another example, when the Internet of Things device is a TV, it can receive user-input adjustment operations for operating parameters such as volume, program switching, and brightness of the TV in the display page for TV control on the client, and carry and log in based on the adjustment operations. The generation control instruction of the token information corresponding to the user account of the client.

315. The client sends the control instruction to the second device management unit of the second cloud server.

For example, it may specifically be that the client sends the control instruction to the second device management unit of the second cloud server.

316. The second device management unit of the second cloud server sends the control instruction to the IoT device.

For example, specifically, the second device management unit may determine the IoT device to be controlled by the control command according to the token information carried in the control command and the binding relationship between the token information and the IoT device, and send the control command to the corresponding IoT devices.

317. The IoT device performs a corresponding operation according to the received control instruction.

For example, it may specifically be that the IoT device executes corresponding operations according to the received control instructions.

For example, when the IoT device is an air conditioner, the air conditioner may adjust the temperature according to the received temperature adjustment instruction (ie, control instruction). For another example, when the Internet of Things device is a TV, the TV can adjust the volume according to the received volume adjustment command (that is, the control command).

As can be seen from the above, in the embodiment of this application, the client establishes a connection with the IoT device, the client can send a binding request to the first user management unit of the first cloud server, and the first user management unit of the first cloud server responds to the client The first binding request of the terminal sends an identity verification request to the second user management unit of the second cloud server, and the second user management unit of the second cloud server performs identity verification on the first cloud server. If the verification is passed, the second cloud The second user management unit of the server returns the first authorization authentication information to the first user management unit of the first cloud server, and the first user management unit of the first cloud server sends the first authorization authentication information and callback address information to the client, The client accesses the authorization page according to the first authorization authentication information, and based on the confirmation operation for the authorization page, the client sends an information acquisition request to the second device management unit, and the second device management unit of the second cloud server responds to the information acquisition request, Send the device binding information to the client, the client sends the device binding information to the IoT device , the IoT device sends the device binding information to the second device management unit of the second cloud server, and the second The device management unit binds the IoT device, the client responds to the user's control operation and generates a control command, and the client sends the control command to the first device management unit of the first cloud server, and the first device management unit of the first cloud server The unit sends the control command to the second device management unit of the second cloud server, and the second device management unit of the second cloud server sends the control command to the IoT device, and the IoT device performs corresponding operations according to the received control command. This solution can realize that the first cloud server and the second cloud server do not need to exchange user information, and under the premise of not needing to guarantee through business contracts, IoT devices will be bound, which not only ensures the security of user privacy , and improve the efficiency of IoT device binding, and improve the security of data interaction.

In order to facilitate better implementation of the IoT device binding method provided in the embodiment of the present application, an IoT device binding device is also provided in an embodiment. The meanings of the nouns are the same as those in the above IoT device binding method, and for specific implementation details, please refer to the description in the method embodiments.

The IoT device binding device may specifically be integrated in a cloud server, and the cloud server may be a first cloud server. As shown in FIG. 5 , the IoT device binding device may include: a first receiving module 401, a response module 402 , the second receiving module 403 and the first binding module 404, etc., specifically as follows:

The first receiving module 401: for receiving the first binding request for the IoT device initiated by the client, where the client is logged in with a user account.

Response module 402: for responding to the first binding request, indicating the second cloud server matching the IoT device, and performing identity verification on the first cloud server matching the client.

Optionally, the response module 402 may include a sending submodule and an indication submodule, specifically:

Sending sub-module: used to send a verification request to the second cloud server in response to the first binding request, where the verification request carries verification information of the first cloud server that matches the client.

Instructing submodule: used to instruct the second cloud server according to the verification request, and perform identity verification on the first cloud server based on the verification information.

The second receiving module 403 is used to receive the first authorization and authentication information returned by the second cloud server. The first authorization and authentication information is sent after the identity verification of the first cloud server by the second cloud server is passed.

The first binding module 404: used to send the second authorization and authentication information to the client according to the first authorization and authentication information, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second binding The predetermined request is used to instruct the second cloud server to generate token information for the user account, and to bind the IoT device based on the token information.

Optionally, the first binding module 404 may include an acquisition submodule and a sending submodule, specifically:

Obtaining submodules: used to obtain callback address information.

A generating module: used to generate second authorization and authentication information based on the first authorization and authentication information;

An information generating module: used to generate second authorization and authentication information based on the first authorization and authentication information and callback address information;

Sending sub-module: used to send the second authorization and authentication information to the client, and the callback address information is used to instruct the second cloud server to return the token information.

Optionally, the IoT device binding device may include a fourth receiving module and a second sending module, specifically:

The fourth receiving module: used for receiving the control instruction sent by the client through the first device management unit.

The second receiving module: used for sending the control command to the IoT device through the second device management unit through the first device management unit, so as to control the IoT device based on the control command.

Optionally, the IoT device binding device may include a fifth receiving module and a third sending module, specifically:

The fifth receiving module: used for receiving the control instruction sent by the client through the first device management unit.

The third receiving module: used for sending the control command to the IoT device through the first device management unit, so as to control the IoT device based on the control command.

As can be seen from the above, the embodiment of the present application receives the first binding request for the Internet of Things device initiated by the client through the first receiving module 401, and the client has logged in with a user account; responds to the first binding request through the response module 402, indicating The second cloud server matching the IoT device performs identity verification on the first cloud server matching the client; the second receiving module 403 receives the first authorization authentication information returned by the second cloud server; through the first binding module 404 Based on the first authorization and authentication information, send second authorization and authentication information to the client, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second binding request is used to indicate that the second cloud The server generates token information for the user account, and binds the IoT device based on the token. This solution can realize that there is no need to exchange user information between the first cloud server and the second cloud server, and there is no need to guarantee through business contracts Under the premise, the IoT devices will be bound, improving the efficiency of IoT device binding.

The IoT device binding device can specifically be integrated in a cloud server, and the cloud server can be a second cloud server. As shown in FIG. 6 , the IoT device binding device can include: a third receiving module 501, a verification module 502 , the sending module 503 and the second binding module 504, etc., the details may be as follows:

The third receiving module 501: used to receive the verification request sent by the first cloud server, the verification request is sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, and the client has a user account logged in.

Verification module 502: configured to perform identity verification on the first cloud server based on the verification request.

Optionally, the verification module 502 may include a sending submodule and a verification submodule, specifically:

Sending sub-module: used to receive a verification request sent by the first cloud server based on the response to the first binding request of the client, where the verification request carries verification information of the first cloud server.

Verification sub-module: used for authenticating the first cloud server based on the verification information.

Sending module 503: configured to send first authorization and authentication information to the first cloud server if identity verification is passed, so that the first cloud server will send second authorization and authentication information to the sending client based on the first authorization and authentication information.

The second binding module 504 is configured to generate token information for the user account in response to the request sent by the client based on the second authorization and authentication information, and bind the IoT device based on the token information.

Optionally, the second binding module 504 may include a receiving submodule and a generating submodule, specifically:

The receiving sub-module is used to receive the consent binding information fed back by the client based on the second authorization and authentication information sent by the first cloud server.

Generation sub-module: used to generate token information for the user account based on the consent binding information, and send the token information to the client, so that the client can bind the user account with the IoT device based on the token information;

Bind IoT devices based on token information.

Optionally, the generation sub-module is specifically used to: respond to the information acquisition request sent by the client carrying the token information, generate device binding information, and send the device binding information to the client;

Optionally, generate submodules specifically for:

Get the callback address information of the first cloud server.

Based on the callback address information, the token information is sent to the first cloud server, so that the first cloud server sends the token information to the client.

Optionally, the IoT device binding device may include a sixth receiving module and a control module, specifically:

The sixth receiving module: used for receiving the control instruction sent by the first device management unit.

Control module: used to control IoT devices based on control commands.

As can be seen from the above, the embodiment of the present application receives the verification request sent by the first cloud server through the third receiving module 501; through the verification module 502, the first cloud server is authenticated based on the verification request; if the identity verification passes, the sending module 503 Send the first authorization authentication information to the first cloud server, so that the first cloud server sends the second authorization authentication information to the client based on the first authorization authentication information; through the second binding module 504, respond to the client based on the second authorization authentication The second binding request sent by the information generates token information for the user account, and binds the IoT device based on the token information. This solution can realize the binding of IoT devices on the premise that the first cloud server and the second cloud server do not need to exchange user information and do not need to be guaranteed by business contracts, which improves the binding efficiency of IoT devices. efficiency.

The embodiment of the present application also provides a cloud server, which can be a first cloud server or a second cloud server, etc., as shown in FIG. 7 , which shows a schematic structural diagram of the cloud server involved in the embodiment of the present application. Specifically:

The cloud server may include a processor 1001 of one or more processing cores, a memory 1002 of one or more computer-readable storage media (also referred to as storage media), a power supply 1003, an input unit 1004 and other components. Those skilled in the art can understand that the cloud server structure shown in FIG. 7 does not constitute a limitation to the cloud server, and may include more or less components than those shown in the figure, or combine some components, or arrange different components. in:

The processor 1001 is the control center of the cloud server. It uses various interfaces and lines to connect various parts of the entire cloud server, and runs or executes software programs and/or modules stored in the memory 1002, and calls stored in the memory 1002. Data, perform various functions of the cloud server and process data, so as to monitor the cloud server as a whole. Optionally, the processor 1001 may include one or more processing cores; preferably, the processor 1001 may integrate an application processor and a modem processor, wherein the application processor mainly processes operating systems, user interfaces, and computer programs, etc. , the modem processor mainly handles wireless communications. It can be understood that the foregoing modem processor may not be integrated into the processor 1001 .

The memory 1002 can be used to store software programs and modules, and the processor 1001 executes various functional applications and data processing by running the software programs and modules stored in the memory 1002 . The memory 1002 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, a computer program required by at least one function (such as a sound playback function, an image playback function, etc.); Data, etc. created by the use of cloud servers. In addition, the memory 1002 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage devices. Correspondingly, the memory 1002 may further include a memory controller to provide the processor 1001 with access to the memory 1002 .

The cloud server also includes a power supply 1003 for supplying power to various components. Preferably, the power supply 1003 can be logically connected to the processor 1001 through the power management system, so that functions such as charging, discharging, and power consumption management can be realized through the power management system. The power supply 1003 may also include one or more DC or AC power supplies, recharging systems, power failure detection circuits, power converters or inverters, power status indicators and other arbitrary components.

The cloud server can also include an input unit 1004, which can be used to receive input numbers or character information, and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control.

Although not shown, the cloud server may also include a display unit, etc., which will not be repeated here. Specifically, in this embodiment, the processor 1001 in the cloud server will load one or more executable files corresponding to the process of the computer program into the memory 1002 according to the following instructions, and the processor 1001 will run the executable file stored in the The computer program in memory 1002, thereby realizes various functions, as follows:

When the cloud server is the first cloud server, it can receive the first binding request for the Internet of Things device initiated by the client; in response to the first binding request, indicate the second cloud server that matches the Internet of Things device; The first cloud server matched with the terminal performs identity verification; receives the first authorization authentication information returned by the second cloud server, and the first authorization authentication information is sent after the second cloud server passes the identity verification of the first cloud server; according to the first The authorization authentication information sends second authorization authentication information to the client, so that the client sends a second binding request to the second cloud server based on the second authorization authentication information, and the second binding request is used to indicate that the second cloud server is a user account Generate token information and bind IoT devices based on the token information.

And, when the cloud server is the second cloud server, it can receive the verification request sent by the first cloud server, the verification request is sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, and the client Log in with a user account; based on the verification request, the first cloud server is authenticated; if the identity verification is passed, then the first authorization authentication information is sent to the first cloud server, so that the first cloud server will send the client based on the first authorization authentication information The terminal sends the second authorization and authentication information; in response to the second binding request sent by the client based on the second authorization and authentication information, generates token information for the user account, and binds the IoT device based on the token information.

According to an aspect of the present application there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the cloud server reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the cloud server executes the methods provided in various optional implementation manners in the foregoing embodiments.

Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by a computer program, or by controlling related hardware through a computer program, and the computer program can be stored in a computer-readable storage media and is loaded and executed by the processor.

To this end, an embodiment of the present application provides a storage medium, in which a computer program is stored, and the computer program can be loaded by a processor to execute any IoT device binding method provided in the embodiment of the present application.

For the specific implementation of the above operations, reference may be made to the foregoing embodiments, and details are not repeated here.

Wherein, the storage medium may include: a read only memory (ROM, ReadOnlyMemory), a random access memory (RAM, RandomAccessMemory), a magnetic disk or an optical disk, and the like.

Since the computer program stored in the storage medium can execute the steps in any IoT device binding method provided in the embodiments of the present application, therefore, any IoT device provided in the embodiments of the present application can be realized For the beneficial effects that can be achieved by the binding method, refer to the previous embodiments for details, and will not be repeated here.

The above is a detailed introduction to the IoT device binding method, device, system, cloud server and storage medium provided by the embodiment of the present application. In this paper, specific examples are used to illustrate the principle and implementation of the present application. The above The description of the embodiments is only used to help understand the method of the present application and its core idea; meanwhile, for those skilled in the art, according to the thought of the application, there will be changes in the specific implementation and scope of application. In summary As stated above, the content of this specification should not be construed as limiting the application.

Claims

A method for binding an Internet of Things device, including:

receiving a first binding request for an IoT device initiated by a client, the client logging in with a user account;

Responding to the first binding request, indicating a second cloud server matching the IoT device, and performing identity verification on the first cloud server matching the client;

receiving the first authorization authentication information returned by the second cloud server, where the first authorization authentication information is sent after the identity verification of the first cloud server by the second cloud server;

Send second authorization and authentication information to the client according to the first authorization and authentication information, so that the client sends a second binding request to the second cloud server based on the second authorization and authentication information, and the second The binding request is used to instruct the second cloud server to generate token information for the user account, and bind the IoT device based on the token information.
The IoT device binding method according to claim 1, wherein, in response to the first binding request, indicating a second cloud server that matches the IoT device, and for a second cloud server that matches the client The first cloud server performs identity verification, including:

In response to the first binding request, send a verification request to the second cloud server, where the verification request carries verification information of the first cloud server that matches the client;

Instructing the second cloud server according to the verification request to perform identity verification on the first cloud server based on the verification information.
The IoT device binding method according to claim 1, wherein the sending the second authorization authentication information to the client according to the first authorization authentication information comprises:

Obtain callback address information;

generating the second authorization and authentication information based on the first authorization and authentication information and the callback address information;

Send the second authorization and authentication information to the client, and the callback address information is used to instruct the second cloud server to return token information to the client.
The IoT device binding method according to claim 1, wherein the first cloud server includes a first device management unit, the second cloud server includes a second device management unit, and the method further includes:

receiving a control instruction sent by the client through the first device management unit;

The first device management unit sends the control instruction to the Internet of Things device through the second device management unit, so as to control the Internet of Things device based on the control instruction.
The IoT device binding method according to claim 1, wherein the first cloud server includes a first device management unit, and the method further includes:

receiving a control instruction sent by the client through the first device management unit;

The first device management unit sends the control instruction to the Internet of Things device, so as to control the Internet of Things device based on the control instruction.
The IoT device binding method according to claim 1, wherein the first authorization and authentication information includes information required for mutual authentication between the client and the second cloud server, and information required for the mutual authentication The information includes protocol information, protocol version information, and information about the authorization page for authentication based on the protocol.
A method for binding an Internet of Things device, including:

Receive a verification request sent by the first cloud server, where the verification request is sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, and the client has a user account logged in;

performing identity verification on the first cloud server based on the verification request;

If the identity verification is passed, sending first authorization authentication information to the first cloud server, so that the first cloud server will send second authorization authentication information to the client based on the first authorization authentication information;

In response to the second binding request sent by the client based on the second authorization and authentication information, generate token information for the user account, and bind the IoT device based on the token information.
The IoT device binding method according to claim 7, wherein said receiving the verification request sent by the first cloud server, and performing identity verification on the first cloud server based on the verification request comprises:

receiving a verification request sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, where the verification request carries verification information of the first cloud server;

Perform identity verification on the first cloud server based on the verification information.
The IoT device binding method according to claim 7, wherein in response to the second binding request sent by the client based on the second authorization and authentication information, generating token information for the user account, And bind the IoT device based on the token information, including:

receiving the consent binding information fed back by the client based on the second authorization and authentication information sent by the first cloud server;

Based on the consent binding information, generate token information for the user account, and send the token information to the client, so that the client associates the user account with the token information based on the token information The IoT device is bound;

Binding the IoT device based on the token information.
The IoT device binding method according to claim 9, wherein said binding said IoT device based on said token information comprises:

Responding to the information acquisition request sent by the client carrying the token information, generating device binding information, and sending the device binding information to the client;

If the information returned by the client matches the device binding information, the IoT device is bound based on the token information.
The IoT device binding method according to claim 10, wherein said generating device binding information in response to the information acquisition request sent by the client carrying the token information includes:

Verifying the identity of the object sending the information acquisition request according to the token information carried in the received information acquisition request;

If the verification is passed, device binding information is generated.
The IoT device binding method according to claim 10, wherein said sending said token information to said client comprises:

Obtain callback address information of the first cloud server;

Based on the callback address information, send token information to the first cloud server, so that the first cloud server sends the token information to the client.
The IoT device binding method according to claim 7, wherein the first cloud server includes a first device management unit, and the method further includes:

receiving a control instruction sent by the first device management unit;

The Internet of Things device is controlled based on the control instruction.
A device binding device for the Internet of Things, including:

The first receiving module is configured to receive a first binding request for an IoT device initiated by a client, the client logging in with a user account;

A response module, configured to, in response to the first binding request, indicate a second cloud server matching the IoT device, and perform identity verification on the first cloud server matching the client;

The second receiving module is configured to receive the first authorization and authentication information returned by the second cloud server, the first authorization and authentication information is sent after the second cloud server passes the identity verification of the first cloud server ;

The first binding module is configured to send second authorization and authentication information to the client according to the first authorization and authentication information, so that the client sends the second authorization and authentication information to the second cloud server based on the second authorization and authentication information. A binding request, the second binding request is used to instruct the second cloud server to generate token information for the user account, and bind the IoT device based on the token information.
A device binding device for the Internet of Things, including:

The third receiving module is configured to receive the verification request sent by the first cloud server, the verification request is sent by the first cloud server in response to the first binding request for the IoT device initiated by the client, the client Log in with a user account;

a verification module, configured to perform identity verification on the first cloud server based on the verification request;

A sending module, configured to send first authorization and authentication information to the first cloud server if the identity verification is passed, so that the first cloud server sends a second authorization to the client based on the first authorization and authentication information Certification Information;

The second binding module is configured to generate token information for the user account in response to the second binding request sent by the client based on the authorization and authentication information, and perform an authentication on the Internet of Things based on the token information The device is bound.
An IoT device binding system, wherein the IoT device binding system includes a first cloud server, a second cloud server, a client that matches the first cloud server, and a client that matches the second cloud server Matching IoT devices, where,

The client is configured to send a first binding request for the IoT device to the first cloud server, and the client is logged in with a user account;

The first cloud server is configured to, in response to the first binding request, send a verification request to the second cloud server, where the verification request carries verification information of the first cloud server;

The second cloud server is configured to perform identity verification on the first cloud server based on the verification information;

The second cloud server is configured to return first authorization and authentication information to the first cloud server if the identity verification is passed;

The first cloud server is configured to send second authorization and authentication information to the client based on the first authorization and authentication information;

The client is configured to send a second binding request to the second cloud server based on the second authorization and authentication information;

The second cloud server is configured to, in response to the second binding request, generate token information for the user account logged in on the client based on the second authorization and authentication information, and send the token information to the the client;

The second cloud server is configured to bind the IoT device based on the token information;

The client is configured to bind the user account with the IoT device based on the token information.
The IoT device binding system according to claim 16, wherein the client and the first cloud server belong to the same IoT system.
The IoT device binding system according to claim 16, wherein the IoT device and the second cloud server belong to the same IoT system.
A cloud server, which includes a processor and a memory, and a computer program is stored in the memory, and when the processor invokes the computer program in the memory, it executes the object described in any one of claims 1 to 6 A method for binding an Internet-connected device, or performing the method for binding an Internet-of-things device according to any one of claims 7 to 13.
A storage medium, wherein the storage medium is used to store a computer program, and the computer program is loaded by a processor to execute the IoT device binding method according to any one of claims 1 to 6, or to execute the method as described in The IoT device binding method according to any one of claims 7 to 13.