CN104580478A - Internet-of-Things device off-line sharing access right control method - Google Patents
Internet-of-Things device off-line sharing access right control method Download PDFInfo
- Publication number
- CN104580478A CN104580478A CN201510019491.9A CN201510019491A CN104580478A CN 104580478 A CN104580478 A CN 104580478A CN 201510019491 A CN201510019491 A CN 201510019491A CN 104580478 A CN104580478 A CN 104580478A
- Authority
- CN
- China
- Prior art keywords
- internet
- things device
- shared
- control method
- coefficient
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000006870 function Effects 0.000 claims description 22
- 230000009471 action Effects 0.000 claims description 3
- 230000008689 nuclear function Effects 0.000 claims description 3
- 230000015572 biosynthetic process Effects 0.000 claims description 2
- 230000008859 change Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an Internet-of-Things device off-line sharing access right control method which comprises the steps that a first Internet-of-Things device establishes or changes a sharing list and uploads the sharing list to a cloud end server, then the cloud end server carries out computing according to the sharing list to form a feature coefficient which is then transmitted back to the first Internet-of-Things device for storing or updating, when the first Internet-of-Things device receives registering data from a second Internet-of-Things device under an off-line state, a sequence identifying code is generated, the sequence identifying code and the feature coefficient are input a kernel function for computing, whether the computing result of the kernel function meets a preset authority condition is confirmed, and then whether accessing right is provided for the second Internet-of-Things device is determined. Therefore, the fact that the first Internet-of-Things device keeps the same accessing right control as an on-line state in an off-line state is guaranteed.
Description
Technical field
The present invention relates to the Data Access Technology of Internet of Things, specifically refer to that a kind of Internet of things device carries out the Access control method of data sharing under off-line state with other Internet of things devices.According to the present invention, can solve existing Internet of things device can only carry out the problem of data sharing with other Internet of things devices under connection state.
Background technology
Internet of Things (Internet of Things, IOT) be based on high in the clouds computing the information network system that is jointly made up of numerous cloud server (Remote Cloud Server), network gateway and Internet of things device (i.e. communication terminal) of the one that develops out, it makes various different Internet of things device can carry out the data informations such as shared various file, photo or image via network, can realize the information exchange functions such as real time communication, Information issued and file-sharing.Wherein, one of key technology that can Internet of Things shape up is checking and the mandate (Authentication) of Internet of things device, referred to as Access control (Authentication and Access Control).
Before carrying out information exchange when Internet of things device wish with between cloud server and other Internet of things devices, Access control is carried out in the service that capital is provided by cloud server, only have by verify and obtain mandate Internet of things device can with correct status beyond the clouds platform use this device be authorized to use cloud service.Therefore, the Authority sharing (Authority Sharing) between current Internet of things device and authority are all controlled by cloud server, and the exchanges data between Internet of things device is also carry out data access by cloud server.
Under normal connection state, between Internet of things device, nature can carry out exchanges data by cloud server, but cannot under the off-line state of wire net, even the multiple Internet of things devices having obtained Authority sharing (Authority Sharing) also can interrupt the line between cloud server, cause maintaining the data access between other Internet of things devices.
Summary of the invention
In order to solve the problem, main purpose of the present invention is a kind of Access control method providing Internet of things device off-line to share.According to the present invention, the Access control consistent with under normal connection state can be maintained under off-line state, thus normal data access can be maintained between the multiple Internet of things devices making to obtain Authority sharing.
Main purpose of the present invention is a kind of Access control method providing Internet of things device off-line to share, and it can reduce the file size of Access control related data, thus saves the memory space of Internet of things device.
The invention provides a kind of Access control method that Internet of things device off-line is shared, it comprises the steps: that a) the first Internet of things device is set up or changed shares list be uploaded to cloud server, and cloud server carries out computing according to shared list and is back to the first Internet of things device after generating feature coefficient and stored or upgrade; B) formation sequence identification code when this first Internet of things device receives from the second Internet of things device logon data under off-line state, and recognition sequence code and characteristic coefficient input nucleus function are carried out computing; And c) this first Internet of things device confirms whether the operation result of this kernel function meets the authorising conditional preset, and result is satisfied if confirm, then provide access right to the second Internet of things device, otherwise then refuse the request of the second Internet of things device.
Thus, the present invention can guarantee that the first Internet of things device keeps the Access control consistent with during connection state under off-line state, and the figure place shared by characteristic coefficient can be made to be less than figure place shared by shared list, thus realize the technique effect saving memory space further.
Accompanying drawing explanation
Fig. 1 is the generation of characteristic coefficient and the flow chart of renewal in the embodiment of the present invention.
Fig. 2 is the flow chart that in the embodiment of the present invention, cloud server upgrades the first Internet of things device.
Fig. 3 is the operation process chart that in the embodiment of the present invention, cloud server and the first Internet of things device carry out Access control under being in off-line state.
Embodiment
For ease of understanding the present invention further, lifting and with the first Internet of things device (IOT Appliance), one embodiment of the invention being described.Please refer to Fig. 1, user can utilize the first Internet of things device to set up or change and share list (Sharing List), records account and the password of user, for following table in this list.In addition, other information fields can also according to circumstances be increased in above-mentioned shared list.
| User | Account | Password |
| Joe | Joe123 | Joe58a |
| Watson | Watson | asdf01pog |
| Jane | JaneAFS | abfdplk |
| Anny | AnnyWang | asdf4568 |
This first Internet of things device just can be uploaded to cloud server and be stored after completing shared list, and cloud server Storage sharing list after finishing receiving, and the data input features coefficient generating function E (Characteristic Coefficient Generation Function) of shared list is carried out computing, thus generating feature coefficient e
sc(Characteristic Coefficient).In the present embodiment, characteristic coefficient generating function E carries out 32 Cyclical Redundancy Checks (Cyclic Redundancy Check using user account and password as variable, CRC) multinomial: E (account, password)={ CRC32 (account)+CRC32 (password) * i}.
Wherein, i is plural number (Complex Number).Shared list can be made to generate at least one characteristic coefficient e after calculating
sc, its result is as follows:
| User | Account | Password | Characteristic coefficient e sc |
| Joe | Joe123 | Joe58a | 0x7f92d5c4+0x711a54a*i |
| Watson | Watson | asdf01pog | 0xfe9e1de4+0xa26e5f0a*i |
| Jane | JaneAFS | abfdplk | 0xb15ce891+0x107e20ec*i |
| Anny | AnnyWang | asdf4568 | 0xaac7e2e8+0xdd031b3d*i |
Wherein, the figure place corresponding to upper table is as follows:
| User | Account | Password | Characteristic coefficient e sc |
| Joe | 6 | 6 | 4+4 |
| Watson | 6 | 9 | 4+4 |
| Jane | 7 | 7 | 4+4 |
| Anny | 8 | 8 | 4+4 |
It is worth mentioning that, to those skilled in the art, the operation method that characteristic coefficient generating function E also has other alternative, and other characteristic coefficient can be generated as the present embodiment to individual user, also can correspond to whole shared list and generate a stack features coefficient, or the user corresponding to specific quantity generates a stack features coefficient, mainly determines according to used characteristic coefficient generating function E.
After above-mentioned steps completes, cloud server utilizes the mark (Update Sharing Coefficient Flag) upgrading shared coefficient automatically to upgrade the first Internet of things device as update mechanism.When shared list is updated and is not updated to the first Internet of things device, cloud server will enable the mark that coefficient is shared in (Enable) above-mentioned renewal, otherwise does not then enable.Now, cloud server is confirmed whether to set up line with the first Internet of things device after enabling this renewal to share the mark of coefficient; If so, cloud server transmits characteristic coefficient e
sccarry out storing, upgrading to the first Internet of things device.After being updated successfully, the mark upgrading shared coefficient is cancelled to be enabled; If line failure, then upgrade the mark sharing coefficient and do not change, upgrade in the lump with during the first Internet of things device line next time until cloud server.
When the first Internet of things device and cloud server line, refer to Fig. 2, whether cloud server inspection upgrades the mark sharing coefficient and is activated, such as, when server upgrades generation and the first Internet of things device line failure in the process of the first Internet of things device automatically beyond the clouds, upgrade the mark sharing coefficient and can be maintained the state of enabling; What upgrade shared coefficient if confirm is masked as initiate mode, and cloud server transmits characteristic coefficient e
scto the first Internet of things device, after success to be updated, the mark upgrading shared coefficient is cancelled to be enabled.On the contrary, if cloud server confirms that upgrading the mark sharing coefficient is not activated, and just directly terminates this flow process.
Wherein, server initiatively deletes the characteristic coefficient e stored after characteristic coefficient is sent to the first Internet of things device beyond the clouds
sc, the first Internet of things device is then receiving and is storing characteristic coefficient e
scinitiatively delete the shared list stored afterwards.In other words, shared list is stored in cloud server, and the first Internet of things device only stores characteristic coefficient e
sc, the problem that when such practice can avoid the first Internet of things device to be invaded by other people, user data leaks.And the storage size (being 32 in the present embodiment) shared by characteristic coefficient is less than shared list (being 57 in the present embodiment), therefore can save the memory capacity of the first Internet of things device.
Characteristic coefficient e is completed at the first Internet of things device
scstorage or upgrade after operation, just under off-line state, (that is line cannot be set up with cloud server) and other Internet of things devices can carry out the control of authority operation of data access.
Refer to Fig. 3, when user is for carrying out data access from the second Internet of things device (as mobile phone or flat computer) with the first Internet of things device, if cloud server and the first Internet of things device be in off-line state and the second Internet of things device and the first Internet of things device are in same net territory time, network (as radio network, broadcast) can be passed through transmit the logon data such as user account and password and log in the first Internet of things device.Accepted above-mentioned logon data is converted to recognition sequence code U by the first Internet of things device
sID, afterwards with stored characteristic coefficient e
scinput nucleus function F (Kernel Function) carries out computing.In the present embodiment, kernel function F is the logical function F (U of multiplication
sID)=∏ (U
sID-e
sc), wherein, U
sIDfor the recognition sequence code (Sequence ID) that logon data application characteristic coefficient generating function E generates, e
scfor the characteristic coefficient of corresponding individual user, computing is now as follows:
F(U
SID)=(U
SID-(0x7f92d5c4+0x711a54a*i))*(U
SID-(0xfe9e1de4+0xa26e5f0a*i))*(U
SID-(0xb15ce891+0x107e20ec*Ii))*(U
SID-(0xaac7e2e8+0xdd031b3d*i))
Now, the first Internet of things device is preset with authorising conditional F (x)=0.Thus, the recognition sequence code U that illegal user account and password generate
sIDthe characteristic coefficient e stored with the first Internet of things device
scunequal, also just cannot meet authorising conditional.In other words, user account listed in shared list and password is only had just can to meet this authorising conditional.
When the first Internet of things device confirm the second Internet of things device provide the operation result of logon data to meet authorising conditional time, provide access right to the second Internet of things device, otherwise then refuse the logging request of the second Internet of things device.
In order to provide the fail safe of data access, the first Internet of things device provides access right to generating flag data (Token) after the second Internet of things device, and the access right of the second Internet of things device is existed.If the second Internet of things device does not carry out data access action to the first Internet of things device, then the first Internet of things device deleted marker data in Preset Time, the access right of the second Internet of things device of simultaneously stopping using.Now the second Internet of things device just must log in again, and determines whether provide access right after again being verified by the first Internet of things device.
It is worth mentioning that, kernel function F can adopt other function, authorising conditional also can be different along with the change of kernel function F simultaneously, the multilevel iudge (constant of such as above-described embodiment is zero) that the operation result of constant and kernel function F usually can be adopted to carry out being greater than, being less than and/or equaling, and logon data is converted to recognition sequence code U by the first Internet of things device
sIDalso not necessarily to adopt characteristic coefficient generating function E, but can be replaced with other transfer function.
Thus, this method can guarantee the first Internet of things device with keep under cloud server off-line state and consistent Access control during connection state.Further, when the figure place shared by generated characteristic coefficient is less than the figure place shared by shared list, the technique effect of saving first Internet of things device memory space can also be realized.
Above-mentioned cited figure and explanation are only in order to illustrate the better feasible execution mode of the present invention, but the present invention is not limited to above-mentioned illustrated execution mode, all within the scope of technological thought disclosed in this invention to its do a little retouching with change still belong to scope of the present invention.
Claims (13)
1. the Access control method that Internet of things device off-line is shared, is characterized in that comprising the following steps:
A) the first Internet of things device is set up or is changed and shares list and be uploaded to cloud server, and described cloud server is sent to described first Internet of things device after carrying out computing generating feature coefficient according to described shared list and is stored or upgrade;
B) formation sequence identification code when described first Internet of things device and cloud server receive from the second Internet of things device logon data under off-line state, and this recognition sequence code and described characteristic coefficient input nucleus function are carried out computing; And
C) described first Internet of things device confirms whether the operation result of described kernel function meets the authorising conditional preset, and result is satisfied if confirm, then provide access right to described second Internet of things device, otherwise then refuse the request of described second Internet of things device.
2. the Access control method that Internet of things device off-line as claimed in claim 1 is shared, is characterized in that,
Described cloud server described step a) in described characteristic coefficient is sent to described first Internet of things device after, initiatively delete in described cloud server the described characteristic coefficient stored.
3. the Access control method that Internet of things device off-line as claimed in claim 2 is shared, is characterized in that,
Described first Internet of things device described step a) in receive and after storing described characteristic coefficient, initiatively delete the described shared list stored in described first Internet of things device.
4. the Access control method that Internet of things device off-line as claimed in claim 1 is shared, is characterized in that,
Account and the password of at least one user is recorded in described shared list.
5. the Access control method that Internet of things device off-line as claimed in claim 1 is shared, is characterized in that,
Described first Internet of things device is at described step c) in provide access right to generate flag data to after described second Internet of things device, if described second Internet of things device does not carry out data access action to described first Internet of things device in Preset Time, then described first Internet of things device deletes described flag data and the access right of described second Internet of things device of stopping using.
6. the Access control method that the Internet of things device off-line according to any one of claim 1 to 5 is shared, is characterized in that,
Described cloud server described step a) in described shared list input feature vector coefficient generating function is obtained described characteristic coefficient.
7. the Access control method that Internet of things device off-line as claimed in claim 6 is shared, is characterized in that,
Described characteristic coefficient generating function carries out the multinomial of 32 Cyclical Redundancy Checks using user account and password as variable.
8. the Access control method that Internet of things device off-line as claimed in claim 6 is shared, is characterized in that,
Described first Internet of things device is at described step b) in described logon data inputted described characteristic coefficient generating function and generate described recognition sequence code.
9. the Access control method that Internet of things device off-line as claimed in claim 1 is shared, is characterized in that,
Described first Internet of things device is at described step c) in the authorising conditional that uses be the operation result of described core function be constant.
10. the Access control method that the Internet of things device off-line according to any one of claim 1 to 5 is shared, is characterized in that,
Described cloud server described step a) in the figure place generated shared by described characteristic coefficient be less than figure place shared by described shared list.
The Access control method that 11. Internet of things device off-lines as claimed in claim 1 are shared, is characterized in that,
Described cloud server is enabled renewal and is shared the mark of coefficient to upgrade described first Internet of things device after described step a) the described characteristic coefficient of middle generation.
The Access control method that 12. Internet of things device off-lines as claimed in claim 11 are shared, is characterized in that,
Described cloud server enable to be confirmed whether after the mark of coefficient is shared in described renewal can with described first Internet of things device line; If so, then upgrade described first Internet of things device and cancel described renewal and share enabling of the mark of coefficient, otherwise then maintain the initiate mode that the mark of coefficient is shared in described renewal.
The Access control method that 13. Internet of things device off-lines as described in claim 11 or 12 are shared, is characterized in that,
Described in described first Internet of things device line during cloud server, described cloud server checks whether the mark that coefficient is shared in described renewal is activated; If so, then upgrade described first Internet of things device and cancel described renewal and share enabling of the mark of coefficient, otherwise then do not carry out update action.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510019491.9A CN104580478A (en) | 2015-01-15 | 2015-01-15 | Internet-of-Things device off-line sharing access right control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510019491.9A CN104580478A (en) | 2015-01-15 | 2015-01-15 | Internet-of-Things device off-line sharing access right control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104580478A true CN104580478A (en) | 2015-04-29 |
Family
ID=53095635
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510019491.9A Pending CN104580478A (en) | 2015-01-15 | 2015-01-15 | Internet-of-Things device off-line sharing access right control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104580478A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108260073A (en) * | 2016-12-27 | 2018-07-06 | 光宝电子(广州)有限公司 | The installation method of gateway, the installation method of gateway and Internet of things device |
| TWI827229B (en) * | 2022-08-31 | 2023-12-21 | 合作金庫商業銀行股份有限公司 | Automated construction system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546801A (en) * | 2012-01-09 | 2012-07-04 | 北京风灵创景科技有限公司 | Ambient-equipment-list-based mobile terminal matching method and system |
| CN103227746A (en) * | 2012-01-31 | 2013-07-31 | 珠海德百祺科技有限公司 | Data communication method and system |
| CN103428556A (en) * | 2012-05-17 | 2013-12-04 | 华为技术有限公司 | Method and system for multi-screen interaction |
| CN103442065A (en) * | 2013-08-29 | 2013-12-11 | 宇龙计算机通信科技(深圳)有限公司 | Data sharing method, mobile terminals and cloud server |
| US20140267567A1 (en) * | 2013-03-12 | 2014-09-18 | Akihiro Mihara | Communication server, communication system, and communication method |
-
2015
- 2015-01-15 CN CN201510019491.9A patent/CN104580478A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546801A (en) * | 2012-01-09 | 2012-07-04 | 北京风灵创景科技有限公司 | Ambient-equipment-list-based mobile terminal matching method and system |
| CN103227746A (en) * | 2012-01-31 | 2013-07-31 | 珠海德百祺科技有限公司 | Data communication method and system |
| CN103428556A (en) * | 2012-05-17 | 2013-12-04 | 华为技术有限公司 | Method and system for multi-screen interaction |
| US20140267567A1 (en) * | 2013-03-12 | 2014-09-18 | Akihiro Mihara | Communication server, communication system, and communication method |
| CN103442065A (en) * | 2013-08-29 | 2013-12-11 | 宇龙计算机通信科技(深圳)有限公司 | Data sharing method, mobile terminals and cloud server |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108260073A (en) * | 2016-12-27 | 2018-07-06 | 光宝电子(广州)有限公司 | The installation method of gateway, the installation method of gateway and Internet of things device |
| CN108260073B (en) * | 2016-12-27 | 2021-02-09 | 光宝电子(广州)有限公司 | Gateway, gateway installation method and Internet of things device installation method |
| TWI827229B (en) * | 2022-08-31 | 2023-12-21 | 合作金庫商業銀行股份有限公司 | Automated construction system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110602216B (en) | Method and device for using single account by multiple terminals, cloud server and storage medium | |
| US11443293B2 (en) | Secure network accessing method for POS terminal, and system thereof | |
| US11367055B2 (en) | Decentralized pooled mining for enabling proof-of-work on blockchains | |
| CN104954383A (en) | Application program login method and system | |
| CN104021333A (en) | Mobile security fob | |
| CN103841560A (en) | Method and equipment to enhance SIM card reliability | |
| US20190266339A1 (en) | Systems and methods for data sharing and transaction processing for high security documents | |
| KR101810622B1 (en) | Systems, methods, and computer program products for obtaining mobile device data | |
| US11159308B2 (en) | Preventing an erroneous transmission of a copy of a record of data to a distributed ledger system | |
| CN103327013A (en) | Contact person information sharing method and equipment based on sharing permission level | |
| CN104361034A (en) | File management method and device based on cloud storage | |
| WO2024000999A1 (en) | National secret sm9 identity public key generation method and system for intelligent device | |
| CN116346360A (en) | Token processing method and device, electronic equipment and storage medium | |
| US20150304325A1 (en) | Method, system and apparatus for geo-verification | |
| CN104580478A (en) | Internet-of-Things device off-line sharing access right control method | |
| CN103595573B (en) | Method and device for issuing strategy rules | |
| US20150163676A1 (en) | Remote control method between mobile communication terminals using programs mounted on mobile communication terminals | |
| US20150350199A1 (en) | Secure access system and operating method thereof | |
| CN107277794A (en) | Set up the method, device and mobile terminal of communication connection | |
| CN119213731A (en) | Network-level policy validation for network-based switching | |
| TW201537377A (en) | Information processing device, information processing method, program and recording medium | |
| CN109548002B (en) | Authorization method for controlling functions of SIM card of mobile phone | |
| KR102005932B1 (en) | Server for managing social network friends and method for managing social network friends using the same | |
| CN106408301A (en) | Method and device for improving security of transaction command | |
| CN105611526A (en) | Airport wireless network allocation method, server and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150429 |