CN115486033A - Equipment access method and device in Internet of things, computer equipment and storage medium - Google Patents

Equipment access method and device in Internet of things, computer equipment and storage medium Download PDF

Info

Publication number
CN115486033A
CN115486033A CN202080100570.1A CN202080100570A CN115486033A CN 115486033 A CN115486033 A CN 115486033A CN 202080100570 A CN202080100570 A CN 202080100570A CN 115486033 A CN115486033 A CN 115486033A
Authority
CN
China
Prior art keywords
server
access token
access
account
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202080100570.1A
Other languages
Chinese (zh)
Other versions
CN115486033B (en
Inventor
张军
茹昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN115486033A publication Critical patent/CN115486033A/en
Application granted granted Critical
Publication of CN115486033B publication Critical patent/CN115486033B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a device access method and device in the Internet of things, computer equipment and a storage medium, and belongs to the technical field of the Internet of things. The method comprises the following steps: the method comprises the steps that a cloud platform receives a registration request sent by a configuration device based on an access token of a user account, and when the account server verifies that the access token is successful, a second user identification corresponding to a first user identification is distributed; receiving an access request sent by server-side equipment, wherein the access request comprises an access token; and when the access token is verified again successfully, the equipment identifier of the server equipment is bound with the second user identifier.

Description

Equipment access method and device in Internet of things, computer equipment and storage medium Technical Field
The present application relates to the field of internet of things, and in particular, to a device access method and apparatus in the internet of things, a computer device, and a storage medium.
Background
In the Internet of Things (Internet of Things, IOT), to remotely control the functional operation of the server device through the client device, the server device needs to be accessed to the cloud platform in advance.
In the related art, in order to ensure the security of the access process, the cloud platform performs an authentication operation in the access process of the server device, and the access authentication process is as follows: the method comprises the steps that a configuration device initiates first registration to a cloud platform, the cloud platform distributes a first access token and returns the first access token to the configuration device, the configuration device initiates second registration to the cloud platform based on the first access token, the cloud platform distributes a second access token and returns the second access token to the configuration device after verifying that the first access token is successful, the configuration device configures the second access token to a server device to be accessed, the server device requests to access the cloud platform based on the second access token, the cloud platform distributes a new third access token to the server device after verifying that the first access token is successful, and the third access token is bound with a device identifier of the server device, so that the access process of the server device is completed.
However, in the above scheme, the cloud platform needs to perform multiple operations of allocating the access token for the configuration device and the server device, and accordingly, the configuration device also needs to request the access token for the server device from the cloud platform, and the allocation and acquisition processes of the access token consume a certain processing time, which affects the efficiency of accessing the server device to the cloud platform.
Disclosure of Invention
The embodiment of the application provides a device access method and device in the Internet of things, computer equipment and a storage medium. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides a device access method in an internet of things, where the method is performed by a cloud platform, and the method includes:
receiving a registration request sent by a configuration device based on an access token of a user account, wherein the user account is an account logged in the configuration device, and the access token is acquired by the configuration device from an account server;
when the account server is successfully verified to access the token, distributing a second user identification corresponding to the first user identification; the first user identification is allocated to the user account by the account server;
receiving an access request sent by a server-side device, wherein the access request comprises the access token and a device identifier of the server-side device; the access request is triggered by the configuration equipment through updating an access configuration resource containing the access token for the server-side equipment;
and when the access token is verified again successfully, binding the equipment identifier of the server equipment with the second user identifier.
In one aspect, an embodiment of the present application provides a device access method in an internet of things, where the method is performed by a configuration device, and the method includes:
acquiring an access token of a user account from an account server; the user account is an account logged in the configuration equipment;
sending a registration request to a cloud platform based on the access token, wherein the registration request is used for triggering the cloud platform to distribute a second user identifier corresponding to the first user identifier when the cloud platform successfully verifies the access token to the account server; the first user identification is distributed to the user account by the account server;
and updating the access configuration resource containing the access token for the server-side equipment to trigger the server-side equipment to send an access request containing the access token and the equipment identifier of the server-side equipment to the cloud platform, wherein the access request is used for binding the equipment identifier of the server-side equipment with the second user identifier when the cloud platform verifies the access token again successfully.
On the other hand, the embodiment of the application provides a device for accessing equipment in the internet of things, the device is used in a cloud platform, and the device comprises:
a registration request receiving module, configured to receive a registration request sent by a configuration device based on an access token of a user account, where the user account is an account logged in the configuration device, and the access token is obtained by the configuration device from an account server;
the identification distribution module is used for distributing a second user identification corresponding to the first user identification when the account server successfully verifies the access token; the first user identification is allocated to the user account by the account server;
an access request receiving module, configured to receive an access request sent by a server device, where the access request includes the access token and a device identifier of the server device; the access request is triggered by the configuration equipment through updating the access configuration resource containing the access token for the server-side equipment;
and the binding module is used for binding the equipment identifier of the server equipment with the second user identifier when the access token is verified again successfully.
On the other hand, an embodiment of the present application provides an apparatus for accessing a device in an internet of things, where the apparatus is used in configuring a device, and the apparatus includes:
the access token acquisition module is used for acquiring an access token of the user account from the account server; the user account is an account logged in the configuration equipment;
the registration module is used for sending a registration request to a cloud platform based on the access token, wherein the registration request is used for triggering the cloud platform to distribute a second user identifier corresponding to the first user identifier when the access token is successfully verified to the account server; the first user identification is allocated to the user account by the account server;
and the access resource configuration module is used for updating the access configuration resource containing the access token for the server-side equipment so as to trigger the server-side equipment to send an access request containing the access token and the equipment identifier of the server-side equipment to the cloud platform, wherein the access request is used for binding the equipment identifier of the server-side equipment with the second user identifier when the cloud platform verifies that the access token is successful again.
In another aspect, an embodiment of the present application provides a computer device, where the computer device includes a processor, a memory, and a transceiver, where the memory stores a computer program, and the computer program is used for being executed by the processor to implement the device access method in the internet of things.
In another aspect, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is loaded and executed by a processor to implement the device access method in the internet of things.
In another aspect, a computer program product or computer program is provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the computer device performs the device access in the internet of things.
The technical scheme provided by the embodiment of the application can bring the following beneficial effects:
the method comprises the steps that a configuration device obtains an access token of a currently logged-in user account from an account server, in the subsequent process, the configuration device and a server device respectively initiate registration and access to a cloud platform through the access token, and after the cloud platform verifies the access token successfully from the account server, a user identifier can be distributed to a user corresponding to the server device, and the server device and the distributed user identifier are bound to achieve access of the server device; in the process, the cloud platform authenticates the access token distributed by the account server for the user account logged in the configuration device, and does not need to respectively generate the access token for the configuration device and the server device, so that the distribution and acquisition processes of the access token are reduced, the time consumed in the access process is shortened, and the access efficiency of the server device is improved under the condition of ensuring the safety of the access process.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a network architecture of an internet of things provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of a remote control according to the embodiment of FIG. 1;
fig. 3 is a flowchart of a device access method in the internet of things according to an embodiment of the present application;
fig. 4 is a flowchart of a device access method in the internet of things according to an embodiment of the present application;
fig. 5 is a flowchart of a device access method in the internet of things according to an embodiment of the present application;
fig. 6 is a flowchart of a device access method in the internet of things according to the embodiment shown in fig. 5;
fig. 7 is a flowchart of another method for accessing a device in the internet of things according to the embodiment shown in fig. 5;
fig. 8 is a flowchart of another method for accessing a device in the internet of things according to the embodiment shown in fig. 5;
fig. 9 is a block diagram of a device access apparatus in the internet of things according to an embodiment of the present application;
fig. 10 is a block diagram of a device access apparatus in the internet of things according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not constitute a limitation to the technical solution provided in the embodiment of the present application, and it can be known by a person skilled in the art that the technical solution provided in the embodiment of the present application is also applicable to similar technical problems along with the evolution of the network architecture and the appearance of a new service scenario.
Referring to fig. 1, a schematic diagram of a network architecture of the internet of things provided in an embodiment of the present application is shown. The network architecture of the internet of things may include: the server device 110, the configuration device 120, the cloud platform 130 and the account server 140;
the server device 110 may be a device for providing internet of things function services.
For example, the server device 110 may be a smart home device, such as a smart television, a smart air conditioner, a smart refrigerator, a smart microwave oven, a smart electric cooker, a sweeping robot, and the like.
Alternatively, the server device 110 may be an industrial production device, such as a lathe, an industrial robot, a solar panel, a wind turbine, and the like.
Alternatively, the server device 110 may be a commercial service device, such as a vending machine or the like.
Alternatively, the server device 110 may be an intelligent monitoring device, such as a monitoring camera, an infrared sensor, a sound sensor, a temperature sensor, and so on.
The configuration device 120 is a device that assists the server device 110 in accessing the cloud platform 130. For example, the configuration device 120 is a computer device with a configurator built in, e.g., a smart phone, a tablet computer, a smart watch, a personal computer, such as a desktop computer, a portable computer, a personal workstation, and so on.
The configurator is a tool for providing configuration information of the access cloud platform for the server-side equipment.
In one possible implementation, the configurator is configuration software installed in the configuration device 120, such as a third party Application (APP).
The cloud platform 130 is a cloud service platform deployed on the network side. For example, the cloud platform 130 may be a cloud service platform implemented based on a single server or multiple servers.
The account server 140 is a cloud server that provides account management and authentication services.
The account server 140 is a server corresponding to the cloud platform 130, or the account server 140 is a server providing a third party account service outside the cloud platform 130.
The server device 110 is connected with the configuration device 120 through a wired or wireless network, and the server device 110 is connected with the account server 140 through a wired or wireless network; the cloud platform 130 is connected to the server device 110, the configuration device 120 and the account server 140 through a wired or wireless network.
Optionally, the wired or wireless network described above uses standard communication techniques and/or protocols. For example, the wired or wireless network may be an internet of things IoT protocol based communication network.
In this embodiment of the application, the server device 110, the configuration device 120, and the cloud platform 130 may be internet of things devices that meet an industry specification, for example, internet of things devices that meet an Open Connectivity Foundation (OCF) specification.
The OCF is a new technical standard organization of an application layer of the Internet of things, the OCF establishes a RESTful (design style and development mode of a network application program) service framework for realizing interconnection and intercommunication among the Internet of things devices, in the OCF service framework, the Internet of things devices, information such as functional services of the devices, states of the devices and the like are described through a device resource model, the Internet of things terminal device providing resources is an OCF service end (namely, the service end device), and the control terminal accessing the resources is an OCF client (namely, the client device).
For example, the control terminal that acquires the indoor environment status data is a client device, the sensor device that monitors the indoor environment status data is a server device, and the service interaction between the client device and the server device is implemented by creating, reading, updating, deleting, or notifying resource operation methods of the resources.
In an internet of things system, remote access of a client device to a server device is generally mediated and controlled through a cloud platform. Please refer to fig. 2, which illustrates a schematic diagram of a remote control according to an embodiment of the present application. As shown in fig. 2, the client device 210 sends a request to the server device 230 through the cloud platform 220, operates the resource on the server device 230, the server device 230 executes the resource operation, and returns a response to the client device 210 through the cloud platform 220, where the response carries the representation of the resource.
For example, in fig. 2, the service has an ambient temperature Resource, a Uniform Resource Identifier (URI) of the Resource is/environmental temperature, a Resource type is oic.r.temperature, and the request indicates that the Resource operation request is UPDATE operation UPDATE. The request and response between the client and the server carry the representation of the resource, and the representation of the resource comprises various attribute information of the resource. For example, taking fig. 2 as an example, the information of the resource update request is:
UPDATE/environmentTemperature
{
“targetTemperature":25,
}
in the resource expression of the request, the targetTemperature indicates a target temperature attribute of the temperature resource, and indicates that the temperature is requested to be adjusted to 25 degrees.
Correspondingly, the expression of the resource in the update resource response returned by the server-side device is as follows:
Figure PCTCN2020101162-APPB-000001
wherein currentTemperature represents a current temperature attribute of the temperature resource, and tempturerange represents a temperature range attribute of the temperature resource.
In an internet of things system, remote access of a client device to a server device is usually mediated and controlled through a cloud platform. Before remote access is realized, the server-side equipment needs to be accessed to the cloud platform. Referring to fig. 3, a flowchart of a device access method in the internet of things according to an embodiment of the present application is shown, where the method may be performed by a cloud platform, where the cloud platform may be the cloud platform 130 in the network architecture shown in fig. 1. The method may include the steps of:
step 301, receiving a registration request sent by a configuration device based on an access token of a user account, where the user account is an account logged in the configuration device, and the access token is obtained by the configuration device from an account server.
The registration request carries an access token of the user account, which is acquired by the configuration device from the account server.
The access token of the user account is an access token distributed by the account server for the user account.
Step 302, when the access token is successfully verified to the account server, allocating a second user identifier corresponding to the first user identifier; the first user identifier is assigned to the user account by the account server.
In the embodiment of the application, since the access token is allocated by the account server, the cloud platform initiates verification to the account server when verifying the access token.
In the embodiment of the application, after receiving the registration request, the cloud platform initiates verification for an access token carried in the registration request to an account server, and after successfully verifying the access token to the account server, the cloud platform allocates a second user identifier to a user of the server device to be accessed based on the first user identifier, and correspondingly stores the second user identifier and the first user identifier.
Step 303, receiving an access request sent by a server device, where the access request includes the access token and a device identifier of the server device; the access request is triggered by the configuration device by updating the access configuration resource containing the access token for the server device.
In this embodiment of the application, after the configuration device sends the registration request, the access configuration resource including the access token is also updated for the server device, and after the server device obtains the updated access configuration resource, the server device may initiate an access request to the cloud platform, where the access request includes the access token and a device identifier of the server device.
And step 304, when the access token is verified again successfully, binding the device identifier of the server device with the second user identifier.
In the embodiment of the application, after receiving the access request, the cloud platform verifies the access token carried in the access request again, and after the access token is verified again successfully, the device identifier of the server device is bound with the second user identifier, so that the access process of the server device is completed.
To sum up, according to the scheme shown in the embodiment of the present application, the configuration device obtains an access token of a currently logged-in user account from an account server, in a subsequent process, the configuration device and the server device initiate registration and access to the cloud platform through the access token, and after the cloud platform verifies that the access token is successful from the account server, the cloud platform can allocate a user identifier to a user corresponding to the server device and bind the server device with the allocated user identifier, so as to implement access of the server device; in the process, the cloud platform authenticates the access token distributed by the account server for the user account logged in the configuration device, and does not need to respectively generate the access token for the configuration device and the server device, so that the distribution and acquisition processes of the access token are reduced, the time consumed in the access process is shortened, and the access efficiency of the server device is improved under the condition of ensuring the safety of the access process.
Referring to fig. 4, a flowchart of a device access method in the internet of things provided by an embodiment of the present application is shown, where the method may be performed by a configuration device, where the configuration device may be the configuration device 120 in the network architecture shown in fig. 1. The method may include the steps of:
step 401, obtaining an access token of a user account from an account server; the user account is an account logged in the configuration device.
Step 402, sending a registration request to a cloud platform based on the access token, where the registration request is used to trigger the cloud platform to allocate a second user identifier corresponding to the first user identifier when the cloud platform successfully verifies the access token with the account server; the first user identifier is assigned to the user account by the account server.
Step 403, updating the access configuration resource including the access token for the server device, so as to trigger the server device to send an access request including the access token and the device identifier of the server device to the cloud platform, where the access request is used to trigger the cloud platform to bind the device identifier of the server device with the second user identifier when the cloud platform verifies that the access token is successful again.
To sum up, in the scheme shown in the embodiment of the application, the configuration device obtains an access token of a currently logged-in user account from the account server, in the subsequent process, the configuration device and the server device initiate registration and access to the cloud platform through the access token, and after the cloud platform verifies the access token successfully with the account server, the cloud platform can allocate a user identifier to a user corresponding to the server device and bind the server device with the allocated user identifier to realize access of the server device; in the process, the cloud platform authenticates the access token distributed by the account server for the user account logged in the configuration device, and does not need to respectively generate the access token for the configuration device and the server device, so that the distribution and acquisition processes of the access token are reduced, the time consumed in the access process is shortened, and the access efficiency of the server device is improved under the condition of ensuring the safety of the access process.
Referring to fig. 5, a flowchart of a device access method in the internet of things according to an embodiment of the present application is shown, where the method may be performed by a server device, a configuration device, a cloud platform, and an account server interactively, where the server device, the configuration device, the cloud platform, and the account server may be the server device 110, the configuration device 120, the cloud platform 130, and the account server 140 in the network architecture shown in fig. 1. The method may include the steps of:
step 501, a configuration device obtains an access token of a user account from an account server.
The user account is an account logged in the configuration device.
In a possible implementation manner, the configuration device obtains the access token from the account server when logging in the account server through the user account.
In another possible implementation manner, the configuration device obtains the access token from the account server when performing open authorization authentication through the user account.
For example, taking a smart phone whose configuration device is a user as an example, after the user uses the smart phone to download a configurator (APP) and starts, the user registers the user account with an account server, and logs in the newly registered user account on the configurator, or logs in a user account of an authorization provider of a third party on the configurator, and then the configurator requests the account server to allocate the access token, and the account server allocates the access token for the user account, and returns the allocated access token to the configurator.
In the embodiment of the application, after the account server allocates the access token for the user account logged in the configuration device, the access token is stored, so that the verification service of the access token is subsequently improved for the cloud platform.
In a possible implementation manner, the account server allocates a first user identifier to the user account in addition to allocating an access token to the user account, and stores the first user identifier corresponding to the access token.
In a possible implementation manner, the account server returns the first user identifier to the configuration device in addition to the access token, that is, the configuration device obtains the first user identifier from the account server.
Step 502, the configuration device sends a registration request to the cloud platform, and the cloud platform receives the registration request. Wherein, the registration request includes the access token.
The registration request is a request for registering a user identifier corresponding to the server device to be accessed to the cloud platform.
In a possible implementation manner, when the configuration device acquires the first user identifier from the account server, the registration request further includes the first user identifier. That is, the cloud platform receives a registration request that includes the first user identification and the access token.
In a possible implementation manner, when the account server is an account server of an authorization provider of a third party, the registration request further includes an identifier of the authorization provider of the third party.
Step 503, when the cloud platform verifies that the access token is successful, allocating a second user identifier corresponding to the first user identifier to the account server.
In the embodiment of the application, after receiving the registration request, the cloud platform initiates verification for an access token carried in the registration request to the account server, and after successfully verifying the access token to the account server, the cloud platform can allocate a second user identifier corresponding to the first user identifier.
In a possible implementation manner, the cloud platform allocates a second user identifier corresponding to the first user identifier according to a preset account allocation rule.
For example, in an exemplary scheme, the cloud platform generates the second user identifier according to the first user identifier and a timestamp of the registration request. For example, the second subscriber identity is a concatenation of the first subscriber identity and the timestamp. For another example, in an exemplary scheme, the cloud platform generates the second user identifier according to the first user identifier and the number of user identifiers already allocated in the cloud platform. For example, if the second user identifier is an nth user identifier allocated by the cloud platform, the second user identifier is a splicing result of the first user identifier and N. The method and the device for distributing the second user identifier on the cloud platform are not limited.
In a possible implementation manner, when the registration request includes a first user identifier, the cloud platform extracts the first user identifier from the registration request, and when the access token is successfully verified to the account server, allocates a second user identifier corresponding to the first user identifier.
In another possible implementation manner, when the registration request does not include the first user identifier, the cloud platform requests the account server for the first user identifier according to the access token.
For example, the cloud platform sends a first authentication request to the account server, where the first authentication request includes the access token; when receiving a valid indication returned by the account server, determining that the verification of the access token to the account server is successful, and receiving the first user identifier sent by the account server after the verification of the validity of the access token; wherein the valid indication indicates that the access token is valid.
In a possible implementation manner, the receiving of the first user identifier sent by the server after verifying that the access token is valid refers to extracting the first user identifier included in the valid indication.
In another possible implementation manner, when the registration request includes a first user identifier, the cloud platform sends a verification request including the first user identifier and the access token to the account server, after the account server receives the verification request, according to a pre-stored correspondence between the first user identifier and the access token, after the first user identifier is verified to be matched with the access token, a verification success response is returned to the cloud platform, and after the cloud platform receives the verification success response, it can be determined that the account server successfully verifies the access token.
Step 504, the cloud platform returns a registration success response to the configuration device, and the configuration device receives the registration success response.
In a possible implementation manner, when the cloud platform verifies that the access token is successful to the account server, the cloud platform sends the second user identifier to the configuration device; in response, the configuration device receives the second user identifier returned by the cloud platform.
Step 505, the configuration device updates the access configuration resource containing the access token for the server device, and the server device receives the updated access configuration resource.
In the embodiment of the present application, the configuration device updates access configuration resources for the server device, and may trigger the server device to send an access request to the cloud platform to request to access the cloud platform.
In a possible implementation manner, when the configuration device acquires the first user identifier from the account server, in this step, the configuration device updates the access configuration resource including the access token and the first user identifier for the server device, so as to trigger the server device to send an access request including the access token, the first user identifier, and the device identifier of the server device to the cloud platform.
In a possible implementation manner, when the configuration device receives the second user identifier returned by the cloud platform, in this step, the configuration device updates the access configuration resource including the access token and the second user identifier for the server device, so as to trigger the server device to send an access request including the access token, the second user identifier, and the device identifier of the server device to the cloud platform.
In a possible implementation manner, when the configuration device updates the access configuration resource containing the access token for the server device, generating derived data of the access token; and updating the access configuration resource containing the derived data of the access token for the server device.
In a possible implementation manner, when generating the derivative data of the access token, the configuration device performs an encryption process on the access token to obtain the derivative data of the access token.
In the embodiment of the application, when the configuration device configures the cloud platform of the server device to access the configuration resource, the access token of the user account is not directly provided, but derivative data of the access token of the user account is provided, for example, the configuration device performs encryption operation on the access token of the user account to obtain the encrypted access token of the user (for example, a Hash value of the access token is generated through a Hash algorithm), and the subsequent cloud platform can restore the access token of the user account corresponding to the derivative data and verify the access token (for example, restore the Hash value), so that it is avoided that the configuration device is falsely registered after an illegal server device takes the access token of the user account, and thus, the access security is further improved.
In this embodiment of the present application, the updating, for the server device, the access configuration resource including the access token includes:
updating access configuration resources containing the entry information of the cloud platform and the access token for the server-side equipment so as to trigger the server-side equipment to send the access request to the cloud platform based on the entry information;
the portal information includes at least one of an identification of the access platform and an address of the access platform.
In this embodiment, when the account server is an account server of an authorized provider of a third party, the access configuration resource further includes an identifier of the authorized provider.
Step 506, the server device sends an access request containing the access token and the device identifier of the server device to the cloud platform, and the cloud platform receives the access request.
In a possible implementation manner, when the configuration device updates the access configuration resource including the access token and the first user identifier for the server device, the server device sends an access request including the access token, the first user identifier, and the device identifier of the server device to the cloud platform.
In another possible implementation manner, when the configuration device updates the access configuration resource including the access token and the second user identifier for the server device, the server device sends an access request including the access token, the second user identifier, and a device identifier of the server device to the cloud platform.
In step 507, when the cloud platform verifies that the access token is successful again, the device identifier of the server device is bound with the second user identifier.
After receiving the access request, the cloud platform may perform re-verification on the access token carried in the access request.
In a possible implementation manner, the manner in which the cloud platform verifies the access token again is similar to the manner in which the access token is verified in step 503, and details are not described here again.
When the access request contains the second user identifier but does not contain the first user identifier, the cloud platform can query the first user identifier according to the second user identifier and send a verification request containing the first user identifier and the access token to the account server.
In another possible implementation manner, when the cloud platform verifies the access token again, the cloud platform locally queries a verification success record of the access token according to the access token, where the verification success record is stored after the access token is successfully verified to the account server last time; when the verification success record is inquired, determining that the access token is verified again to be successful; and when the verification success record is not inquired, initiating the verification of the access token to the account server.
In order to reduce the step of initiating authentication to the account server, in this embodiment of the application, after the cloud platform successfully authenticates an access token to the account server, a verification success record of the access token may be locally stored, and when subsequently initiating authentication to the access token again, first of all, whether the access token has the verification success record is locally queried, if the verification success record exists, it is indicated that the access token has been verified, and the access token successfully verified may be directly determined, and if the verification success record is not queried, verification needs to be further initiated to the account server, so that unnecessary interaction with the account server may be reduced, the access duration may be further reduced, the access efficiency may be improved, and network resources may be saved. This effect is more pronounced, particularly in the case where multiple server devices need to be accessed within a short period of time.
In one possible implementation manner, when the storage duration of the verification success record reaches a preset duration, the verification success record is deleted.
In the embodiment of the application, in order to avoid that the access token fails at the account server side and the verification success record indicates the validity of the access token incorrectly, after the cloud platform generates the verification success record, when the storage duration of the verification success record reaches the preset duration, the verification success record may be deleted, and when an access request including the access token is received subsequently, the verification is initiated to the account server again, so that an error in the verification process is avoided.
In a possible implementation manner, when the access request includes the first user identifier, the cloud platform queries the second user identifier according to the first user identifier; and binding the device identifier of the server device with the second user identifier inquired.
In a possible implementation manner, when the access request includes the first user identifier, the cloud platform further sends the second user identifier to the server device.
In a possible implementation manner, when the access request includes a second user identifier, the cloud platform extracts the second user identifier included in the access request; and binding the device identification of the server device with the extracted second user identification.
In a possible implementation manner, when the access token included in the access request is derived data of the access token, the cloud platform further restores the derived data of the access token to the access token before binding the device identifier of the server device with the second user identifier.
To sum up, in the scheme shown in the embodiment of the application, the configuration device obtains an access token of a currently logged-in user account from the account server, in the subsequent process, the configuration device and the server device initiate registration and access to the cloud platform through the access token, and after the cloud platform verifies the access token successfully with the account server, the cloud platform can allocate a user identifier to a user corresponding to the server device and bind the server device with the allocated user identifier to realize access of the server device; in the process, the cloud platform authenticates the access token distributed by the account server for the user account logged in the configuration device, and does not need to respectively generate the access token for the configuration device and the server device, so that the distribution and acquisition processes of the access token are reduced, the time consumed in the access process is shortened, and the access efficiency of the server device is improved under the condition of ensuring the safety of the access process.
In addition, according to the scheme shown in the embodiment of the application, the cloud platform binds the second user identifier with the device identifier of the server device to realize the access of the server device, and the second user identifier is not limited by time limit and does not need to be updated periodically, so that the subsequent steps of updating and releasing the information bound with the device identifier are reduced, and processing resources and network resources in the maintenance process of the binding relationship are saved.
In addition, according to the scheme shown in the embodiment of the application, after the cloud platform receives the access request, when the access token carried in the access request is verified, whether the verification success record of the access token exists locally is firstly inquired, if yes, the verification success of the access token is directly determined, otherwise, the verification is initiated to the account server, so that the access efficiency is improved, and network resources are saved.
Based on the above scheme in the embodiment shown in fig. 5, please refer to fig. 6, which shows a flowchart of a device access method in the internet of things related to the embodiment shown in fig. 5, and as shown in fig. 6, the method may include the following steps:
s61, configuring the device to log in the user account or perform open Authorization (oAuth), and obtaining the access token of the user account and the user identifier of the user account (i.e. the first user identifier) provided by the account server after success.
The user account access token is associated with the identity or authority information related to the user account, user identity and authority verification can be performed instead of a user name and a password, and if the access token of the user account has a validity period, the configuration equipment can update the token before the access token expires.
In the embodiment of the application, the user identifier of the user account uniquely corresponds to the user account, and in general, the user identifier is invisible to the user and is managed by the account server after being allocated for the user account.
S62, the configuration equipment requests to register to the cloud platform, and the registration request comprises an access token of the user account and a user identifier of the user account.
S63, the cloud platform verifies the access token of the user account to the account server.
And S64, after the verification is passed, the cloud platform allocates the user identification (namely the second user identification) of the cloud platform according to the user identification of the user account, and associates the user identification and the second user identification.
And S65, the cloud platform sends a registration success response to the configuration equipment.
And the message of the registration success response does not comprise the user identification of the cloud platform.
And S66, the configuration equipment updates access configuration resources of the server-side equipment and provides configuration information of accessing the cloud platform for the server-side equipment, wherein the configuration information comprises an access token of the user account and a user identifier of the user account.
An example of configuring a device updated access configuration resource is as follows:
UPDATE/oic/coapcloudconfURI
{
"at":"Aliz3DUe4vuNAlSblExfbGxmp",
"auid":"2ufd34tvc",
"cis":"coaps+tcp:https://example.com:443",
"sid":"987e6543-a21f-10d1-a112-421345746237",
"apn":"github"
}
among them, the above examples include the following:
at: an access token for the user account;
auid: a user identification of the user account;
cis is the access URI of the cloud platform;
sid, identification of a cloud platform;
apn: name of authorized provider (carried by the account server when it is the server of the authorized provider of the third party).
And S67, the server side equipment requests to update account resources of the cloud platform so as to register the equipment (namely send an access request), wherein the request message comprises the equipment identification of the server side, the access token of the user account and the user identification of the user account.
An example of the update request of the account resource sent by the server device to the cloud platform is as follows:
Figure PCTCN2020101162-APPB-000002
the examples above include the following:
di is the equipment identification of the server;
accesstocken, namely a user account access token;
auid: a user identifier of the user account;
apn: an authorized provider name (carried by the account server when it is a server of an authorized provider of a third party);
and S68, the cloud platform verifies the user account access token with the account server.
And S69, after the verification is passed, the cloud platform determines the user identifier of the cloud platform associated with the user identifier of the user account, and associates (i.e. binds) the device identifier of the server with the user identifier of the cloud platform.
S610, the cloud platform receives the account resource updating request of the server device and returns the user identification of the cloud platform to the server device.
In the scheme, after a configurator in the configuration equipment logs in a user account or an open authorization is successful, an account server returns an access token of the user account and a user identifier of the user account to the configurator, the configurator performs cloud platform registration to provide the access token of the user account and the user identifier of the user account, and the cloud platform distributes the user identifier of the cloud platform according to the user identifier of the user account. The configurator configures server-side equipment, provides an access token of a user account and a user identifier of the user account for the server-side equipment, the server-side equipment registers to the cloud platform, provides the equipment identifier, the access token of the user account and the user identifier of the user account for the cloud platform, determines the user identifier of the cloud platform through the user identifier of the user account after the cloud platform verifies the access token of the user account, associates the equipment identifier of the server-side equipment with the user identifier of the cloud platform, and returns the user identifier of the cloud platform to the server-side equipment.
Based on the above scheme in the embodiment shown in fig. 5, please refer to fig. 7, which shows a flowchart of another method for accessing a device in the internet of things according to the embodiment shown in fig. 5, and as shown in fig. 7, the method may include the following steps:
s71 to S74 are the same as S61 to S64 described above.
S75, the cloud platform sends a registration success message to the configuration equipment, wherein the registration success message comprises the user identification of the cloud platform.
And S76, updating the access configuration resources of the server side equipment by the configuration equipment, and providing configuration information for accessing the cloud platform for the server side equipment, wherein the configuration information comprises an access token of a user account and a user identifier of the cloud platform.
Examples of configurator updated access configuration resources are as follows:
UPDATE/oic/coapcloudconfURI
{
"at":"Aliz3DUe4vuNAlSblExfbGxmp",
"uid":"1erfs8837kd",
"cis":"coaps+tcp:https://example.com:443",
"sid":"987e6543-a21f-10d1-a112-421345746237",
"apn":"github"
}
the examples above include the following:
at: a user account access token;
and (3) uid: a user identification of the cloud platform;
cis, accessing the cloud platform to the URI;
sid, identification of a cloud platform;
apn: the authorized provider name.
And S77, the server side equipment requests to update the account resources of the cloud platform so as to register the equipment, wherein the equipment comprises the equipment identification of the server side, the access token of the user account and the user identification of the cloud platform.
An example of the update request of the account resources sent to the cloud platform by the server is as follows:
Figure PCTCN2020101162-APPB-000003
the examples above include the following:
di is the equipment identification of the server;
the accesstocken is an access token of the user account;
and (ii) uid: a user identification of the cloud platform;
apn: the provider name is authorized.
And S78, the cloud platform verifies the user account access token with the account server.
And S79, after the verification is passed, the cloud platform associates the equipment identifier of the server equipment with the user identifier of the cloud platform.
And S710, the cloud platform receives an account resource updating request of the server equipment.
Since the configuration device already provides the user identifier of the cloud platform to the server device in step S76, the cloud platform may not need to return the user identifier of the cloud platform to the server device here.
In the scheme, after a configurator in the configuration equipment logs in a user account or an open authorization is successful, an account server returns an access token of the user account and a user identifier of the user account to the configurator, the configurator performs cloud platform registration to provide the access token of the user account and the user identifier of the user account, and the cloud platform allocates the user identifier of the cloud platform according to the user identifier of the user account and provides the user identifier of the cloud platform to the configurator. The configurator configures server-side equipment, provides an access token of a user account and a user identifier of a cloud platform for the server-side equipment, the server-side equipment registers to the cloud platform, provides the equipment identifier, the access token of the user account and the user identifier of the cloud platform for the cloud platform, and associates the equipment identifier of the server-side with the user identifier of the cloud platform after the cloud platform verifies the access token of the user account.
Based on the above scheme in the embodiment shown in fig. 5, please refer to fig. 8, which shows a flowchart of another method for accessing a device in the internet of things according to the embodiment shown in fig. 5, and as shown in fig. 8, the method may include the following steps:
and S81, configuring equipment to log in the user account or perform open authorization, and obtaining an access token of the user account provided by the account server after the equipment successfully logs in the user account or performs open authorization.
S82, the configuration equipment requests to register to the cloud platform, and the access token of the user account is provided in the registration message.
S83, the cloud platform requests the account server to acquire the user identification of the user account, and the cloud platform provides the access token of the user account to acquire the user identification of the corresponding user account.
S84, the account server verifies the validity of the user account access token, and after the user account access token is verified to be valid, the account server returns the user identification of the corresponding user account to the cloud platform.
And S85, the cloud platform allocates the user identification of the cloud platform according to the user identification of the user account, and associates the user identification with the user identification of the user account.
And S86, the cloud platform sends a registration success message to the configuration equipment.
If the user identifier of the cloud platform is not included in step S86, the subsequent flow is the same as steps S66 to S610 in fig. 6.
If the user identifier of the cloud platform is included in step S86, the subsequent flow is the same as steps S76 to S710 in fig. 7.
In the above scheme, after a configurator in the configuration device logs in a user account or an open authorization is successful, an account server returns an access token of the user account to the configurator, the configurator performs cloud platform registration to provide the access token of the user account, the cloud platform requests to acquire a user identifier of the user account from the account server according to the access token of the user account, the cloud platform allocates the user identifier of the cloud platform according to the user identifier of the user account, a subsequent scheme is similar to the scheme in fig. 6 or fig. 7, and details are not repeated here.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Referring to fig. 9, a block diagram of a device access apparatus in the internet of things according to an embodiment of the present application is shown. The device has the function of realizing the steps executed by the cloud platform in the equipment access method in the Internet of things. As shown in fig. 9, the apparatus may include:
a registration request receiving module 901, configured to receive a registration request sent by a configuration device based on an access token of a user account, where the user account is an account logged in the configuration device, and the access token is obtained by the configuration device from an account server;
an identifier assigning module 902, configured to assign a second user identifier corresponding to the first user identifier when the account server verifies that the access token is successful; the first user identification is allocated to the user account by the account server;
an access request receiving module 903, configured to receive an access request sent by a server device, where the access request includes the access token and a device identifier of the server device; the access request is triggered by the configuration equipment through updating the access configuration resource containing the access token for the server-side equipment;
a binding module 904, configured to bind the device identifier of the server device with the second user identifier when the access token is verified again successfully.
In one possible implementation, the apparatus further includes:
a verification request sending module, configured to send a first verification request to the account server before the identifier allocation module allocates a second user identifier corresponding to the first user identifier when the identifier allocation module successfully verifies the access token to the account server, where the first verification request includes the access token;
the first access success determining module is used for determining that the account server is successfully verified by the access token when a valid indication returned by the account server is received; the validity indication is used to indicate that the access token is valid.
In one possible implementation, the apparatus further includes:
and the first identifier receiving module is used for receiving the first user identifier sent by the account server after the account server verifies that the access token is valid before the identifier distributing module distributes the second user identifier corresponding to the first user identifier.
In a possible implementation manner, the registration request receiving module is configured to receive the registration request that includes the first user identifier and the access token;
the device further comprises:
a first identifier extracting module, configured to extract the first subscriber identifier from the registration request before the identifier allocating module allocates a second subscriber identifier corresponding to the first subscriber identifier.
In a possible implementation manner, the access request further includes the first subscriber identity;
the binding module is used for binding the data of the data source,
inquiring the second user identification according to the first user identification;
and binding the equipment identifier of the server-side equipment with the inquired second user identifier.
In one possible implementation, the apparatus further includes:
and the first identifier sending module is used for sending the second user identifier to the server-side equipment.
In one possible implementation, the apparatus further includes:
a second identifier sending module, configured to send the second user identifier to the configuration device when the account server verifies that the access token is successful before the access request receiving module receives the access request sent by the server device;
the binding module is used for binding the data of the data,
extracting the second user identification contained in the access request;
and binding the equipment identifier of the server equipment with the extracted second user identifier.
In a possible implementation manner, the access token included in the access request is derivative data of the access token;
the device further comprises:
and the restoring module is used for restoring the derived data of the access token into the access token before the device identifier of the server device is bound with the second user identifier when the binding module verifies the access token again successfully.
In one possible implementation, the apparatus further includes:
the record query module is used for locally querying a verification success record of the access token according to the access token before the device identifier of the server device is bound with the second user identifier when the binding module verifies the access token again successfully, wherein the verification success record is stored after the account server verifies the access token successfully last time;
and the second access success determining module is used for determining that the access token is successfully verified again when the verification success record is inquired.
In one possible implementation, the apparatus further includes:
and the record deleting module is used for deleting the verification success record when the storage duration of the verification success record reaches a preset duration.
To sum up, in the scheme shown in the embodiment of the application, the configuration device obtains an access token of a currently logged-in user account from the account server, in the subsequent process, the configuration device and the server device initiate registration and access to the cloud platform through the access token, and after the cloud platform verifies the access token successfully with the account server, the cloud platform can allocate a user identifier to a user corresponding to the server device and bind the server device with the allocated user identifier to realize access of the server device; in the process, the cloud platform authenticates the access token distributed by the account server for the user account logged in the configuration device, and does not need to respectively generate the access token for the configuration device and the server device, so that the distribution and acquisition processes of the access token are reduced, the time consumed in the access process is shortened, and the access efficiency of the server device is improved under the condition of ensuring the safety of the access process.
Referring to fig. 10, a block diagram of a device access apparatus in the internet of things according to an embodiment of the present application is shown. The device has the function of realizing the steps executed by the configuration equipment in the equipment access method in the Internet of things. As shown in fig. 10, the apparatus may include:
an access token obtaining module 1001, configured to obtain an access token of a user account from an account server; the user account is an account logged in the configuration equipment;
a registration module 1002, configured to send a registration request to a cloud platform based on the access token, where the registration request is used to trigger the cloud platform to allocate a second user identifier corresponding to the first user identifier when the cloud platform successfully verifies the access token with the account server; the first user identification is allocated to the user account by the account server;
an access resource configuration module 1003, configured to update an access configuration resource including the access token for the server device, so as to trigger the server device to send an access request including the access token and the device identifier of the server device to the cloud platform, where the access request is used to trigger the cloud platform to bind the device identifier of the server device with the second user identifier when the cloud platform verifies that the access token is successful again.
In one possible implementation, the apparatus further includes:
the first identifier acquisition module is used for acquiring the first user identifier from the account server before the registration module sends a registration request to a cloud platform based on the access token;
the registration module is configured to send the registration request including the first user identifier and the access token to the cloud platform.
In a possible implementation manner, the access resource configuration module is configured to update the access configuration resource including the access token and the first user identifier for the server device, so as to trigger the server device to send an access request including the access token, the first user identifier, and a device identifier of the server device to the cloud platform.
In one possible implementation, the apparatus further includes:
a second identifier obtaining module, configured to receive the second user identifier returned by the cloud platform before the access resource configuration module updates the access configuration resource including the access token for the server device;
the access resource configuration module is configured to update the access configuration resource including the access token and the second user identifier for the server device, so as to trigger the server device to send an access request including the access token, the second user identifier, and a device identifier of the server device to the cloud platform.
In a possible implementation manner, the access resource configuration module includes:
a data generation unit for generating derivative data of the access token;
and the updating unit is used for updating the access configuration resource containing the derived data of the access token for the server-side equipment.
In a possible implementation manner, the data generating unit is configured to perform encryption processing on the access token to obtain derivative data of the access token.
In one possible implementation manner, the access token obtaining module is configured to,
when the user account logs in the account server, acquiring the access token from the account server;
or,
and when the open authorization authentication is carried out through the user account, acquiring the access token from the account server.
It should be noted that, when the apparatus provided in the foregoing embodiment implements the functions thereof, only the division of the above functional modules is illustrated, and in practical applications, the above functions may be distributed by different functional modules according to actual needs, that is, the content structure of the device is divided into different functional modules, so as to complete all or part of the functions described above.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Referring to fig. 11, a schematic structural diagram of a computer device 1100 according to an embodiment of the present application is shown. The computer device 1100 may include: a processor 1101, a receiver 1102, a transmitter 1103, a memory 1104, and a bus 1105.
The processor 1101 includes one or more processing cores, and the processor 1101 executes various functional applications and information processing by running software programs and modules.
The receiver 1102 and the transmitter 1103 may be implemented as one communication component, which may be one communication chip. The communication chip may also be referred to as a transceiver.
The memory 1104 is coupled to the processor 1101 by a bus 1105.
The memory 1104 may be used for storing a computer program, and the processor 1101 is configured to execute the computer program to implement the steps performed by the server device, the configuration device, the cloud platform, or the account server in the foregoing method embodiments.
Further, memory 1104 may be implemented by any type or combination of volatile or non-volatile storage devices, including but not limited to: magnetic or optical disks, electrically erasable programmable read-only memories, static random access memories, read-only memories, magnetic memories, flash memories, programmable read-only memories.
In an exemplary embodiment, the computer device includes a processor, a memory, and a transceiver (which may include a receiver for receiving information and a transmitter for transmitting information).
In one possible implementation, when the computer device is implemented as a cloud platform,
the transceiver is used for receiving a registration request sent by a configuration device based on an access token of a user account, wherein the user account is an account logged in the configuration device, and the access token is acquired by the configuration device from an account server;
the processor is used for distributing a second user identifier corresponding to the first user identifier when the account server successfully verifies the access token; the first user identification is allocated to the user account by the account server;
the transceiver is configured to receive an access request sent by a server device, where the access request includes the access token and a device identifier of the server device; the access request is triggered by the configuration equipment through updating the access configuration resource containing the access token for the server-side equipment;
and the processor is configured to bind the device identifier of the server device with the second user identifier when the access token is verified again successfully.
When the computer device is implemented as a cloud platform, the processor and the transceiver in the computer device according to the embodiment of the present application may execute the steps executed by the cloud platform in the methods shown in fig. 3, fig. 5, fig. 6, fig. 7, or fig. 8, which are not described herein again.
In another possible implementation, when the computer device is implemented as a configuration device,
the transceiver is used for acquiring an access token of a user account from an account server; the user account is an account logged in the configuration equipment;
the transceiver is used for sending a registration request to a cloud platform based on the access token, wherein the registration request is used for triggering the cloud platform to distribute a second user identifier corresponding to the first user identifier when the access token is successfully verified to the account server; the first user identification is allocated to the user account by the account server;
the transceiver is configured to update an access configuration resource including the access token for a server device, so as to trigger the server device to send an access request including the access token and a device identifier of the server device to the cloud platform, where the access request is used to trigger the cloud platform to bind the device identifier of the server device with the second user identifier when the cloud platform verifies that the access token is successful again.
When the computer device is implemented as a configuration device, the processor and the transceiver in the computer device according to the embodiment of the present application may execute the steps executed by the configuration device in the methods shown in fig. 4, fig. 5, fig. 6, fig. 7, or fig. 8, which are not described herein again.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program is loaded and executed by a processor to implement each step in the method for accessing a device in the internet of things shown in fig. 3 to 8.
The present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the computer device performs the steps in the device access method in the internet of things shown in fig. 3 to 8.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (35)

  1. A device access method in the Internet of things is characterized in that the method is executed by a cloud platform, and the method comprises the following steps:
    receiving a registration request sent by a configuration device based on an access token of a user account, wherein the user account is an account logged in the configuration device, and the access token is acquired by the configuration device from an account server;
    when the access token is successfully verified to the account server, allocating a second user identification corresponding to the first user identification; the first user identification is allocated to the user account by the account server;
    receiving an access request sent by server equipment, wherein the access request comprises the access token and an equipment identifier of the server equipment; the access request is triggered by the configuration equipment through updating an access configuration resource containing the access token for the server-side equipment;
    and when the access token is verified again successfully, binding the equipment identifier of the server equipment with the second user identifier.
  2. The method of claim 1, wherein before assigning a second user identifier corresponding to the first user identifier when the authentication of the access token to the account server is successful, further comprising:
    sending a first verification request to the account server, wherein the first verification request comprises the access token;
    and receiving the first user identification sent by the account server after the account server verifies that the access token is valid.
  3. The method of claim 1, wherein receiving the registration request sent by the configuration device based on the access token of the user account comprises:
    receiving the registration request including the first user identification and the access token;
    before the allocating of the second subscriber identity corresponding to the first subscriber identity, the method further includes:
    extracting the first subscriber identity from the registration request.
  4. The method of claim 1, wherein the access request further comprises the first subscriber identity;
    the binding the device identifier of the server device with the second user identifier includes:
    inquiring the second user identification according to the first user identification;
    and binding the equipment identifier of the server equipment with the inquired second user identifier.
  5. The method of claim 4, further comprising:
    and sending the second user identification to the server-side equipment.
  6. The method of claim 1, wherein before receiving the access request sent by the server device, the method further comprises:
    when the access token is successfully verified to the account server, sending the second user identification to the configuration equipment;
    the binding the device identifier of the server device with the second user identifier includes:
    extracting the second user identification contained in the access request;
    and binding the equipment identifier of the server equipment with the extracted second user identifier.
  7. The method of claim 1, wherein the access token included in the access request is derived data of the access token;
    before the binding the device identifier of the server device with the second user identifier when the access token is successfully verified again, the method further includes:
    and restoring the derived data of the access token into the access token.
  8. The method of claim 1, wherein before binding the device identifier of the server device with the second user identifier when the access token is successfully verified again, the method further comprises:
    inquiring a verification success record of the access token locally according to the access token, wherein the verification success record is stored after the access token is verified to the account server successfully last time;
    and when the verification success record is inquired, determining that the access token is successfully verified again.
  9. The method of claim 8, further comprising:
    and deleting the verification success record when the storage duration of the verification success record reaches a preset duration.
  10. A device access method in the Internet of things, wherein the method is executed by a configuration device, and the method comprises the following steps:
    acquiring an access token of a user account from an account server; the user account is an account logged in the configuration equipment;
    sending a registration request to a cloud platform based on the access token, wherein the registration request is used for triggering the cloud platform to distribute a second user identifier corresponding to the first user identifier when the cloud platform successfully verifies the access token to the account server; the first user identification is allocated to the user account by the account server;
    and updating the access configuration resource containing the access token for the server-side equipment to trigger the server-side equipment to send an access request containing the access token and the equipment identifier of the server-side equipment to the cloud platform, wherein the access request is used for binding the equipment identifier of the server-side equipment with the second user identifier when the cloud platform verifies the access token again successfully.
  11. The method of claim 10, wherein prior to sending the registration request to the cloud platform based on the access token, further comprising:
    acquiring the first user identification from the account server;
    the sending a registration request to a cloud platform based on the access token includes:
    sending the registration request including the first user identification and the access token to the cloud platform.
  12. The method of claim 10, wherein updating the access configuration resource containing the access token for the server device comprises:
    and updating the access configuration resource containing the access token and the first user identifier for the server-side equipment so as to trigger the server-side equipment to send an access request containing the access token, the first user identifier and the equipment identifier of the server-side equipment to the cloud platform.
  13. The method of claim 10, wherein before updating the access configuration resource containing the access token for the server device, the method further comprises:
    receiving the second user identification returned by the cloud platform;
    the updating of the access configuration resource containing the access token for the server device includes:
    and updating the access configuration resource containing the access token and the second user identifier for the server-side equipment so as to trigger the server-side equipment to send an access request containing the access token, the second user identifier and the equipment identifier of the server-side equipment to the cloud platform.
  14. The method of claim 10, wherein updating the access configuration resource containing the access token for the server device comprises:
    generating derivative data of the access token;
    and updating the access configuration resource containing the derivative data of the access token for the server-side equipment.
  15. The method of claim 14, wherein generating the derivative data of the access token comprises:
    and encrypting the access token to obtain the derivative data of the access token.
  16. The method of claim 10, wherein obtaining the access token for the user account from the account server comprises:
    when the account server is logged in through the user account, the access token is obtained from the account server;
    or,
    and when the open authorization authentication is carried out through the user account, the access token is obtained from the account server.
  17. An equipment access device in the internet of things, which is used in a cloud platform, the device comprising:
    a registration request receiving module, configured to receive a registration request sent by a configuration device based on an access token of a user account, where the user account is an account logged in the configuration device, and the access token is obtained by the configuration device from an account server;
    the identification distribution module is used for distributing a second user identification corresponding to the first user identification when the account server successfully verifies the access token; the first user identification is allocated to the user account by the account server;
    an access request receiving module, configured to receive an access request sent by a server device, where the access request includes the access token and a device identifier of the server device; the access request is triggered by the configuration equipment through updating the access configuration resource containing the access token for the server-side equipment;
    and the binding module is used for binding the equipment identifier of the server equipment with the second user identifier when the access token is verified again successfully.
  18. The apparatus of claim 17, further comprising:
    a verification request sending module, configured to send a first verification request to the account server before allocating a second user identifier corresponding to a first user identifier when the identifier allocation module successfully verifies the access token to the account server, where the first verification request includes the access token;
    and the first identifier receiving module is used for receiving the first user identifier sent by the account server after the account server verifies that the access token is valid.
  19. The apparatus of claim 17,
    the registration request receiving module is configured to receive the registration request including the first user identifier and the access token;
    the device further comprises:
    a first identifier extracting module, configured to extract the first user identifier from the registration request before the identifier allocating module allocates the second user identifier corresponding to the first user identifier.
  20. The apparatus of claim 17, wherein the access request further comprises the first subscriber identity;
    the binding module is used for binding the data of the data source,
    inquiring the second user identification according to the first user identification;
    and binding the equipment identifier of the server equipment with the inquired second user identifier.
  21. The apparatus of claim 20, further comprising:
    and the first identifier sending module is used for sending the second user identifier to the server-side equipment.
  22. The apparatus of claim 17, further comprising:
    a second identifier sending module, configured to send the second user identifier to the configuration device when the account server verifies that the access token is successful before the access request receiving module receives the access request sent by the server device;
    the binding module is used for binding the data of the data,
    extracting the second user identification contained in the access request;
    and binding the equipment identifier of the server equipment with the extracted second user identifier.
  23. The apparatus of claim 17, wherein the access token included in the access request is derived data of the access token;
    the device further comprises:
    and the restoring module is used for restoring the derived data of the access token into the access token before the equipment identifier of the server equipment is bound with the second user identifier when the binding module verifies that the access token is successful again.
  24. The apparatus of claim 17, further comprising:
    the record query module is used for locally querying a verification success record of the access token according to the access token before the device identifier of the server device is bound with the second user identifier when the binding module verifies the access token again successfully, wherein the verification success record is stored after the account server verifies the access token successfully last time;
    and the second access success determining module is used for determining that the access token is successfully verified again when the verification success record is inquired.
  25. The apparatus of claim 24, further comprising:
    and the record deleting module is used for deleting the verification success record when the storage duration of the verification success record reaches a preset duration.
  26. An apparatus for accessing a device in an internet of things, the apparatus being used in configuring the device, the apparatus comprising:
    the access token acquisition module is used for acquiring an access token of the user account from the account server; the user account is an account logged in the configuration equipment;
    the registration module is used for sending a registration request to a cloud platform based on the access token, wherein the registration request is used for triggering the cloud platform to distribute a second user identifier corresponding to the first user identifier when the access token is successfully verified to the account server; the first user identification is allocated to the user account by the account server;
    and the access resource configuration module is used for updating the access configuration resource containing the access token for the server-side equipment so as to trigger the server-side equipment to send an access request containing the access token and the equipment identifier of the server-side equipment to the cloud platform, wherein the access request is used for binding the equipment identifier of the server-side equipment with the second user identifier when the cloud platform verifies that the access token is successful again.
  27. The apparatus of claim 26, further comprising:
    the first identifier acquisition module is used for acquiring the first user identifier from the account server before the registration module sends a registration request to a cloud platform based on the access token;
    the registration module is configured to send the registration request including the first user identifier and the access token to the cloud platform.
  28. The apparatus of claim 26,
    the access resource configuration module is configured to update the access configuration resource including the access token and the first user identifier for the server device, so as to trigger the server device to send an access request including the access token, the first user identifier, and a device identifier of the server device to the cloud platform.
  29. The apparatus of claim 26, further comprising:
    the second identifier acquisition module is used for receiving the second user identifier returned by the cloud platform before the access resource configuration module updates the access configuration resource containing the access token for the server-side equipment;
    the access resource configuration module is configured to update the access configuration resource including the access token and the second user identifier for the server device, so as to trigger the server device to send an access request including the access token, the second user identifier, and a device identifier of the server device to the cloud platform.
  30. The apparatus of claim 26, wherein the access resource configuration module comprises:
    a data generation unit for generating derivative data of the access token;
    and the updating unit is used for updating the access configuration resource containing the derived data of the access token for the server-side equipment.
  31. The apparatus of claim 30,
    and the data generation unit is used for encrypting the access token to obtain derivative data of the access token.
  32. The apparatus of claim 26, wherein the access token acquisition module is configured to,
    when the user account logs in the account server, acquiring the access token from the account server;
    or,
    and when the open authorization authentication is carried out through the user account, the access token is obtained from the account server.
  33. A computer device, wherein the computer device comprises a processor, a memory, and a transceiver;
    the transceiver is configured to receive a registration request sent by a configuration device based on an access token of a user account, where the user account is an account logged in the configuration device, and the access token is obtained by the configuration device from an account server;
    the processor is used for allocating a second user identifier corresponding to the first user identifier when the account server successfully verifies the access token; the first user identification is distributed to the user account by the account server;
    the transceiver is configured to receive an access request sent by a server device, where the access request includes the access token and a device identifier of the server device; the access request is triggered by the configuration equipment through updating an access configuration resource containing the access token for the server-side equipment;
    and the processor is used for binding the equipment identifier of the server equipment with the second user identifier when the access token is verified again successfully.
  34. A computer device, wherein the computer device comprises a processor, a memory, and a transceiver;
    the transceiver is used for acquiring an access token of a user account from an account server; the user account is an account logged in the configuration equipment;
    the transceiver is used for sending a registration request to a cloud platform based on the access token, wherein the registration request is used for triggering the cloud platform to distribute a second user identifier corresponding to the first user identifier when the access token is successfully verified to the account server; the first user identification is allocated to the user account by the account server;
    the transceiver is configured to update an access configuration resource including the access token for a server device, so as to trigger the server device to send an access request including the access token and a device identifier of the server device to the cloud platform, where the access request is used to trigger the cloud platform to bind the device identifier of the server device with the second user identifier when the cloud platform verifies that the access token is successful again.
  35. A computer-readable storage medium, in which a computer program is stored, the computer program being for execution by a processor to implement a device access method in the internet of things as claimed in any one of claims 1 to 16.
CN202080100570.1A 2020-07-09 2020-07-09 Equipment access method and device in Internet of things, computer equipment and storage medium Active CN115486033B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/101162 WO2022006825A1 (en) 2020-07-09 2020-07-09 Device access method in internet of things, apparatus, computer device, and storage medium

Publications (2)

Publication Number Publication Date
CN115486033A true CN115486033A (en) 2022-12-16
CN115486033B CN115486033B (en) 2024-07-05

Family

ID=79553423

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080100570.1A Active CN115486033B (en) 2020-07-09 2020-07-09 Equipment access method and device in Internet of things, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN115486033B (en)
WO (1) WO2022006825A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115277828A (en) * 2021-10-27 2022-11-01 珠海奔图电子有限公司 Registration method and device of intelligent equipment and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160134599A1 (en) * 2014-11-07 2016-05-12 Brian G. Ross Computer-implemented systems and methods of device based, internet-centric, authentication
CN105812491A (en) * 2016-05-12 2016-07-27 腾讯科技(深圳)有限公司 Equipment remote binding method and device
CN106960148A (en) * 2016-01-12 2017-07-18 阿里巴巴集团控股有限公司 The distribution method and device of a kind of device identification
CN107995215A (en) * 2017-12-20 2018-05-04 青岛海信智慧家居系统股份有限公司 Control method, device and the cloud platform server of smart home device
CN108881228A (en) * 2018-06-20 2018-11-23 上海庆科信息技术有限公司 Cloud registration activation method, device, equipment and storage medium
US10382203B1 (en) * 2016-11-22 2019-08-13 Amazon Technologies, Inc. Associating applications with Internet-of-things (IoT) devices using three-way handshake

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819805B (en) * 2016-09-14 2021-03-30 北京京东尚科信息技术有限公司 Intelligent device control method and system
US10645557B2 (en) * 2017-04-04 2020-05-05 Dell Products L.P. Transferable ownership tokens for discrete, identifiable devices
WO2019177207A1 (en) * 2018-03-14 2019-09-19 인하대학교 산학협력단 Iot-based health prescription assistance and security system and method
CN109936579A (en) * 2019-03-21 2019-06-25 广东瑞恩科技有限公司 Single-point logging method, device, equipment and computer readable storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160134599A1 (en) * 2014-11-07 2016-05-12 Brian G. Ross Computer-implemented systems and methods of device based, internet-centric, authentication
CN106960148A (en) * 2016-01-12 2017-07-18 阿里巴巴集团控股有限公司 The distribution method and device of a kind of device identification
US20180324170A1 (en) * 2016-01-12 2018-11-08 Alibaba Group Holding Limited Method and apparatus for allocating device identifiers
CN105812491A (en) * 2016-05-12 2016-07-27 腾讯科技(深圳)有限公司 Equipment remote binding method and device
US10382203B1 (en) * 2016-11-22 2019-08-13 Amazon Technologies, Inc. Associating applications with Internet-of-things (IoT) devices using three-way handshake
CN107995215A (en) * 2017-12-20 2018-05-04 青岛海信智慧家居系统股份有限公司 Control method, device and the cloud platform server of smart home device
CN108881228A (en) * 2018-06-20 2018-11-23 上海庆科信息技术有限公司 Cloud registration activation method, device, equipment and storage medium

Also Published As

Publication number Publication date
WO2022006825A1 (en) 2022-01-13
CN115486033B (en) 2024-07-05

Similar Documents

Publication Publication Date Title
US11128612B1 (en) Zero-touch provisioning of IoT devices with multi factor authentication
JP5981662B2 (en) Method and apparatus for access authorization authentication in a wireless communication system
CN107404544B (en) Method and apparatus for IP address assignment
JP6055111B2 (en) Method and apparatus for proximity control in a wireless communication system
WO2018145605A1 (en) Authentication method and server, and access control device
US20170215072A1 (en) Method and apparatus for authenticating access authority for specific resource in wireless communication system
US20150305008A1 (en) Method and apparatus for updating information regarding specific resource in wireless communication system
EP2550769A1 (en) System and methods for remote maintenance of multiple clients in an electronic network using virtual machines
CN114553592B (en) Method, equipment and storage medium for equipment identity verification
CN105553920A (en) Data interaction method, apparatus, and system
US20220377556A1 (en) Internet-of-things device registration method and apparatus, device, and storage medium
CN112788031A (en) Envoy architecture-based micro-service interface authentication system, method and device
CN112468540B (en) Cloud platform-based data distribution method, equipment and medium
CN109726545B (en) Information display method, equipment, computer readable storage medium and device
CN111177776A (en) Multi-tenant data isolation method and system
CN113691646A (en) Domain name service resource access method, device, electronic equipment and medium
CN114363165A (en) Configuration method of electronic equipment, electronic equipment and server
CN111066014A (en) Apparatus, method and program for remotely managing devices
CN115486033B (en) Equipment access method and device in Internet of things, computer equipment and storage medium
US20240179142A1 (en) Method and apparatus for account association, and computer device and storage medium
CN117643014A (en) Method for authentication establishment of a connection between equipment connected to at least one communication network and a server of a service provider, and corresponding device
CN114117394A (en) Configuration method, cloud platform and target device
CN111542001A (en) Network system with distributed server clusters and construction method thereof
CN110417754A (en) A kind of method and device of Intrusion Detection based on host agency service purview certification
CN113242060B (en) Network access method and device, storage medium and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant