CN115622723A - Device access control method and device, electronic device and storage medium - Google Patents
Device access control method and device, electronic device and storage medium Download PDFInfo
- Publication number
- CN115622723A CN115622723A CN202110806362.XA CN202110806362A CN115622723A CN 115622723 A CN115622723 A CN 115622723A CN 202110806362 A CN202110806362 A CN 202110806362A CN 115622723 A CN115622723 A CN 115622723A
- Authority
- CN
- China
- Prior art keywords
- access
- controlled device
- access control
- capability
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
Description
技术领域technical field
本发明涉及物联网技术领域,尤其涉及一种设备访问控制方法及装置、电子设备及存储介质。The present invention relates to the technical field of the Internet of Things, in particular to a device access control method and device, electronic equipment and a storage medium.
背景技术Background technique
现有技术中,智能设备的访问控制方法多采用集中式的授权决策实体进行访问控制的决策,即使用中央可信实体授予访问控制权限。目前很多智能设备在使用时,都没有进行双向的身份认证或者采用强密码的方式来保护数据的安全性,例如,在智能家居设备的日常使用过程中往往采取简单的四位PIN码或者二维码扫描来验证设备使用方,进而实现对智能家居设备的入网授权,另外,各个智能家居设备往往独立工作,不能合理共享智能家居设备各自具备的资源和能力。这样的访问控制方式使得第三方可以较为轻松地进行破解,而且控制设备的软件应用程序安全系数相对较低,第三方恶意设备加入的成本小,智能设备的数据安全存在极大的隐患。因而在现有技术下,无法在实现智能设备间一体化协同工作的同时保证其安全性。In the prior art, access control methods for smart devices mostly use a centralized authorization decision-making entity to make access control decisions, that is, use a central trusted entity to grant access control permissions. At present, when many smart devices are in use, they do not perform two-way identity authentication or use strong passwords to protect data security. For example, in the daily use of smart home devices, a simple four-digit PIN code or two-dimensional Code scanning is used to verify the user of the device, and then realize the network access authorization of smart home devices. In addition, each smart home device often works independently, and cannot reasonably share the resources and capabilities of each smart home device. This access control method makes it easier for third parties to crack, and the software application program of the control device has a relatively low security factor, the cost of adding malicious third-party devices is small, and there are great hidden dangers in the data security of smart devices. Therefore, under the existing technology, it is impossible to ensure the security of intelligent devices while realizing the integrated and collaborative work among them.
发明内容Contents of the invention
有鉴于此,本发明实施例提供一种设备访问控制方法及装置、电子设备及存储介质。In view of this, an embodiment of the present invention provides a device access control method and device, an electronic device, and a storage medium.
本发明的技术方案是这样实现的:Technical scheme of the present invention is realized like this:
第一方面,本发明实施例提供一种设备访问控制方法,包括:In a first aspect, an embodiment of the present invention provides a device access control method, including:
接收访问请求,其中,所述访问请求包含:请求方的第一用户属性信息;receiving an access request, wherein the access request includes: first user attribute information of the requesting party;
根据所述访问请求查询存储有受控设备的访问控制策略的区块链;Querying the block chain storing the access control policy of the controlled device according to the access request;
根据所述第一用户属性信息及查询的所述访问控制策略,确定所述请求方是否为授权访问用户;Determine whether the requesting party is an authorized access user according to the first user attribute information and the queried access control policy;
在所述请求方为授权访问用户时,从基于所述受控设备的能力建立的虚拟能力资源池内为所述请求方分配虚拟能力的使用权限;When the requesting party is an authorized access user, assigning the requesting party the right to use the virtual capability from the virtual capability resource pool established based on the capabilities of the controlled device;
根据所述使用权限的权限范围信息,向所述受控设备发送控制指令,其中,所述控制指令,用于控制所述受控设备在所述使用权限内接受所述请求方的访问。Sending a control instruction to the controlled device according to the permission range information of the usage permission, where the control instruction is used to control the controlled device to accept the requester's access within the usage permission.
进一步地,所述根据所述第一用户属性信息及查询的所述访问控制策略,确定所述请求方是否为授权访问用户,包括:Further, the determining whether the requester is an authorized access user according to the first user attribute information and the queried access control policy includes:
根据查询的所述访问控制策略,确定所述受控设备的授权访问用户的第二用户属性信息;determining second user attribute information of authorized access users of the controlled device according to the queried access control policy;
将所述第一用户属性信息与所述第二用户属性信息进行比对,确定所述请求方是否为授权访问用户。Comparing the first user attribute information with the second user attribute information to determine whether the requester is an authorized access user.
进一步地,所述从基于所述受控设备的能力建立的虚拟能力资源池内为所述请求方分配虚拟能力的使用权限,包括:Further, the allocating the use right of the virtual capability to the requester from the virtual capability resource pool established based on the capability of the controlled device includes:
根据所述访问请求,确定所需的目标能力;Determining required target capabilities based on the access request;
确定基于所述受控设备的能力建立的虚拟能力资源池中记录的能够提供所述目标能力的目标设备;determining a target device capable of providing the target capability recorded in the virtual capability resource pool established based on the capability of the controlled device;
向所述请求方分配所述目标设备的使用权限。Allocating the use rights of the target device to the requesting party.
进一步地,所述根据所述使用权限的权限范围信息,向所述受控设备发送控制指令,包括:Further, the sending a control instruction to the controlled device according to the authority range information of the use authority includes:
获取所述请求方对应的授权设备列表;Obtain an authorized device list corresponding to the requesting party;
若所述授权设备列表中存在所述目标设备,则根据所述使用权限的权限范围信息,向所述目标设备发送控制指令。If the target device exists in the authorized device list, a control instruction is sent to the target device according to the authority range information of the usage authority.
进一步地,所述方法还包括:Further, the method also includes:
在所述区块链中查询所述受控设备的设备公钥;querying the device public key of the controlled device in the block chain;
所述根据所述使用权限的权限范围信息,向所述受控设备发送控制指令,包括:The sending a control command to the controlled device according to the authority range information of the use authority includes:
基于所述设备公钥,对所述受控设备进行身份验证;performing identity verification on the controlled device based on the device public key;
若验证成功,则根据所述使用权限的权限范围信息,向所述受控设备发送控制指令。If the verification is successful, a control instruction is sent to the controlled device according to the authority range information of the use authority.
进一步地,所述方法还包括:Further, the method also includes:
基于至少一个所述受控设备的能力,建立虚拟能力资源池;Establishing a virtual capability resource pool based on the capability of at least one controlled device;
基于所述受控设备的授权访问用户的第二用户属性信息,以及所述受控设备的设备属性信息,确定所述虚拟能力资源池中记录的受控设备的访问控制策略;Based on the second user attribute information of the authorized access user of the controlled device and the device attribute information of the controlled device, determine the access control policy of the controlled device recorded in the virtual capability resource pool;
将所述访问控制策略存储至区块链的至少一个区块中。The access control policy is stored in at least one block of the block chain.
进一步地,所述方法还包括:Further, the method also includes:
在存储结束后基于每一所述区块中存储的所述访问控制策略,对所述区块进行哈希运算,得到所述区块的更新后的哈希值;其中,所述区块的哈希值存储于与所述区块链中的下一个区块中;After the storage is completed, based on the access control policy stored in each of the blocks, a hash operation is performed on the blocks to obtain an updated hash value of the blocks; wherein, the block's The hash value is stored in the next block in the blockchain;
基于所述区块的更新后的哈希值,对与所述区块链中的下一个区块中存储的哈希值进行更新。Based on the updated hash value of the block, the hash value stored in the next block in the blockchain is updated.
进一步地,所述方法还包括:Further, the method also includes:
基于星际文件系统IPFS,存储对所述受控设备的访问控制过程中产生的操作数据。Based on the interplanetary file system IPFS, the operation data generated during the access control process of the controlled device is stored.
第二方面,本发明实施例提供一种设备访问控制装置,包括:In a second aspect, an embodiment of the present invention provides a device access control device, including:
接收单元,用于接收访问请求,其中,所述访问请求包含:请求方的第一用户属性信息;A receiving unit, configured to receive an access request, wherein the access request includes: first user attribute information of the requesting party;
查询单元,用于根据所述访问请求查询存储有受控设备的访问控制策略的区块链;a query unit, configured to query a block chain storing the access control policy of the controlled device according to the access request;
确定单元,用于根据所述第一用户属性信息及查询的所述访问控制策略,确定所述请求方是否为授权访问用户;A determining unit, configured to determine whether the requester is an authorized access user according to the first user attribute information and the queried access control policy;
分配单元,用于在所述请求方为授权访问用户时,从基于所述受控设备的能力建立的虚拟能力资源池内为所述请求方分配虚拟能力的使用权限;An allocating unit, configured to allocate the requester the right to use the virtual capability from the virtual capability resource pool established based on the capability of the controlled device when the requester is an authorized access user;
发送单元,用于根据所述使用权限的权限范围信息,向所述受控设备发送控制指令,其中,所述控制指令,用于控制所述受控设备在所述使用权限内接受所述请求方的访问。A sending unit, configured to send a control instruction to the controlled device according to the authorization range information of the usage authorization, wherein the control instruction is used to control the controlled device to accept the request within the usage authorization party visits.
第三方面,本发明实施例提供一种电子设备,所述电子设备包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器;In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: a processor and a memory for storing a computer program that can run on the processor;
处理器运行所述计算机程序时,执行前述一个或多个技术方案所述方法的步骤。When the processor runs the computer program, it executes the steps of the methods described in one or more of the foregoing technical solutions.
第四方面,本发明实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令;计算机可执行指令被处理器执行后,能够实现前述一个或多个技术方案所述方法。In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores computer-executable instructions; after the computer-executable instructions are executed by a processor, one or more of the aforementioned technical solutions can be realized the method.
本发明实施例提供的设备访问控制方法,包括:接收访问请求,其中,所述访问请求包含:请求方的第一用户属性信息;根据所述访问请求查询存储有受控设备的访问控制策略的区块链;根据所述第一用户属性信息及查询的所述访问控制策略,确定所述请求方是否为授权访问用户;在所述请求方为授权访问用户时,从基于所述受控设备的能力建立的虚拟能力资源池内为所述请求方分配虚拟能力的使用权限;根据所述使用权限的权限范围信息,向所述受控设备发送控制指令。如此,基于虚拟能力资源池可实现多个受控设备能力的开放共享和统一分配,提高设备能力资源的利用率。在此基础上,通过区块链存储受控设备的访问控制策略,基于区块链的去中心化存储特性,有效抑制对受控设备对集中式单一授权决策实体的依赖性,大大提高设备相关数据存储以及多设备能力资源共享的安全性。The device access control method provided by the embodiment of the present invention includes: receiving an access request, wherein the access request includes: the first user attribute information of the requesting party; querying the access control policy of the controlled device according to the access request Block chain; according to the first user attribute information and the access control policy of the query, determine whether the requester is an authorized access user; when the requester is an authorized access user, from the controlled device Allocating the use authority of the virtual capability to the requester in the virtual capability resource pool established by the capability; and sending a control instruction to the controlled device according to the authority range information of the use authority. In this way, based on the virtual capability resource pool, the open sharing and unified allocation of multiple controlled device capabilities can be realized, and the utilization rate of device capability resources can be improved. On this basis, the access control policy of the controlled device is stored in the blockchain, and based on the decentralized storage characteristics of the blockchain, it can effectively suppress the dependence of the controlled device on the centralized single authorization decision-making entity, and greatly improve the reliability of the device. Security of data storage and resource sharing of multi-device capabilities.
附图说明Description of drawings
图1为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 1 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图2为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 2 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图3为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 3 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图4为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 4 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图5为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 5 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图6为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 6 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图7为本发明实施例提供的设备访问控制方法的流程示意图;FIG. 7 is a schematic flowchart of a device access control method provided by an embodiment of the present invention;
图8为本发明实施例提供的设备访问控制装置的结构示意图;FIG. 8 is a schematic structural diagram of a device access control device provided by an embodiment of the present invention;
图9为本发明实施例提供的住户场景下智能家居管控的流程示意图;FIG. 9 is a schematic flow diagram of smart home management and control in a resident scenario provided by an embodiment of the present invention;
图10为本发明实施例提供的访客场景下智能家居管控的流程示意图;FIG. 10 is a schematic flow diagram of smart home management and control under the visitor scenario provided by the embodiment of the present invention;
图11为本发明实施例提供的智能家居设备访问控制方法的流程示意图;FIG. 11 is a schematic flowchart of a method for controlling access to smart home devices provided by an embodiment of the present invention;
图12为本发明实施例提供的区块链存储的流程示意图;FIG. 12 is a schematic flow diagram of blockchain storage provided by an embodiment of the present invention;
图13为本发明实施例提供的用于存储操作数据的代码实现示意图;FIG. 13 is a schematic diagram of code implementation for storing operation data provided by an embodiment of the present invention;
图14为本发明实施例提供的用于获取操作数据的代码实现示意图;FIG. 14 is a schematic diagram of code implementation for obtaining operation data provided by an embodiment of the present invention;
图15为本发明实施例提供的UPnP设备属性示意图;FIG. 15 is a schematic diagram of UPnP device attributes provided by an embodiment of the present invention;
图16为本发明实施例提供的获取虚拟能力资源的流程示意图。FIG. 16 is a schematic flowchart of obtaining virtual capability resources according to an embodiment of the present invention.
具体实施方式detailed description
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,所描述的实施例不应视为对本发明的限制,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with the accompanying drawings, and the described embodiments should not be considered as limiting the present invention, and those of ordinary skill in the art do not make any All other embodiments obtained under the premise of creative labor belong to the protection scope of the present invention.
在以下的描述中,涉及到“一些实施例”,其描述了所有可能实施例的子集,但是可以理解,“一些实施例”可以是所有可能实施例的相同子集或不同子集,并且可以在不冲突的情况下相互结合。In the following description, references to "some embodiments" describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or a different subset of all possible embodiments, and Can be combined with each other without conflict.
在以下的描述中,所涉及的术语“第一\第二\第三”仅仅是是区别类似的对象,不代表针对对象的特定排序,可以理解地,“第一\第二\第三”在允许的情况下可以互换特定的顺序或先后次序,以使这里描述的本发明实施例能够以除了在这里图示或描述的以外的顺序实施。In the following description, the term "first\second\third" is only used to distinguish similar objects, and does not represent a specific ordering of objects. Understandably, "first\second\third" Where permitted, the specific order or sequence may be interchanged such that the embodiments of the invention described herein can be practiced in sequences other than those illustrated or described herein.
除非另有定义,本文所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。本文中所使用的术语只是为了描述本发明实施例的目的,不是旨在限制本发明。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field of the invention. The terms used herein are only for the purpose of describing the embodiments of the present invention, and are not intended to limit the present invention.
如图1所示,本发明实施例提供一种设备访问控制方法,包括:As shown in Figure 1, an embodiment of the present invention provides a device access control method, including:
S110:接收访问请求,其中,所述访问请求包含:请求方的第一用户属性信息;S110: Receive an access request, where the access request includes: first user attribute information of the requesting party;
S120:根据所述访问请求查询存储有受控设备的访问控制策略的区块链;S120: Query the block chain storing the access control policy of the controlled device according to the access request;
S130:根据所述第一用户属性信息及查询的所述访问控制策略,确定所述请求方是否为授权访问用户;S130: Determine whether the requester is an authorized access user according to the first user attribute information and the queried access control policy;
S140:在所述请求方为授权访问用户时,从基于所述受控设备的能力建立的虚拟能力资源池内为所述请求方分配虚拟能力的使用权限;S140: When the requesting party is an authorized access user, assign the requesting party the right to use the virtual capability from the virtual capability resource pool established based on the capabilities of the controlled device;
S150:根据所述使用权限的权限范围信息,向所述受控设备发送控制指令,其中,所述控制指令,用于控制所述受控设备在所述使用权限内接受所述请求方的访问。S150: Send a control instruction to the controlled device according to the authority range information of the use authority, where the control instruction is used to control the controlled device to accept the requester's access within the use authority .
这里,受控设备可以为各种智能设备,例如通用即插即用(Universal Plug angPlay,UPnP)设备等物联网设备。请求方可以为请求访问和/或使用受控设备的用户,第一用户属性信息为表征用户身份的属性信息,例如,可以包含用户的身份标识信息(IdentityDocument,ID)等。Here, the controlled device may be various smart devices, such as Internet of Things devices such as Universal Plug and Play (Universal Plug and Play, UPnP) devices. The requesting party may be a user requesting to access and/or use the controlled device, and the first user attribute information is attribute information characterizing the identity of the user, for example, may include user identity information (IdentityDocument, ID) and the like.
在本发明实施例中,访问请求包含请求方的第一用户属性信息,还可以携带请求访问的设备信息或者请求获取的能力资源等信息。受控设备的访问控制策略可以为基于受控设备的授权访问用户的用户属性信息以及受控设备的设备属性信息等,设定的用于管理请求者对受控设备的访问的信息。In the embodiment of the present invention, the access request includes the first user attribute information of the requesting party, and may also carry information such as device information requested to be accessed or capability resources requested to be obtained. The access control policy of the controlled device may be information set based on the user attribute information of the authorized access user of the controlled device, the device attribute information of the controlled device, etc., and used to manage the requester's access to the controlled device.
在一个实施例中,区块链用于存储受控设备的访问控制策略,对访问请求的响应及设备访问控制方法均在区块链中实现,则可以实现自动化的策略控制流程。通过区块链中的智能合约进行处理,不需要任何人为参与,只需满足智能合约中记录的要求即可,可以大大节省时间,降低成本,且无法更改,有效保证了整体流程和用户隐私信息的安全性In one embodiment, the block chain is used to store the access control policy of the controlled device, and the response to the access request and the device access control method are implemented in the block chain, so that an automated policy control process can be realized. Processing through the smart contract in the blockchain does not require any human participation, and only needs to meet the requirements recorded in the smart contract, which can greatly save time, reduce costs, and cannot be changed, effectively ensuring the overall process and user privacy information security
在另一个实施例中,受控设备为支持UPnP协议的智能家居设备,例如电视机、投影仪等,且多个智能家居设备基于UPnP协议形成智能家居系统,在智能家居系统内基于各智能家居设备所具有的能力资源形成虚拟能力资源池,实现多设备间能力资源的共享和集中调配。In another embodiment, the controlled device is a smart home device that supports the UPnP protocol, such as a TV, a projector, etc., and a plurality of smart home devices form a smart home system based on the UPnP protocol, and in the smart home system based on each smart home The capability resources of the devices form a virtual capability resource pool to realize the sharing and centralized deployment of capability resources among multiple devices.
示例性地,可以根据访问请求中携带的请求访问的设备信息,向区块链中查询已存储的对应的受控设备的访问控制策略;或者,亦可以根据访问请求中请求获取的虚拟能力,向区块链中分别查询各受控设备的访问控制策略。Exemplarily, according to the requested device information carried in the access request, the stored access control policy of the corresponding controlled device can be queried in the blockchain; or, according to the virtual capability requested in the access request, Query the access control policy of each controlled device from the blockchain.
在一个实施例中,根据第一用户属性信息,可以在查询的访问控制策略中进行搜索或匹配,确定第一用户属性信息是否属于访问控制策略中记录的授权访问用户信息。若第一用户属性信息属于访问控制策略中记录的授权访问用户信息,则第一用户属性信息对应的请求方为受控设备的授权访问用户。In an embodiment, according to the first user attribute information, search or match may be performed in the queried access control policy to determine whether the first user attribute information belongs to the authorized access user information recorded in the access control policy. If the first user attribute information belongs to the authorized access user information recorded in the access control policy, the requester corresponding to the first user attribute information is the authorized access user of the controlled device.
若确定请求方为授权访问用户,则可以在基于UPnP协议形成的虚拟能力资源池中,将请求方所需的虚拟能力的使用权限分配给请求方,例如,根据访问请求中携带的请求获取的虚拟能力,在虚拟能力资源池中进行匹配查询,并获取该虚拟能力对应的访问权限、使用权限等,并发送给请求方。If it is determined that the requesting party is an authorized access user, the requesting party can be assigned the right to use the virtual capacity required by the requesting party in the virtual capacity resource pool formed based on the UPnP protocol, for example, according to the request carried in the access request. For virtual capabilities, a matching query is performed in the virtual capability resource pool, and access rights, use rights, etc. corresponding to the virtual capabilities are obtained and sent to the requesting party.
在另一个实施例中,在确定请求方为授权访问用户时,先获取访问控制策略中记录的虚拟能力访问权限,并将该访问权限发送给请求方。请求方基于访问权限,可以得知或浏览具备该虚拟能力的相关受控设备,从而可以再次请求访问其中一个或多个受控设备。基于此,可以在接收到再次请求后向请求方返回虚拟能力的使用权限。In another embodiment, when it is determined that the requesting party is an authorized access user, the virtual capability access right recorded in the access control policy is obtained first, and the access right is sent to the requesting party. Based on the access rights, the requester can know or browse related controlled devices with the virtual capability, so that he can request to access one or more of the controlled devices again. Based on this, the right to use the virtual capability may be returned to the requesting party after another request is received.
在一个实施例中,使用权限具有权限范围信息,例如权限范围信息可以记录当请求方拥有对受控设备的使用权限并对受控设备发出指令时,受控设备允许响应的指令等。示例性地,受控设备为电视机,对应的权限范围信息可以包括允许请求方对受控设备执行投屏、音量调节等控制操作,而不允许请求方对受控设备执行恢复出厂设置等操作。In an embodiment, the use right has authority range information, for example, the authority range information may record that when the requester has the use right to the controlled device and sends an instruction to the controlled device, the controlled device is allowed to respond to the instruction. Exemplarily, the controlled device is a TV, and the corresponding permission range information may include allowing the requester to perform control operations such as screen projection and volume adjustment on the controlled device, but not allowing the requester to perform operations such as restoring factory settings on the controlled device .
在另一个实施例中,使用权限的权限范围信息还可以根据访问控制策略设定,例如,访问控制策略中记录了受控设备在不同时间段的可调用能力资源,因而使用权限可以对应设定不同的权限范围信息,在不同时间段允许请求方执行不同的操作。或者,访问控制策略中记录了受控设备不同等级的授权访问用户,比如家庭成员中成年人为第一级,未成年人为第二级,访客成员为第三级,则针对不同等级的授权访问用户,使用权限可以对应设定不同的权限范围信息,基于请求方的第一用户属性信息确定授权访问用户等级后,根据等级确定对应的权限范围信息,以针对性地提供不同的使用权限。In another embodiment, the authority range information of the use authority can also be set according to the access control policy. For example, the access control policy records the callable capability resources of the controlled device in different time periods, so the use authority can be set accordingly Different permission scope information allows the requester to perform different operations in different time periods. Or, the access control policy records the authorized access users of different levels of controlled equipment. For example, among family members, adults are the first level, minors are the second level, and visitor members are the third level. , the usage rights can correspond to different rights range information, and after determining the authorized access user level based on the first user attribute information of the requesting party, the corresponding rights range information is determined according to the level, so as to provide different usage rights in a targeted manner.
可以理解的是,向受控设备发送的控制指令,用于指示受控设备响应请求方的指令,可以包括访问指令、控制指令等。It can be understood that the control instruction sent to the controlled device is used to instruct the controlled device to respond to the requester's instruction, and may include an access instruction, a control instruction, and the like.
如此,基于受控设备的能力资源建立虚拟能力资源池,实现了受控设备的系统化,以及多设备间虚拟能力资源的统一调配和共享,提高能力资源的利用率和对能力资源需求的响应度。在此基础上,基于区块链存储用于作为受控设备访问决策依据的访问控制策略,基于区块链的分布式存储特性,大大降低对集中式授权决策实体的依赖性,提高信息存储的安全性和防篡改能力。进一步地,基于区块链存储的信息验证请求方的身份信息,实现了在优化设备资源使用的基础上,提高对受控设备相关信息的隐私保护以及设备访问的安全性,在实现设备间一体化协同工作的同时,提高整体的安全性能。In this way, a virtual capability resource pool is established based on the capability resources of the controlled equipment, which realizes the systematization of the controlled equipment, and the unified allocation and sharing of virtual capability resources among multiple devices, improving the utilization rate of capability resources and the response to capability resource requirements Spend. On this basis, the access control strategy based on blockchain storage used as the basis for access decision-making of controlled devices, based on the distributed storage characteristics of blockchain, greatly reduces the dependence on centralized authorization decision-making entities, and improves the security of information storage. Security and tamper resistance. Furthermore, based on the information stored in the blockchain to verify the identity information of the requesting party, on the basis of optimizing the use of device resources, the privacy protection of the relevant information of the controlled device and the security of device access are improved, and the integration of devices is realized. While optimizing the collaborative work, improve the overall security performance.
在一些实施例中,如图2所示,所述S130,包括:In some embodiments, as shown in FIG. 2, the S130 includes:
S131:根据查询的所述访问控制策略,确定所述受控设备的授权访问用户的第二用户属性信息;S131: Determine second user attribute information of authorized access users of the controlled device according to the queried access control policy;
S132:将所述第一用户属性信息与所述第二用户属性信息进行比对,确定所述请求方是否为授权访问用户。S132: Compare the first user attribute information with the second user attribute information, and determine whether the requester is an authorized access user.
在本发明实施例中,访问控制策略中可以记录允许访问受控设备的授权访问用户的第二用户属性信息,其中,第二用户属性信息可以为与第一用户属性信息格式相同的信息,例如用户的ID信息等。In the embodiment of the present invention, the second user attribute information of the authorized access user who is allowed to access the controlled device may be recorded in the access control policy, where the second user attribute information may be information in the same format as the first user attribute information, for example User ID information, etc.
在一个实施例中,访问控制策略中可以分别记录至少一个授权访问用户的第二用户属性信息,然后将第一用户属性信息分别与至少一个第二用户属性信息进行比对。若都不匹配,则请求方不是授权访问用户;若在比对过程中与一个第二用户属性信息匹配成功,则请求方是授权访问用户。In an embodiment, the access control policy may respectively record at least one second user attribute information of authorized access users, and then compare the first user attribute information with the at least one second user attribute information respectively. If they do not match, the requester is not an authorized access user; if the matching with a second user attribute information is successful during the comparison process, then the requester is an authorized access user.
在另一个实施例中,访问控制策略中也可以以表格的形式记录至少一个第二用户属性信息,然后将第一用户属性信息与表格进行存在性查询。若第一用户属性信息存在于表格中,则请求方是授权访问用户。In another embodiment, the access control policy may also record at least one second user attribute information in the form of a table, and then perform an existence query on the first user attribute information and the table. If the first user attribute information exists in the table, the requester is an authorized access user.
如此,可以基于区块链中存储的访问控制策略,对请求方的身份进行验证,既可保证受控设备接受访问的安全性,又可以基于区块链提高授权访问用户身份信息存储的隐私性。In this way, based on the access control policy stored in the blockchain, the identity of the requesting party can be verified, which can not only ensure the security of the controlled device to receive access, but also improve the privacy of authorized access to the storage of user identity information based on the blockchain .
在一些实施例中,如图3所示,所述S140,包括:In some embodiments, as shown in FIG. 3, the S140 includes:
S141:在所述请求方为授权访问用户时,根据所述访问请求,确定所需的目标能力;S141: When the requesting party is an authorized access user, determine the required target capability according to the access request;
S142:确定基于所述受控设备的能力建立的虚拟能力资源池中记录的能够提供所述目标能力的目标设备;S142: Determine a target device capable of providing the target capability recorded in the virtual capability resource pool established based on the capability of the controlled device;
S143:向所述请求方分配所述目标设备的使用权限。S143: Allocate the use right of the target device to the requester.
在本发明实施例中,可以确定访问请求中携带的请求获取的目标能力,进而根据该目标能力在基于UPnP协议与多受控设备的能力形成的虚拟能力资源池中进行匹配或搜索,以确定虚拟能力资源池中是否存在该目标能力,并确定能够提供该目标能力的受控设备为目标设备。这里,虚拟能力资源池可以包含受控设备与其具备的能力的对应关系。In the embodiment of the present invention, the requested target capability carried in the access request can be determined, and then according to the target capability, a match or search is performed in the virtual capability resource pool formed based on the UPnP protocol and the capabilities of multiple controlled devices to determine Whether the target capability exists in the virtual capability resource pool, and determine the controlled device that can provide the target capability as the target device. Here, the virtual capability resource pool may include a correspondence between the controlled device and the capabilities it possesses.
在一个实施例中,受控设备为具备UPnP协议的智能家居设备。基于访问请求,确定请求方所需的目标能力为在一定尺寸范围、清晰度范围等参数下进行投屏显示的能力。根据该目标能力在虚拟能力资源池中进行搜索,确定电视机可提供该目标能力,则确定电视机为目标设备。In one embodiment, the controlled device is a smart home device with UPnP protocol. Based on the access request, it is determined that the target capability required by the requester is the ability to perform screen projection within a certain size range, definition range, and other parameters. The virtual capability resource pool is searched according to the target capability, and it is determined that the television set can provide the target capability, and then the television set is determined as the target device.
在另一个实施例中,由于具备目标能力的设备在当前时刻并不一定可以提供该目标能力,因此可以在确定具备目标能力的受控设备后,基于受控设备的工作量、资源占用情况、与请求方发出访问请求位置的距离等参数来确定能够提供目标能力的目标设备。例如,当用户在手机上进行视频会议需要在更大的屏幕上投屏时,可以选择离当前用户手机位置最近的电视机作为目标设备。In another embodiment, since the device with the target capability may not be able to provide the target capability at the current moment, after determining the controlled device with the target capability, based on the workload of the controlled device, resource occupation, and Parameters such as the distance from the location where the requester sends the access request are used to determine the target device that can provide the target capability. For example, when a user conducts a video conference on a mobile phone and needs to cast the screen on a larger screen, the TV set closest to the location of the current user's mobile phone can be selected as the target device.
示例性地,确定虚拟能力资源池中记录的能够提供所述目标能力的目标设备,可以包括:确定虚拟能力资源池中记录的具备所述目标能力的受控设备;若具备所述目标能力的受控设备为一个,则确定该受控设备为目标设备;若具备所述目标能力的受控设备为多个,则从中确定当前资源占用率最低的受控设备为目标设备。Exemplarily, determining the target device recorded in the virtual capability resource pool that can provide the target capability may include: determining the controlled device recorded in the virtual capability resource pool that has the target capability; if the target device that has the target capability If there is only one controlled device, it is determined that the controlled device is the target device; if there are multiple controlled devices having the target capability, it is determined that the controlled device with the lowest current resource occupancy rate is the target device.
如此,基于受控设备的能力建立的虚拟能力资源池,可以有效建立受控设备与虚拟能力资源的映射关系,实现对设备更加细致清晰的访问控制。在此基础上,可以明确请求方所需获取的虚拟能力,从而可以在虚拟能力资源池中进行准确的搜索,为请求方提供最适合满足其当前虚拟能力需求的设备。In this way, the virtual capability resource pool established based on the capability of the controlled device can effectively establish a mapping relationship between the controlled device and the virtual capability resource, and realize more detailed and clear access control to the device. On this basis, the virtual capabilities that the requester needs to obtain can be specified, so that an accurate search can be performed in the virtual capability resource pool, and the requester can be provided with the most suitable equipment to meet its current virtual capability needs.
在一些实施例中,如图4所示,所述S150,包括:In some embodiments, as shown in FIG. 4, the S150 includes:
S151:获取所述请求方对应的授权设备列表;S151: Obtain an authorized device list corresponding to the requesting party;
S152:若所述授权设备列表中存在所述目标设备,则根据所述使用权限的权限范围信息,向所述目标设备发送控制指令。S152: If the target device exists in the authorized device list, send a control instruction to the target device according to the authority range information of the usage authority.
在本发明实施例中,授权访问用户的第二用户属性信息对应有授权设备列表,可选地,不同的授权访问用户对应的授权设备列表不同,以实现对不同用户提供不同的可访问设备。例如,对于儿童,出于安全性考虑,不希望儿童访问或控制智能烹饪设备,则在儿童对应的授权设备列表中,可以不包括智能烹饪设备。In the embodiment of the present invention, the second user attribute information of the authorized access user corresponds to an authorized device list. Optionally, different authorized access users correspond to different authorized device lists, so as to provide different accessible devices for different users. For example, for a child, for security reasons, if the child is not expected to access or control the smart cooking device, the smart cooking device may not be included in the list of authorized devices corresponding to the child.
在一个实施例中,在确定能够提供目标能力的目标设备后,基于请求方对应的授权设备列表,验证目标设备是否在请求方的准许访问范围内。这里,授权设备列表可以记录该授权访问用户可访问的设备的设备属性信息等。若确定授权设备列表中存在目标设备,则确定目标设备可供请求方访问。In one embodiment, after the target device capable of providing the target capability is determined, based on the authorized device list corresponding to the requester, it is verified whether the target device is within the access scope of the requester. Here, the authorized device list may record device attribute information and the like of devices accessible to the authorized access user. If it is determined that the target device exists in the authorized device list, it is determined that the target device can be accessed by the requester.
如此,在基于受控设备的授权访问用户对请求方的身份权限进行验证后,又基于请求方的授权设备对目标设备的可用性进行验证,从而实现请求方与设备的双向认证,进一步优化了对设备访问的控制。In this way, after the authorized access user of the controlled device verifies the identity and authority of the requester, the availability of the target device is verified based on the authorized device of the requester, thereby realizing two-way authentication between the requester and the device, further optimizing the Control of device access.
在一些实施例中,如图5所示,所述方法还包括:In some embodiments, as shown in Figure 5, the method also includes:
S160:在所述区块链中查询所述受控设备的设备公钥;S160: Query the device public key of the controlled device in the block chain;
所述S150,包括:The S150, including:
S153:基于所述设备公钥,对所述受控设备进行身份验证;S153: Perform identity verification on the controlled device based on the device public key;
S154:若验证成功,则根据所述使用权限的权限范围信息,向所述受控设备发送控制指令。S154: If the verification is successful, send a control instruction to the controlled device according to the authority range information of the use authority.
在本发明实施例中,设备公钥可以与受控设备的访问控制策略共同存储于区块链中,用于验证待提供虚拟能力资源的受控设备的身份有效性。In the embodiment of the present invention, the public key of the device can be stored in the blockchain together with the access control policy of the controlled device, and is used to verify the validity of the identity of the controlled device to be provided with virtual capability resources.
在一个实施例中,基于访问请求确定所需的目标能力,并基于目标能力确定目标设备后,可以基于目标设备的设备属性信息在区块链中查询对应的设备公钥,并利用该设备公钥验证目标设备的身份。若验证成功,表明目标设备是与区块链中记录的公钥匹配的安全设备,则可以向其发送控制指令。In one embodiment, after the required target capability is determined based on the access request and the target device is determined based on the target capability, the corresponding device public key can be queried in the blockchain based on the device attribute information of the target device, and the public key of the device can be used to key to verify the identity of the target device. If the verification is successful, it indicates that the target device is a security device that matches the public key recorded in the blockchain, and control instructions can be sent to it.
在另一个实施例中,向所述受控设备发送控制指令,可以包括:向受控设备发送控制指令,并监听受控设备的状态,例如,接收受控设备根据执行的处理动作生成并反馈的信息。In another embodiment, sending the control command to the controlled device may include: sending the control command to the controlled device, and monitoring the state of the controlled device, for example, receiving the generated and fed back by the controlled device according to the executed processing action. Information.
如此,基于区块链存储设备公钥,并基于设备公钥验证目标设备的身份,进一步提高了设备信息存储和设备访问控制的安全性。In this way, the device public key is stored based on the blockchain, and the identity of the target device is verified based on the device public key, which further improves the security of device information storage and device access control.
在一些实施例中,如图6所示,所述方法还包括:In some embodiments, as shown in Figure 6, the method further includes:
S101:基于至少一个所述受控设备的能力,建立虚拟能力资源池;S101: Establish a virtual capability resource pool based on the capability of at least one controlled device;
S102:基于所述受控设备的授权访问用户的第二用户属性信息,以及所述受控设备的设备属性信息,确定所述虚拟能力资源池中记录的受控设备的访问控制策略;S102: Based on the second user attribute information of the authorized access user of the controlled device and the device attribute information of the controlled device, determine the access control policy of the controlled device recorded in the virtual capability resource pool;
S103:将所述访问控制策略存储至区块链的至少一个区块中。S103: Store the access control policy in at least one block of the blockchain.
在本发明实施例中,可以通过至少一个受控设备的设备属性信息,获取至少一个受控设备的能力,其中,设备属性信息可以用于记录受控设备的标识信息、能力信息等。例如,若受控设备为UPnP协议下的智能家居设备,则可以基于预设的UPnP发现协议获取受控设备的设备属性信息,进而确定受控设备的能力。In the embodiment of the present invention, the capability of at least one controlled device can be obtained through the device attribute information of the at least one controlled device, wherein the device attribute information can be used to record the identification information, capability information, etc. of the controlled device. For example, if the controlled device is a smart home device under the UPnP protocol, the device attribute information of the controlled device can be obtained based on the preset UPnP discovery protocol, and then the capability of the controlled device can be determined.
这里,受控设备为UPnP协议下的智能家居设备,可以为根据UPnP标准生产得到的硬件设备。设备属性信息可以为可扩展标记语言(Extensible Markup Language,XML)格式的设备描述文件,其中记录受控设备及其虚拟能力的详细信息,可以包括设备名称、设备商(Original Equipment Manufacturer,OEM)或者方案商(Original Design Manufacturer,ODM)、服务信息列表等。Here, the controlled device is a smart home device under the UPnP protocol, which may be a hardware device produced according to the UPnP standard. The device attribute information can be a device description file in Extensible Markup Language (Extensible Markup Language, XML) format, which records detailed information about the controlled device and its virtual capabilities, and can include device name, device manufacturer (Original Equipment Manufacturer, OEM) or Solution provider (Original Design Manufacturer, ODM), service information list, etc.
在一个实施例中,通过至少一个受控设备的设备属性信息,获取至少一个受控设备的能力,可以包括:接收至少一个受控设备组播发送的设备属性信息,基于设备属性信息,获取受控设备的能力。In an embodiment, acquiring the capability of at least one controlled device through the device attribute information of at least one controlled device may include: receiving device attribute information sent by multicast from at least one controlled device, and obtaining the capability of the controlled device based on the device attribute information. ability to control the device.
示例性地,受控设备为UPnP协议下的智能家居设备,则受控设备可以通过组播发送设备属性信息,来宣告表明该设备在线并且描述自己的功能。通过监控并记录受控设备发送设备属性信息的固定地址及端口,在确定目标能力后可供查找得到具有该目标能力的受控设备。通过受控设备所提供的设备属性信息,得到受控设备及其相关虚拟能力的详细信息,并将这些信息进行记录整合,建立虚拟能力资源池。Exemplarily, the controlled device is a smart home device under the UPnP protocol, and the controlled device can send device attribute information through multicast to announce that the device is online and describe its own functions. By monitoring and recording the fixed address and port of the device attribute information sent by the controlled device, after the target capability is determined, it can be used to find the controlled device with the target capability. Through the device attribute information provided by the controlled device, the detailed information of the controlled device and its related virtual capabilities is obtained, and the information is recorded and integrated to establish a virtual capability resource pool.
在另一个实施例中,访问控制策略中可以记录第二用户属性信息与设备属性信息。在根据访问请求确定目标能力,并基于目标能力确定对应的目标设备时,可以查询访问控制策略中记录的设备属性信息,获取受控设备的虚拟能力资源信息,与目标能力进行比对,可以确定能够提供目标能力的目标设备。In another embodiment, the second user attribute information and device attribute information may be recorded in the access control policy. When determining the target capability according to the access request and determining the corresponding target device based on the target capability, you can query the device attribute information recorded in the access control policy, obtain the virtual capability resource information of the controlled device, and compare it with the target capability to determine A target device capable of providing targeted capabilities.
在一个实施例中,将访问控制策略进行签名加密处理,例如,可以通过信息摘要算法(Message-Digest Algorithm,MD5)、安全散列算法(Secure Hash Algorithm,SHA)等进行加密,将加密后的访问控制策略存储在区块链的至少一个区块中。In one embodiment, the access control policy is subjected to signature encryption processing, for example, it can be encrypted by a message digest algorithm (Message-Digest Algorithm, MD5), a secure hash algorithm (Secure Hash Algorithm, SHA), etc., and the encrypted Access control policies are stored in at least one block of the blockchain.
如此,基于设备能力建立的虚拟能力资源池,可以实现多设备间的资源共享和无缝连接,便于对访问请求进行统一处理和调度,并基于统一分配简化了网络实现。在此基础上将相关信息存储于区块链,通过区块链进行请求方身份验证、设备身份验证等处理过程,大大提高受控设备能力资源共享的安全性。In this way, the virtual capability resource pool established based on device capabilities can realize resource sharing and seamless connection among multiple devices, facilitate unified processing and scheduling of access requests, and simplify network implementation based on unified allocation. On this basis, the relevant information is stored in the blockchain, and the requester identity verification, device identity verification and other processing processes are performed through the blockchain, which greatly improves the security of resource sharing of controlled equipment capabilities.
在一些实施例中,如图7所示,所述方法还包括:In some embodiments, as shown in Figure 7, the method also includes:
S104:在存储结束后基于每一所述区块中存储的所述访问控制策略,对所述区块进行哈希运算,得到所述区块的更新后的哈希值;其中,所述区块的哈希值存储于与所述区块链中的下一个区块中;S104: After the storage is completed, perform a hash operation on the block based on the access control policy stored in each block to obtain an updated hash value of the block; wherein, the block The hash of the block is stored in the next block in the blockchain;
S105:基于所述区块的更新后的哈希值,对与所述区块链中的下一个区块中存储的哈希值进行更新。S105: Based on the updated hash value of the block, update the hash value stored in the next block in the blockchain.
在本发明实施例中,在将新加入的受控设备的访问控制策略存储在区块链中后,由于区块存储内容发生了更新,则基于区块存储内容,对区块进行哈希运算可以得到更新后的哈希值。在区块链中,除第一个区块外,每个区块中存储有前一个区块的哈希值,以此形成一条链。In the embodiment of the present invention, after the access control policy of the newly added controlled device is stored in the block chain, since the block storage content is updated, the block is hashed based on the block storage content The updated hash value can be obtained. In a blockchain, except for the first block, each block stores the hash value of the previous block to form a chain.
在存储结束后,对区块进行哈希运算,将得到的更新后的哈希值,存储至下一个区块中。例如,区块2中存储了新的受控设备的访问控制策略后,对区块2进行哈希运算,得到新的哈希值。由于区块3中存储有区块2的旧的哈希值,则此时将新的哈希值代替旧的哈希值存储于区块3中,完成对区块3存储内容的更新。进一步地,对区块3进行哈希运算,并将新的区块3的哈希值更新至区块4中,以此类推。After the storage is completed, the hash operation is performed on the block, and the updated hash value obtained is stored in the next block. For example, after the access control policy of the new controlled device is stored in the block 2, a hash operation is performed on the block 2 to obtain a new hash value. Since the old hash value of block 2 is stored in block 3, the new hash value is stored in block 3 instead of the old hash value at this time, and the update of the storage content of block 3 is completed. Further, a hash operation is performed on block 3, and the new hash value of block 3 is updated to block 4, and so on.
在另一个实施例中,每个区块中除了存储上一个区块的哈希值之外,还可以存储本区块的哈希值,以作为地址回溯的依据。基于此,在得到区块的更新后的哈希值后,需对区块中存储的哈希值和下一个区块中存储的哈希值同步进行更新。In another embodiment, in addition to storing the hash value of the previous block, each block may also store the hash value of the current block as a basis for address traceback. Based on this, after obtaining the updated hash value of the block, the hash value stored in the block and the hash value stored in the next block need to be updated synchronously.
如此,基于区块链中各区块存储上一区块的哈希值,大大提高各区块的关联性和指向性。基于此,若有第三方恶意设备试图加入区块链中,则会在存储至一个区块中后,引起该区块存储内容的改变,从而导致该区块的哈希值发生变化,进而导致下一区块存储的哈希值也会改变。以此类推,使得第三方恶意设备进入区块链的成本大大提高,有效抑制了其他设备的恶意侵入。In this way, based on the hash value of the previous block stored in each block in the blockchain, the relevance and directivity of each block are greatly improved. Based on this, if a third-party malicious device tries to join the blockchain, it will cause a change in the storage content of the block after being stored in a block, which will cause a change in the hash value of the block, resulting in The hash value stored in the next block will also change. By analogy, the cost of third-party malicious devices entering the blockchain is greatly increased, effectively suppressing the malicious intrusion of other devices.
在一些实施例中,所述方法还包括:In some embodiments, the method also includes:
基于星际文件系统IPFS,存储对所述受控设备的访问控制过程中产生的操作数据。Based on the interplanetary file system IPFS, the operation data generated during the access control process of the controlled device is stored.
在本发明实施例中,对受控设备的访问控制过程中,每个处理动作均会产生相应地操作数据,数据量较大,往往需要极大的存储空间。基于星际文件系统(Inter PlanetaryFile System,IPFS)对操作数据进行存储,IPFS本质上是一种内容可寻址、版本化、点对点超媒体的分布式存储、传输协议。可以通过对操作数据进行哈希运算,生成唯一映射的哈希标识。操作数据可以存储于IPFS的公网中,将操作数据的哈希标识存储于本地存储空间。在需要调取操作数据时,可以根据哈希标识来进行查找,得到相对应的操作数据。In the embodiment of the present invention, during the access control process of the controlled device, each processing action will generate corresponding operation data, and the amount of data is relatively large, often requiring a huge storage space. Operational data is stored based on the Inter Planetary File System (IPFS). IPFS is essentially a content-addressable, versioned, point-to-point hypermedia distributed storage and transmission protocol. A uniquely mapped hash identifier can be generated by performing a hash operation on the operation data. The operation data can be stored in the public network of IPFS, and the hash identifier of the operation data is stored in the local storage space. When the operation data needs to be called, it can be searched according to the hash identifier to obtain the corresponding operation data.
如此,基于IPFS存储可以将操作数据存储于在整个公网中,同时不用再使用多级目录来对操作数据进行存储,而是通过唯一的哈希标识去访问相应的操作数据。可以在一定程度上节约存储空间开销。In this way, IPFS-based storage can store operational data in the entire public network. At the same time, it is no longer necessary to use multi-level directories to store operational data, but to access corresponding operational data through unique hash identifiers. It can save storage space overhead to a certain extent.
如图8所示,本发明实施例提供一种设备访问控制装置,其特征在于,所述装置包括:As shown in Figure 8, an embodiment of the present invention provides a device access control device, characterized in that the device includes:
接收单元110,用于接收访问请求,其中,所述访问请求包含:请求方的第一用户属性信息;The receiving unit 110 is configured to receive an access request, wherein the access request includes: first user attribute information of the requesting party;
查询单元120,用于根据所述访问请求查询存储有受控设备的访问控制策略的区块链;The query unit 120 is configured to query the block chain storing the access control policy of the controlled device according to the access request;
确定单元130,用于根据所述第一用户属性信息及查询的所述访问控制策略,确定所述请求方是否为授权访问用户;A determining unit 130, configured to determine whether the requester is an authorized access user according to the first user attribute information and the queried access control policy;
分配单元140,用于在所述请求方为授权访问用户时,从基于所述受控设备的能力建立的虚拟能力资源池内为所述请求方分配虚拟能力的使用权限;An allocating unit 140, configured to, when the requesting party is an authorized access user, assign the requesting party the right to use the virtual capability from the virtual capability resource pool established based on the capabilities of the controlled device;
发送单元150,用于根据所述使用权限的权限范围信息,向所述受控设备发送控制指令,其中,所述控制指令,用于控制所述受控设备在所述使用权限内接受所述请求方的访问。The sending
在一些实施例中,所述装置还包括:In some embodiments, the device also includes:
查询单元,用于在所述区块链中查询所述受控设备的设备公钥;a query unit, configured to query the device public key of the controlled device in the block chain;
所述发送单元,具体用于基于所述设备公钥,对所述受控设备进行身份验证;The sending unit is specifically configured to authenticate the controlled device based on the device public key;
若验证成功,则根据所述使用权限的权限范围信息,向所述受控设备发送控制指令。If the verification is successful, a control instruction is sent to the controlled device according to the authority range information of the use authority.
在一些实施例中,所述装置还包括:In some embodiments, the device also includes:
建立单元,用于基于至少一个所述受控设备的能力,建立虚拟能力资源池;An establishing unit, configured to establish a virtual capability resource pool based on the capability of at least one controlled device;
决策单元,用于基于所述受控设备的授权访问用户的第二用户属性信息,以及所述受控设备的设备属性信息,确定所述虚拟能力资源池中记录的受控设备的访问控制策略;A decision-making unit, configured to determine the access control policy of the controlled device recorded in the virtual capability resource pool based on the second user attribute information of the authorized access user of the controlled device and the device attribute information of the controlled device ;
存储单元,用于将所述访问控制策略存储至区块链的至少一个区块中。A storage unit, configured to store the access control policy in at least one block of the block chain.
在一些实施例中,所述装置还包括:In some embodiments, the device also includes:
计算单元,用于在存储结束后基于每一所述区块中存储的所述访问控制策略,对所述区块进行哈希运算,得到所述区块的更新后的哈希值;其中,所述区块的哈希值存储于与所述区块链中的下一个区块中;A calculation unit, configured to perform a hash operation on the block based on the access control policy stored in each block after the storage is completed, to obtain an updated hash value of the block; wherein, The hash value of the block is stored in the next block in the blockchain;
更新单元,用于基于所述区块的更新后的哈希值,对与所述区块链中的下一个区块中存储的哈希值进行更新。An update unit, configured to update the hash value stored in the next block in the block chain based on the updated hash value of the block.
在一些实施例中,所述存储单元还用于:In some embodiments, the storage unit is also used for:
基于星际文件系统IPFS,存储对所述受控设备的访问控制过程中产生的操作数据。Based on the interplanetary file system IPFS, the operation data generated during the access control process of the controlled device is stored.
以下结合上述任一实施例提供一个具体示例:A specific example is provided below in combination with any of the above-mentioned embodiments:
本发明实施例提供一种基于区块链的智能家居分布式能力共享访问控制方法,通过区块链技术、UPnP协议和访问控制进行结合,本发明实施例的系统拓扑如图9和10所示,描述了住户和访客两种场景下对智能家居设备的控制流程。The embodiment of the present invention provides a block chain-based smart home distributed capability sharing access control method, which combines block chain technology, UPnP protocol and access control. The system topology of the embodiment of the present invention is shown in Figures 9 and 10 , describing the control process of smart home devices in two scenarios of residents and visitors.
1、核心流程:智能家居管控系统结合区块链的工作流程由四个模块共同处理:智能家居资源信息模块、智能家居资源管理模块、智能家居资源执行模块、智能家居资源决策模块,各个模块协同工作,通过相关的组件来处理用户的请求,如图11所示,共分九个步骤:1. Core process: The workflow of the smart home management and control system combined with the blockchain is jointly processed by four modules: smart home resource information module, smart home resource management module, smart home resource execution module, and smart home resource decision-making module. Each module cooperates Work, process user requests through related components, as shown in Figure 11, there are nine steps:
步骤1:智能家居归属方(住户)通过资源信息模块来上传智能家居设备的访问控制权限信息,包含用户属性信息、UPnP设备信息,同时使用资源管理模块来配置用户和能力资源相对应的访问控制策略,并将这些信息存储在区块链中;Step 1: The smart home owner (resident) uploads the access control permission information of the smart home device through the resource information module, including user attribute information and UPnP device information, and uses the resource management module to configure the access control corresponding to the user and capability resources policy and store this information in the blockchain;
步骤2:智能家居使用方(住户/访客)通过资源执行模块发起对智能家居设备的访问请求;Step 2: The smart home user (resident/visitor) initiates an access request to the smart home device through the resource execution module;
步骤3:资源决策模块调用资源管理模块获得用户和能力资源相对应的访问控制策略,同时调用资源信息模块来获得智能家居使用方的相关属性信息;Step 3: The resource decision-making module calls the resource management module to obtain the access control policy corresponding to the user and capability resource, and calls the resource information module to obtain the relevant attribute information of the smart home user;
步骤4:资源决策模块将智能家居使用方的属性信息和访问控制策略中设定的属性信息进行比较,若判定结果显示该使用方是被允许的,则会将正确的结果返回给资源执行模块;Step 4: The resource decision-making module compares the attribute information of the smart home user with the attribute information set in the access control policy, and if the judgment result shows that the user is allowed, it will return the correct result to the resource execution module ;
步骤5:资源执行模块接收资源决策模块发送的决策结果,整理获得访问控制策略中所规定的开放虚拟能力使用权限,并将这些权限返回给使用方,智能家居使用方可以获得访问开放虚拟能力的权限;Step 5: The resource execution module receives the decision result sent by the resource decision-making module, organizes and obtains the use rights of the open virtual capabilities stipulated in the access control policy, and returns these rights to the user, and the smart home user can obtain access to the open virtual capabilities. authority;
步骤6:智能家居使用方通过资源执行模块申请开放虚拟能力的使用权限;Step 6: The smart home user applies for permission to use virtual capabilities through the resource execution module;
步骤7:资源执行模块传递智能家居设备使用方的请求申请给资源决策模块;Step 7: The resource execution module transmits the request of the user of the smart home device to the resource decision-making module;
步骤8:资源决策模块搜索具备相关虚拟能力的UPnP设备,比对智能家居使用方的已获取资源列表,判断是否在准许范围内并进行确认,响应确认信息返回给资源执行模块;Step 8: The resource decision-making module searches for UPnP devices with relevant virtual capabilities, compares the obtained resource list of the smart home user, determines whether it is within the permitted range and confirms, and returns the confirmation information to the resource execution module;
步骤9:Step 9:
9-1、资源执行模块向智能家居使用方返回允许调用响应信息,发送控制行为请求给相关的UPnP设备。9-1. The resource execution module returns permission call response information to the smart home user, and sends a control action request to the relevant UPnP device.
9-2、智能家居使用方在收到反馈后即可使用允许权限的智能家居设备,流程结束。9-2. After receiving the feedback, the smart home user can use the smart home device with permission, and the process ends.
2、所述智能家居管控系统,会将用户和设备的相关属性信息在区块链上进行加密处理。由于在计算本块哈希时需要利用到前块哈希,因此第三方如果需要在区块链上加入恶意设备,成本会非常高。区块链采用块链式数据结构,即一段时间内发生的事务处理以区块为单位进行存储,并以密码学算法将区块按时间顺序连接成链条的一种数据结构。在区块链上保存相应数据时需要进行可信数据签名处理,利用MD5、SHA等数字指纹技术来得到相应的签名值。因此在各个数据块里会保存相关的信息:前块哈希和本块哈希,用户访问控制策略、设备授权公钥信息等。这样,可以利用前块的地址进行回溯,从而将这些数据保存到一条链中,提高了数据的安全性。各个区块中签名的相关处理如图12所示,其中,00006yjabc、000007jlabc、000008baced、000009yycae均为哈希运算产生的哈希值。2. The smart home management and control system will encrypt relevant attribute information of users and devices on the block chain. Since the hash of the previous block needs to be used when calculating the hash of this block, if a third party needs to add a malicious device to the blockchain, the cost will be very high. The blockchain adopts a block chain data structure, that is, the transaction processing that occurs within a period of time is stored in blocks, and a cryptographic algorithm is used to connect the blocks into a chain in chronological order. When saving the corresponding data on the blockchain, trusted data signature processing is required, and digital fingerprint technologies such as MD5 and SHA are used to obtain the corresponding signature value. Therefore, relevant information will be saved in each data block: previous block hash and current block hash, user access control policy, device authorization public key information, etc. In this way, the address of the previous block can be used for backtracking, so that these data can be saved in a chain, which improves the security of the data. The relevant processing of signatures in each block is shown in Figure 12, where 00006yjabc, 000007jlabc, 000008baced, and 000009yycae are hash values generated by hash operations.
3、所述智能家居管控系统,会将智能家居使用过程中,可能产生的大量操作数据信息,通过IPFS进行分布式存储。IPFS本质上是一种内容可寻址、版本化、点对点超媒体的分布式存储、传输协议,它具有内容可寻址的特点,通过文件内容生成唯一的哈希标识,一定程度上节约了空间开销的成本。IPFS通过将智能家居的操作数据进行哈希运算,然后根据这个哈希值来进行查找,得到相对应的存储内容,反馈的哈希值与操作数据储存内容相互映射。3. The smart home management and control system will distribute and store a large amount of operational data information that may be generated during the use of the smart home through IPFS. IPFS is essentially a content-addressable, versioned, point-to-point hypermedia distributed storage and transmission protocol. It has the characteristics of content addressability. It generates a unique hash identifier through the file content, which saves space to a certain extent. The cost of overhead. IPFS performs hash operation on the operation data of the smart home, and then searches according to the hash value to obtain the corresponding storage content, and the feedback hash value and the storage content of the operation data are mapped to each other.
例如,可通过如图13所示的伪码实现操作数据的存储。For example, the storage of operation data can be realized through the pseudocode shown in FIG. 13 .
通过对智能家居的操作数据进行哈希处理后可以得到前面对应的哈希值。The corresponding hash value above can be obtained by hashing the operation data of the smart home.
当需要获取上传的智能家居操作数据时,可以通过如图14所示的代码来获取得到。When it is necessary to obtain the uploaded smart home operation data, it can be obtained through the code shown in Figure 14.
4、所述智能家居管控系统采用UPnP协议来完成设备发现和控制,作为一个通用UPnP控制点,UPnP具备自动发现和控制的标准协议,可以实现对于智能家居设备的零配置。智能家居设备被添加到网络中,UPnP发现协议可以准许它向智能家居管控系统来组播宣告表明该设备在线并且描述自己的功能,同时智能家居管控系统会监控设备发送消息的固定地址及端口,从而查找得到这个网络内所需具有相关虚拟能力的设备,通过设备所提供的设备描述文件,来得到设备及其相关虚拟能力的详细信息,并将这些信息通过智能家居资源信息模块进行记账。之后当设备使用方经过验证得到了智能家居设备的使用允许权限后,智能家居管控系统利用区块链上设备的公钥进行签名验证,再根据设备的描述,选择要进行的操作并且获知设备所提供的服务,传递控制行为请求给指定的智能家居设备,要求设备开始服务并监听设备的状态,当状态改变时做出相应的处理动作,同时智能家居设备在执行命令完成后会反馈相关信息给管控系统。4. The smart home management and control system uses the UPnP protocol to complete device discovery and control. As a general UPnP control point, UPnP has a standard protocol for automatic discovery and control, which can realize zero configuration for smart home devices. When a smart home device is added to the network, the UPnP discovery protocol can allow it to multicast to the smart home management and control system to announce that the device is online and describe its functions. At the same time, the smart home management and control system will monitor the fixed address and port of the device sending messages. In this way, the devices with relevant virtual capabilities required in the network can be found, and the detailed information of the devices and their related virtual capabilities can be obtained through the device description files provided by the devices, and the information can be recorded through the smart home resource information module. Afterwards, when the device user has obtained the authorization to use the smart home device through verification, the smart home management and control system uses the public key of the device on the blockchain to perform signature verification, and then selects the operation to be performed according to the description of the device and obtains the details of the device. The service provided, transmits the control behavior request to the specified smart home device, requires the device to start the service and monitor the status of the device, and take corresponding processing actions when the status changes. At the same time, the smart home device will feedback relevant information to the smart home device after executing the command. control system.
5、所述智能家居设备是根据UPnP标准来进行生产得到的硬件设备,可以将其看作一个与服务相关联且包含常规设备的“容器”,其中包括了一系列子设备以及各种服务。通常会将设备及虚拟能力的详细信息记录到XML设备描述文件中,这些设备描述文件一般是由厂商进行处理,包含设备相关的一些属性,如图15所示,例如设备名、设备商(OEM)或者方案商(ODM)、设备的通用唯一识别码(Universally Unique Identifier,UUID)即、设备类型即型号(modeName)、服务列表(serviceList)等。其中,服务列表中可记录服务类型(serviceType)、服务ID(serviceId)、服务描述的统一资源定位标志(Service ControlProtocol Document-Uniform Resource Locator,SCPDURL)、服务控制的URL(controlURL)等。5. The smart home device is a hardware device produced according to the UPnP standard, which can be regarded as a "container" associated with services and containing conventional devices, including a series of sub-devices and various services. Usually, the detailed information of devices and virtual capabilities is recorded in XML device description files. These device description files are generally processed by manufacturers and contain some attributes related to devices, as shown in Figure 15, such as device name, device vendor (OEM ) or the solution provider (ODM), the Universal Unique Identifier (UUID) of the device, the device type or model (modeName), service list (serviceList), etc. Wherein, the service list may record the service type (serviceType), service ID (serviceId), service description Uniform Resource Locator (Service Control Protocol Document-Uniform Resource Locator, SCPDURL), service control URL (controlURL), etc.
智能家居管控系统获取到设备和服务相关的详细描述信息后,可以调用相应的服务动作,从而实现对智能家居设备的控制和操作。通过这种方式使得家庭或者公司网络内设备间可以无缝连接,并简化了其网络实现。举例来说,当我们接收到电话视频会议时,智能家居管控系统可以帮助我们将同事的视频画面从狭小的手机界面切换到电视屏幕上进行显示,实现了更好的交互体验。用户传递请求获取相应的虚拟能力,流程如图16所示。其中,虚拟能力资源池中可包括显示、网络通信、麦克风、扬声器、中央处理器(centralprocessing unit,CPU)、全球定位系统(Global Positioning System,GPS)等能力资源。After the smart home management and control system obtains detailed description information related to devices and services, it can call corresponding service actions to realize the control and operation of smart home devices. In this way, devices in a home or company network can be seamlessly connected, and network implementation thereof is simplified. For example, when we receive a video conference call, the smart home management and control system can help us switch the video screen of our colleagues from the small mobile phone interface to the TV screen for display, achieving a better interactive experience. The user transmits a request to obtain the corresponding virtual capability, and the process is shown in Figure 16. Wherein, the virtual capability resource pool may include capability resources such as display, network communication, microphone, speaker, central processing unit (central processing unit, CPU), and global positioning system (Global Positioning System, GPS).
6、所述智能家居设备能力开放共享的方法可以避免“拒绝服务”攻击,这种攻击由第三方黑客向系统进行在线宣告,引导系统去请求下载服务内容,从而占据大量的系统资源,导致整个系统的服务速度减缓乃至停止。该方法在UPnP设备的自动发现和控制过程中引入了区块链以及智能合约策略,同时对于设备信息会进行加密签名处理,只有在对设备验证确认后,才能上链,一定程度上杜绝了恶意设备的侵入。并且只有在授权准许后,设备使用方才能对UPnP设备进行操作,设备的安全性和可靠性得到了极大程度的提升。6. The method of opening and sharing the capabilities of smart home devices can avoid "denial of service" attacks. This attack is announced online to the system by a third-party hacker and guides the system to request to download service content, thereby occupying a large amount of system resources and causing the entire system to The service speed of the system slows down or even stops. This method introduces blockchain and smart contract strategies in the process of automatic discovery and control of UPnP devices. At the same time, the device information will be encrypted and signed. Only after the device is verified and confirmed, can it be uploaded to the chain, which to a certain extent eliminates malicious Device intrusion. And only after the authorization is granted, the device user can operate the UPnP device, and the security and reliability of the device have been greatly improved.
本发明实施例还提供一种电子设备,所述电子设备包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,处理器运行所述计算机程序时,执行前述一个或多个技术方案所述方法的步骤。An embodiment of the present invention also provides an electronic device, which includes: a processor and a memory for storing a computer program that can run on the processor. When the processor runs the computer program, it executes one or more of the aforementioned The steps of the method described in the technical solution.
本发明实施例还提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可执行指令,计算机可执行指令被处理器执行后,能够实现前述一个或多个技术方案所述方法。An embodiment of the present invention also provides a computer-readable storage medium, the computer-readable storage medium stores computer-executable instructions, and after the computer-executable instructions are executed by a processor, the methods described in one or more of the foregoing technical solutions can be implemented .
本实施例提供的计算机存储介质可为非瞬间存储介质。The computer storage medium provided in this embodiment may be a non-transitory storage medium.
在本申请所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods may be implemented in other ways. The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods, such as: multiple units or components can be combined, or May be integrated into another system, or some features may be ignored, or not implemented. In addition, the coupling, or direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be electrical, mechanical or other forms of.
上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元,即可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or distributed to multiple network units; Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各实施例中的各功能单元可以全部集成在一个处理模块中,也可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention can be integrated into one processing module, or each unit can be used as a single unit, or two or more units can be integrated into one unit; the above-mentioned integration The unit can be realized in the form of hardware or in the form of hardware plus software functional unit.
在一些情况下,上述任一两个技术特征不冲突的情况下,可以组合成新的方法技术方案。In some cases, if any two of the above technical features do not conflict, they can be combined into a new method and technical solution.
在一些情况下,上述任一两个技术特征不冲突的情况下,可以组合成新的设备技术方案。In some cases, if any two of the above-mentioned technical features do not conflict, they can be combined into a new equipment technical solution.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned method embodiments can be completed by hardware related to program instructions, and the aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the Including the steps of the foregoing method embodiments; and the aforementioned storage medium includes: various storage devices, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk A medium on which program code can be stored.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.
Claims (11)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110806362.XA CN115622723A (en) | 2021-07-16 | 2021-07-16 | Device access control method and device, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110806362.XA CN115622723A (en) | 2021-07-16 | 2021-07-16 | Device access control method and device, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115622723A true CN115622723A (en) | 2023-01-17 |
Family
ID=84855584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110806362.XA Pending CN115622723A (en) | 2021-07-16 | 2021-07-16 | Device access control method and device, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115622723A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116645023A (en) * | 2023-07-21 | 2023-08-25 | 中海油信息科技有限公司 | Real-time index control process transportation system and method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102378177A (en) * | 2011-11-28 | 2012-03-14 | 中兴通讯股份有限公司 | Method and system for combining Internet of things capability with terminal |
| CN105207863A (en) * | 2015-08-31 | 2015-12-30 | 青岛海尔智能家电科技有限公司 | Method for controlling heterogeneous intelligent home electric appliances, cloud platform and home gateway |
| WO2018112946A1 (en) * | 2016-12-23 | 2018-06-28 | 深圳前海达闼云端智能科技有限公司 | Registration and authorization method, device and system |
| CN108462618A (en) * | 2017-02-22 | 2018-08-28 | 中兴通讯股份有限公司 | Cloud Server and smart home device method for managing system |
| CN109525537A (en) * | 2017-09-19 | 2019-03-26 | 中兴通讯股份有限公司 | A kind of control method and device accessing smart home system |
| CN111131211A (en) * | 2019-12-17 | 2020-05-08 | 杭州甘道智能科技有限公司 | Anti-tampering method for sharing washing machine safety |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN112565453A (en) * | 2020-12-22 | 2021-03-26 | 内蒙古大学 | Block chain access control strategy model and strategy protection scheme under Internet of things |
-
2021
- 2021-07-16 CN CN202110806362.XA patent/CN115622723A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102378177A (en) * | 2011-11-28 | 2012-03-14 | 中兴通讯股份有限公司 | Method and system for combining Internet of things capability with terminal |
| CN105207863A (en) * | 2015-08-31 | 2015-12-30 | 青岛海尔智能家电科技有限公司 | Method for controlling heterogeneous intelligent home electric appliances, cloud platform and home gateway |
| WO2018112946A1 (en) * | 2016-12-23 | 2018-06-28 | 深圳前海达闼云端智能科技有限公司 | Registration and authorization method, device and system |
| CN108462618A (en) * | 2017-02-22 | 2018-08-28 | 中兴通讯股份有限公司 | Cloud Server and smart home device method for managing system |
| CN109525537A (en) * | 2017-09-19 | 2019-03-26 | 中兴通讯股份有限公司 | A kind of control method and device accessing smart home system |
| CN111131211A (en) * | 2019-12-17 | 2020-05-08 | 杭州甘道智能科技有限公司 | Anti-tampering method for sharing washing machine safety |
| CN111800440A (en) * | 2020-09-08 | 2020-10-20 | 平安国际智慧城市科技股份有限公司 | Multi-policy access control login method and device, computer equipment and storage medium |
| CN112565453A (en) * | 2020-12-22 | 2021-03-26 | 内蒙古大学 | Block chain access control strategy model and strategy protection scheme under Internet of things |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116645023A (en) * | 2023-07-21 | 2023-08-25 | 中海油信息科技有限公司 | Real-time index control process transportation system and method |
| CN116645023B (en) * | 2023-07-21 | 2024-03-01 | 中海油信息科技有限公司 | Real-time index control process transportation system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11637834B2 (en) | Dynamic passcodes in association with a wireless access point | |
| JP6494149B2 (en) | Authorization processing method and device | |
| US9763094B2 (en) | Methods, devices and systems for dynamic network access administration | |
| CN111742531B (en) | Profile information sharing | |
| US8396220B2 (en) | System and method of mobile content sharing and delivery in an integrated network environment | |
| CN110506413B (en) | System and method for network device security and trust score determination | |
| US8037519B2 (en) | Apparatus and method for managing access to one or more network resources | |
| WO2017059290A1 (en) | Peer-to-peer syncable storage system | |
| US20100030346A1 (en) | Control system and control method for controlling controllable device such as peripheral device, and computer program for control | |
| EP3447996A1 (en) | Resource subscription method, resource subscription device, and resource subscription system | |
| CN110519306A (en) | A kind of the equipment access control method and device of Internet of Things | |
| US20080133723A1 (en) | Extended home service apparatus and method for providing extended home service on p2p networks | |
| JP6074497B2 (en) | Method and apparatus for media information access control and digital home multimedia system | |
| WO2023005525A1 (en) | Configuration method for device control privilege, apparatus, computer device, and storage medium | |
| WO2022067831A1 (en) | Method and apparatus for establishing secure communication | |
| CN104994158B (en) | Method for safely controlling household appliances through centralized gateway | |
| CN115622723A (en) | Device access control method and device, electronic device and storage medium | |
| CN114221959A (en) | Service sharing method, apparatus and system | |
| CN105743922A (en) | Method, device and system for inter-domain communication | |
| US20230107045A1 (en) | Method and system for self-onboarding of iot devices | |
| CN116437331A (en) | Non-inductive distribution network method, non-inductive distribution network system, equipment and medium | |
| WO2023005649A1 (en) | Device control permission setting method and apparatus, and computer device and storage medium | |
| CN115834129B (en) | A license authentication method and computer equipment | |
| CN119094179A (en) | Cloud service authentication method, device, equipment and storage medium | |
| WO2023202412A1 (en) | Communication method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |