[go: up one dir, main page]

CN114584983A - Identity authentication method, system and device - Google Patents

Identity authentication method, system and device Download PDF

Info

Publication number
CN114584983A
CN114584983A CN202210202337.5A CN202210202337A CN114584983A CN 114584983 A CN114584983 A CN 114584983A CN 202210202337 A CN202210202337 A CN 202210202337A CN 114584983 A CN114584983 A CN 114584983A
Authority
CN
China
Prior art keywords
equipment
authenticated
transmission loss
loss value
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210202337.5A
Other languages
Chinese (zh)
Inventor
李海龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yahua Iot Technology Development Co ltd
Original Assignee
Beijing Yahua Iot Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yahua Iot Technology Development Co ltd filed Critical Beijing Yahua Iot Technology Development Co ltd
Priority to CN202210202337.5A priority Critical patent/CN114584983A/en
Publication of CN114584983A publication Critical patent/CN114584983A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供的身份认证方法、系统及装置,本方法包括:接收待认证设备发送的无线发射功率信息,结合第一传输损耗值、第二传输损耗值,确定待认证设备和网关设备以及待认证设备和待连接设备之间是否处于无遮挡状态,通过判断功率信息在传输过程中的传输损耗值是否达到预设条件即可,若传输损耗值满足预设条件,将待认证设备的设备信息加入待连接设备的信任列表,以使所述待连接设备按照所述信任列表与所述待认证设备连接,本发明提供的身份认证方法、系统及装置,减小了信息泄露的风险,杜绝了连接时的安全漏洞,简化了身份认证的流程,降低了身份认证的难度,使得操作变得更加简单,大大降低了物联网设备的大规模部署的成本。

Figure 202210202337

The identity authentication method, system and device provided by the present invention include: receiving wireless transmission power information sent by a device to be authenticated, and combining the first transmission loss value and the second transmission loss value to determine the device to be authenticated, the gateway device and the device to be authenticated Whether the device and the device to be connected are in an unobstructed state, it can be determined by judging whether the transmission loss value of the power information during the transmission process meets the preset condition. If the transmission loss value meets the preset condition, the device information of the device to be authenticated is added. The trust list of the device to be connected, so that the device to be connected is connected with the device to be authenticated according to the trust list. The identity authentication method, system and device provided by the present invention reduce the risk of information leakage and prevent the connection It simplifies the identity authentication process, reduces the difficulty of identity authentication, makes the operation easier, and greatly reduces the cost of large-scale deployment of IoT devices.

Figure 202210202337

Description

一种身份认证方法、系统及装置A kind of identity authentication method, system and device

技术领域technical field

本发明涉及身份认证技术领域,具体涉及一种身份认证方法、系统及装置。The invention relates to the technical field of identity authentication, in particular to an identity authentication method, system and device.

背景技术Background technique

无认证连接是目前生活中很常用的一项技术,在家可以通过手机对一些设备直接进行操控,对人们的生活给予很大的帮助,因为该技术对设备的连接往往没有任何的身份验证机制,所以这样的技术只能应用于低成本“只读”类传感器产品,如温湿度传感器,即使非法连接也不会造成“事故”,但是仍然会有信息泄漏或不可用的风险,而通过手工认证,虽然可以杜绝连接时的安全漏洞,但是操作过于复杂。Unauthenticated connection is a very commonly used technology in life. You can directly control some devices at home through mobile phones, which is of great help to people's lives, because this technology often does not have any authentication mechanism for the connection of devices. Therefore, such technology can only be applied to low-cost "read-only" sensor products, such as temperature and humidity sensors, even if illegal connection will not cause "accidents", but there is still the risk of information leakage or unavailability, and manual authentication , although it can eliminate security loopholes when connecting, but the operation is too complicated.

发明内容SUMMARY OF THE INVENTION

因此,本发明要解决的技术问题在于克服现有技术中信息泄露的风险和操作过于复杂缺陷,从而提供一种身份认证方法、系统及装置。Therefore, the technical problem to be solved by the present invention is to overcome the risk of information leakage and the defect of overly complicated operation in the prior art, so as to provide an identity authentication method, system and device.

第一方面,本发明提供了一种身份认证方法,包括如下步骤:接收待认证设备发送的无线发射功率信息,所述无线发射功率信息由网关设备和待连接设备发送给所述待认证设备;结合所述网关设备的无线发射功率信息、所述网关设备的RSSI门限值,确定所述网关设备和所述待认证设备之间的第一传输损耗值;结合所述待连接设备的无线发射功率信息、所述待连接设备的RSSI门限值,确定所述待连接设备和所述待认证设备之间的第二传输损耗值;若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表,以使所述待连接设备按照所述信任列表与所述待认证设备连接。In a first aspect, the present invention provides an identity authentication method, comprising the following steps: receiving wireless transmit power information sent by a device to be authenticated, the wireless transmit power information being sent to the device to be authenticated by a gateway device and a device to be connected; Combine the wireless transmission power information of the gateway device and the RSSI threshold value of the gateway device to determine the first transmission loss value between the gateway device and the device to be authenticated; combine the wireless transmission of the device to be connected power information, the RSSI threshold value of the device to be connected, determine the second transmission loss value between the device to be connected and the device to be authenticated; if the first transmission loss value, and the second transmission loss value If the loss value satisfies the first preset condition, the device information of the device to be authenticated is added to the trust list of the device to be connected, so that the device to be connected is connected to the device to be authenticated according to the trust list.

可选的,在本发明提供的身份认证方法中,结合所述网关设备的无线发射功率信息、所述网关设备的RSSI门限值,确定所述网关设备和所述待认证设备之间第一传输损耗值,包括:根据所述网关设备的无线发射功率信息,确定所述待认证设备接收到所述网关设备的RSSI实际值;根据RSSI实际值和所述网关设备的RSSI门限计算所述第一传输损耗值。Optionally, in the identity authentication method provided by the present invention, in combination with the wireless transmit power information of the gateway device and the RSSI threshold value of the gateway device, determine the first connection between the gateway device and the device to be authenticated. The transmission loss value includes: according to the wireless transmit power information of the gateway device, determining the actual value of RSSI received by the device to be authenticated from the gateway device; calculating the first RSSI value according to the actual value of RSSI and the RSSI threshold of the gateway device A transmission loss value.

可选的,在本发明提供的身份认证方法中,结合所述待连接设备的无线发射功率信息、所述待连接设备的RSSI门限值,确定所述待连接设备和所述待认证设备之间的第二传输损耗值,包括:根据所述待连接设备的无线发射功率信息,确定所述待认证设备接收到所述待连接设备的RSSI实际值;根据RSSI实际值和所述待连接设备的RSSI门限计算所述待连接设备功率信息的第二传输损耗值。Optionally, in the identity authentication method provided by the present invention, the wireless transmission power information of the device to be connected and the RSSI threshold value of the device to be connected are combined to determine the relationship between the device to be connected and the device to be authenticated. The second transmission loss value between the two includes: according to the wireless transmit power information of the device to be connected, determining that the device to be authenticated receives the actual RSSI value of the device to be connected; according to the actual value of RSSI and the device to be connected Calculate the second transmission loss value of the power information of the device to be connected according to the RSSI threshold.

可选的,在本发明提供的身份认证方法中,若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表,包括:若所述第一传输损耗值小于或等于第一预设值,且所述第二传输损耗值小于或等于第二预设值,判定所述第一传输损耗值以及所述第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表;第一预设值为在无遮挡状态下,所述网关设备发送的无线发射功率信息在第一预设范围内传输损耗值的最大传输损耗值;第二预设值为在无遮挡状态下,所述待连接设备发送的无线发射功率信息在第二预设范围内的最大传输损耗值。Optionally, in the identity authentication method provided by the present invention, if the first transmission loss value and the second transmission loss value satisfy a first preset condition, the device information of the device to be authenticated is added to the A trust list of devices to be connected, including: if the first transmission loss value is less than or equal to a first preset value, and the second transmission loss value is less than or equal to a second preset value, determining the first transmission loss value and the second transmission loss value meet the first preset condition, and the device information of the device to be authenticated is added to the trust list of the device to be connected; the first preset value is in the unobstructed state, the gateway The wireless transmission power information sent by the device is the maximum transmission loss value of the transmission loss value within the first preset range; the second preset value is in the unobstructed state, the wireless transmission power information sent by the device to be connected is in the second preset value. Set the maximum transmission loss value within the range.

可选的,在本发明提供的身份认证方法中,若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表,包括:根据所述第一传输损耗值计算第一理想状态距离;根据所述第二传输损耗值计算第二理想状态距离;当第一理想状态距离小于或等于第三预设值,且第二理想状态距离小于或等于第四预设值,判定所述第一传输损耗值以及第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表;第三预设值为在无遮挡状态下,所述网关设备发送的无线发射功率信息的最大无遮挡边界值;第四预设值为在无遮挡状态下,所述待连接设备发送的无线发射功率信息的最大无遮挡边界值。Optionally, in the identity authentication method provided by the present invention, if the first transmission loss value and the second transmission loss value satisfy a first preset condition, the device information of the device to be authenticated is added to the The trust list of the device to be connected, including: calculating the first ideal state distance according to the first transmission loss value; calculating the second ideal state distance according to the second transmission loss value; when the first ideal state distance is less than or equal to the third the preset value, and the second ideal state distance is less than or equal to the fourth preset value, determine that the first transmission loss value and the second transmission loss value meet the first preset condition, and add the device information of the device to be authenticated The trust list of the device to be connected; the third preset value is in the unobstructed state, the maximum unobstructed boundary value of the wireless transmit power information sent by the gateway device; the fourth preset value is in the unobstructed state, The maximum unobstructed boundary value of the wireless transmit power information sent by the device to be connected.

可选的,在本发明提供的身份认证方法中,若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,在将所述待认证设备的设备信息加入所述待连接设备的信任列表的步骤之前,还包括:若所述第二传输损耗值小于或等于第五预设值,或,所述待认证设备在预设时间段内接收到任意一条由待连接设备发送的无线发射功率信息所对应的传输损耗值小于或等于第五预设值,执行将所述待认证设备的设备信息加入所述待连接设备的信任列表的步骤;第五预设值为在无遮挡状态下,所述待连接设备发送的无线发射功率信息在第三预设范围内的最大传输损耗值。Optionally, in the identity authentication method provided by the present invention, if the first transmission loss value and the second transmission loss value satisfy the first preset condition, the device information of the device to be authenticated is added to the Before the step of describing the trust list of the device to be connected, it further includes: if the second transmission loss value is less than or equal to the fifth preset value, or, the device to be authenticated receives any message from the device to be authenticated within a preset time period The transmission loss value corresponding to the wireless transmission power information sent by the connecting device is less than or equal to the fifth preset value, and the step of adding the device information of the device to be authenticated to the trust list of the device to be connected is performed; the fifth preset value It is the maximum transmission loss value within the third preset range of the wireless transmission power information sent by the device to be connected in the unobstructed state.

第二方面,本发明提供一种身份认证系统,包括云平台、网关设备、待认证设备、待连接设备,所述待连接设备和所述网关设备广播无线发射功率信息;所述待认证设备接收所述无线发射功率信息,并向所述云平台发送所述无线发射功率信息;所述云平台接收待认证设备发送的无线发射功率信息,所述无线发射功率信息由网关设备和待连接设备发送给所述待认证设备,结合所述网关设备的无线发射功率信息、所述网关设备的RSSI门限值,确定所述网关设备和所述待认证设备之间的第一传输损耗值;结合所述待连接设备的无线发射功率信息、所述待连接设备的RSSI门限值,确定所述待连接设备和所述待认证设备之间的第二传输损耗值;若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表;所述待连接设备与所述信任列表中记载的待认证设备连接。In a second aspect, the present invention provides an identity authentication system, including a cloud platform, a gateway device, a device to be authenticated, and a device to be connected, wherein the device to be connected and the gateway device broadcast wireless transmit power information; the device to be authenticated receives the wireless transmission power information, and send the wireless transmission power information to the cloud platform; the cloud platform receives the wireless transmission power information sent by the device to be authenticated, and the wireless transmission power information is sent by the gateway device and the device to be connected For the device to be authenticated, combine the wireless transmit power information of the gateway device and the RSSI threshold value of the gateway device to determine the first transmission loss value between the gateway device and the device to be authenticated; The wireless transmit power information of the device to be connected, the RSSI threshold value of the device to be connected, determine the second transmission loss value between the device to be connected and the device to be authenticated; if the first transmission loss value , and the second transmission loss value satisfies the first preset condition, and the device information of the device to be authenticated is added to the trust list of the device to be connected; the device to be connected and the device to be authenticated recorded in the trust list device connection.

第三方面,本发明提供一种身份认证装置,包括信号接收模块,接收待认证设备发送的无线发射功率信息,所述无线发射功率信息由网关设备和待连接设备发送给所述待认证设备;第一传输损耗值计算模块,用于结合所述网关设备的无线发射功率信息、所述网关设备的RSSI门限值,确定所述网关设备和所述待认证设备之间的第一传输损耗值;第二传输损耗值计算模块,用于结合所述待连接设备的无线发射功率信息、所述待连接设备的RSSI门限值,确定所述待连接设备和所述待认证设备之间的第二传输损耗值;信号发送模块,若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,所述信号发送模块用于将所述待认证设备的设备信息加入所述待连接设备的信任列表,以使所述待连接设备按照所述信任列表与所述待认证设备连接。In a third aspect, the present invention provides an identity authentication device, comprising a signal receiving module for receiving wireless transmit power information sent by a device to be authenticated, the wireless transmit power information being sent to the device to be authenticated by a gateway device and a device to be connected; A first transmission loss value calculation module, configured to combine the wireless transmit power information of the gateway device and the RSSI threshold value of the gateway device to determine the first transmission loss value between the gateway device and the device to be authenticated ; The second transmission loss value calculation module is used to combine the wireless transmission power information of the device to be connected, the RSSI threshold value of the device to be connected, and determine the first connection between the device to be connected and the device to be authenticated. Two transmission loss values; a signal sending module, if the first transmission loss value and the second transmission loss value satisfy a first preset condition, the signal sending module is configured to add the device information of the device to be authenticated The trust list of the device to be connected, so that the device to be connected is connected with the device to be authenticated according to the trust list.

第四方面,本发明提供一种计算机设备,包括:至少一个处理器;以及与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,从而执行如本发明第一方面提供的身份认证方法。In a fourth aspect, the present invention provides a computer device, comprising: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor , the instruction is executed by the at least one processor, so as to execute the identity authentication method provided by the first aspect of the present invention.

第五方面,本发明提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使所述计算机执行如本发明第一方面提供的身份认证方法。In a fifth aspect, the present invention provides a computer-readable storage medium, where computer instructions are stored in the computer-readable storage medium, and the computer instructions are used to cause the computer to execute the identity authentication method provided in the first aspect of the present invention.

本发明技术方案,具有如下优点:The technical scheme of the present invention has the following advantages:

本发明提供的身份认证方法、系统及装置,接收待认证设备发送的无线发射功率信息,无线发射功率信息由网关设备和待连接设备发送给待认证设备,结合无线发射功率计算待认证设备与网关设备和待连接设备之间的第一传输损耗值、第二传输损耗值,通过判断第一传输损耗值和第二传输损耗值是否满足第一预设条件,从而确定待认证设备、网关设备以及待认证设备之间是否处于无遮挡状态,若第一传输损耗值和第二传输损耗值满足第一预设条件,判定待认证设备、网关设备以及待认证设备之间处于无遮挡状态,即待认证设备、网关设备、待认证设备位于同一个房间内,此时将待认证设备的设备信息加入待连接设备的信任列表,以使所述待连接设备按照所述信任列表与所述待认证设备连接,通过实施本发明,只有待认证设备、待连接设备、网关设备位于同一个房间内时,确定待认证设备为安全设备,才能实现待认证设备与待连接设备的连接,减小了信息泄露的风险,杜绝了连接时的安全漏洞,并且,认证过程中不需要手工认证,简化了身份认证的流程,降低了身份认证的难度,使得操作变得更加简单,大大降低了物联网设备的大规模部署的成本。The identity authentication method, system and device provided by the present invention receive wireless transmission power information sent by the device to be authenticated, the wireless transmission power information is sent by the gateway device and the device to be connected to the device to be authenticated, and the device to be authenticated and the gateway are calculated in combination with the wireless transmission power. The first transmission loss value and the second transmission loss value between the device and the device to be connected are determined by judging whether the first transmission loss value and the second transmission loss value satisfy the first preset condition, so as to determine the device to be authenticated, the gateway device and the Whether the devices to be authenticated are in an unobstructed state, if the first transmission loss value and the second transmission loss value satisfy the first preset condition, it is determined that the devices to be authenticated, the gateway device and the device to be authenticated are in an unobstructed state, that is, to be authenticated. The authentication device, the gateway device, and the device to be authenticated are located in the same room. At this time, the device information of the device to be authenticated is added to the trust list of the device to be connected, so that the device to be connected is connected to the device to be authenticated according to the trust list. Connection, by implementing the present invention, only when the device to be authenticated, the device to be connected, and the gateway device are located in the same room, and the device to be authenticated is determined to be a security device, the connection between the device to be authenticated and the device to be connected can be realized, reducing information leakage. In addition, manual authentication is not required during the authentication process, which simplifies the identity authentication process, reduces the difficulty of identity authentication, makes the operation easier, and greatly reduces the size of IoT devices. The cost of deploying at scale.

附图说明Description of drawings

为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the specific embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the specific embodiments or the prior art. Obviously, the accompanying drawings in the following description The drawings are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without creative efforts.

图1为本发明实施例中身份认证方法的一个具体示例的流程图;1 is a flowchart of a specific example of an identity authentication method in an embodiment of the present invention;

图2为本发明实施例中身份认证系统的一个具体示例的结构示意图;2 is a schematic structural diagram of a specific example of an identity authentication system in an embodiment of the present invention;

图3为本发明实施例中身份认证装置的一个具体示例的结构示意图;3 is a schematic structural diagram of a specific example of an identity authentication device in an embodiment of the present invention;

图4为本发明实施例中计算机设备的一个具体实例的结构示意图。FIG. 4 is a schematic structural diagram of a specific example of a computer device in an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合附图对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

除非上下文明确要求,否则整个说明书和权利要求书中的“包括”、“包含”等类似词语应当解释为包含的含义而不是排他或穷举的含义;也就是说,是“包括但不限于”的含义。Unless clearly required by the context, words such as "including", "comprising" and the like throughout the specification and claims should be construed in an inclusive rather than an exclusive or exhaustive sense; that is, "including but not limited to" meaning.

在本发明的描述中,需要理解的是,术语“第一”、“第二”等仅用于描述目的,而不能理解为指示或暗示相对重要性。此外,在本发明的描述中,除非另有说明,“多个”的含义是两个或两个以上。In the description of the present invention, it should be understood that the terms "first", "second" and the like are used for descriptive purposes only, and should not be construed as indicating or implying relative importance. Also, in the description of the present invention, unless otherwise specified, "plurality" means two or more.

此外,下面所描述的本发明不同实施方式中所涉及的技术特征只要彼此之间未构成冲突就可以相互结合。In addition, the technical features involved in the different embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.

本实施例提供一种身份认证方法,如图1所示,包括如下步骤:This embodiment provides an identity authentication method, as shown in FIG. 1 , including the following steps:

步骤S1:接收待认证设备发送的无线发射功率信息,所述无线发射功率信息由网关设备和待连接设备发送给所述待认证设备。Step S1: Receive wireless transmit power information sent by the device to be authenticated, where the wireless transmit power information is sent to the device to be authenticated by the gateway device and the device to be connected.

在一可选实施例中,待认证设备包括但不限于手机等含有BLE模块的设备,通过BLE模块接收待连接设备和网关设备发送的无线发射功率信息。In an optional embodiment, the device to be authenticated includes, but is not limited to, a device including a BLE module such as a mobile phone, and the wireless transmit power information sent by the device to be connected and the gateway device is received through the BLE module.

在一可选实施例中,待连接设备包括但不限于温度传感器、智能家电等设备。In an optional embodiment, the devices to be connected include, but are not limited to, temperature sensors, smart home appliances, and other devices.

在一可选实施例中,在同一房间内,一台网关设备可以连接多个待连接设备,一个待连接设备只能连接一台网关设备。In an optional embodiment, in the same room, one gateway device can be connected to multiple devices to be connected, and one device to be connected can only be connected to one gateway device.

在一可选实施例中,包含BLE模块的待连接设备以及网关设备在使用前需要预先在云平台中进行注册,注册信息中包括待连接设备和网关设备的RSSI门限值。In an optional embodiment, the device to be connected including the BLE module and the gateway device need to be registered in the cloud platform in advance before use, and the registration information includes the RSSI threshold value of the device to be connected and the gateway device.

在一可选实施例中,待连接设备和网关设备通过蓝牙向周边设备广播发送各自的无线发射功率信息,当待认证设备进入到网关设备或待连接的广播范围内,则自动接收网关设备或待连接设备发送的无线发射功率信息。In an optional embodiment, the device to be connected and the gateway device broadcast and send their respective wireless transmit power information to peripheral devices through Bluetooth, and when the device to be authenticated enters the gateway device or the broadcast range to be connected, the gateway device or the gateway device is automatically received. Wireless transmit power information sent by the device to be connected.

在一可选实施例中,待连接设备与网关设备的广播范围根据实际需求进行设置,示例性地,设置网关设备的广播距离为0.2米,当待认证设备距离网关设备0.2米时,待认证设备可以接收到网关设备发出的无线发射功率信息。In an optional embodiment, the broadcast range of the device to be connected and the gateway device is set according to actual needs. Exemplarily, the broadcast distance of the gateway device is set to be 0.2 meters. When the device to be authenticated is 0.2 meters away from the gateway device, the device to be authenticated The device can receive the wireless transmit power information sent by the gateway device.

在一可选实施例中,待认证设备需要打开APP并进入待连接设备的发射范围才可以自动接收待连接设备发送的无线发射功率信息。In an optional embodiment, the device to be authenticated needs to open the APP and enter the transmission range of the device to be connected before it can automatically receive the wireless transmit power information sent by the device to be connected.

在一可选实施例中,待认证设备通过APP将接收到的网关设备的无线发射功率信息和待连接设备的无线发射功率信息上报云平台。In an optional embodiment, the device to be authenticated reports the received wireless transmit power information of the gateway device and the wireless transmit power information of the device to be connected to the cloud platform through the APP.

步骤S2:结合网关设备的无线发射功率信息、网关设备的RSSI门限值,确定网关设备和待认证设备之间的第一传输损耗值。Step S2: Combine the wireless transmit power information of the gateway device and the RSSI threshold value of the gateway device to determine the first transmission loss value between the gateway device and the device to be authenticated.

在一可选实施例中,因为不同网关设备中的BLE模块的安装方式不同,导致不同的网关设备的实际最大RSSI门限值不同。In an optional embodiment, different gateway devices have different actual maximum RSSI thresholds due to different installation manners of the BLE modules in different gateway devices.

在一可选实施例中,根据网关设备注册时的设备信息获得该网关设备RSSI门限值。In an optional embodiment, the RSSI threshold value of the gateway device is obtained according to the device information when the gateway device is registered.

步骤S3:结合所述待连接设备的无线发射功率信息、所述待连接设备的RSSI门限值,确定所述待连接设备和所述待认证设备之间的第二传输损耗值;Step S3: Combine the wireless transmit power information of the device to be connected and the RSSI threshold value of the device to be connected to determine a second transmission loss value between the device to be connected and the device to be authenticated;

在一可选实施例中,因为不同待连接设备中的BLE模块的安装方式不同,导致不同的待连接设备的实际最大RSSI门限值不同。In an optional embodiment, different devices to be connected have different actual maximum RSSI thresholds due to different installation manners of the BLE modules in different devices to be connected.

在一可选实施例中,根据待连接设备注册时的设备信息获得该待连接设备RSSI门限值。In an optional embodiment, the RSSI threshold value of the device to be connected is obtained according to the device information when the device to be connected is registered.

步骤S4:若第一传输损耗值,以及第二传输损耗值满足第一预设条件,将待认证设备的设备信息加入待连接设备的信任列表,以使待连接设备按照信任列表与待认证设备连接。Step S4: if the first transmission loss value and the second transmission loss value satisfy the first preset condition, the device information of the device to be authenticated is added to the trust list of the device to be connected, so that the device to be connected is connected to the device to be authenticated according to the trust list. connect.

在一可选实施例中,传输损耗值的预设条件根据含有BLE模块的设备所处的环境进行设置。In an optional embodiment, the preset condition of the transmission loss value is set according to the environment in which the device containing the BLE module is located.

在一可选实施例中,当第一传输损耗值和第二传输损耗值满足第一预设条件,认为待认证设备、待连接设备、网关设备之间处于无遮挡状态,即待认证设备、待连接设备、网关设备位于同一个房间内。In an optional embodiment, when the first transmission loss value and the second transmission loss value satisfy the first preset condition, it is considered that the device to be authenticated, the device to be connected, and the gateway device are in an unobstructed state, that is, the device to be authenticated, The device to be connected and the gateway device are located in the same room.

在一可选实施例中,当待认证设备信息加入待连接设备的信任列表后,待认证设备可以直接控制待连接设备,使用待连接设备的功能。In an optional embodiment, after the device to be authenticated is added to the trust list of the device to be connected, the device to be authenticated can directly control the device to be connected and use the function of the device to be connected.

本发明实施例提供的身份认证方法,接收待认证设备发送的无线发射功率信息,无线发射功率信息由网关设备和待连接设备发送给待认证设备,结合无线发射功率计算待认证设备与网关设备和待连接设备之间的第一传输损耗值、第二传输损耗值,通过判断第一传输损耗值和第二传输损耗值是否满足第一预设条件,从而确定待认证设备、网关设备以及待认证设备之间是否处于无遮挡状态,若第一传输损耗值和第二传输损耗值满足第一预设条件,判定待认证设备、网关设备以及待认证设备之间处于无遮挡状态,即待认证设备、网关设备、待认证设备位于同一个房间内,此时将待认证设备的设备信息加入待连接设备的信任列表,以使所述待连接设备按照所述信任列表与所述待认证设备连接,在执行本发明实施例时,只有待认证设备、待连接设备、网关设备位于同一个房间内时,确定待认证设备为安全设备,才能实现待认证设备与待连接设备的连接,减小了信息泄露的风险,杜绝了连接时的安全漏洞,并且,认证过程中不需要手工认证,简化了的流程,降低了身份认证的难度,使得操作变得更加简单,大大降低了物联网设备的大规模部署的成本。The identity authentication method provided by the embodiment of the present invention receives wireless transmit power information sent by the device to be authenticated, the wireless transmit power information is sent by the gateway device and the device to be connected to the device to be authenticated, and the device to be authenticated and the gateway device are calculated in combination with the wireless transmit power. The first transmission loss value and the second transmission loss value between the devices to be connected are determined by judging whether the first transmission loss value and the second transmission loss value satisfy the first preset condition, so as to determine the device to be authenticated, the gateway device and the device to be authenticated Whether the devices are in an unobstructed state, if the first transmission loss value and the second transmission loss value meet the first preset condition, it is determined that the device to be authenticated, the gateway device, and the device to be authenticated are in an unobstructed state, that is, the device to be authenticated , the gateway device, and the device to be authenticated are located in the same room. At this time, the device information of the device to be authenticated is added to the trust list of the device to be connected, so that the device to be connected is connected to the device to be authenticated according to the trust list. When implementing the embodiment of the present invention, only when the device to be authenticated, the device to be connected, and the gateway device are located in the same room, and the device to be authenticated is determined to be a security device, the connection between the device to be authenticated and the device to be connected can be realized, and the information is reduced. The risk of leakage eliminates security loopholes during connection, and manual authentication is not required during the authentication process, which simplifies the process, reduces the difficulty of identity authentication, makes the operation easier, and greatly reduces the scale of IoT devices. cost of deployment.

在一可选实施例中,结合网关设备的无线发射功率信息、网关设备的RSSI门限值,确定网关设备和待认证设备之间第一传输损耗值的步骤,包括:In an optional embodiment, combining the wireless transmit power information of the gateway device and the RSSI threshold value of the gateway device, the step of determining the first transmission loss value between the gateway device and the device to be authenticated includes:

首先,根据网关设备的无线发射功率信息,确定待认证设备接收到网关设备的RSSI实际值。First, according to the wireless transmit power information of the gateway device, determine the actual value of RSSI that the device to be authenticated receives from the gateway device.

然后,根据RSSI实际值和网关设备的RSSI门限计算第一传输损耗值。Then, the first transmission loss value is calculated according to the actual value of RSSI and the RSSI threshold of the gateway device.

在一可选实施例中,第一传输损耗值是待认证设备接收网关设备无线发射功率信息的过程中,电磁波强度因环境因素而造成的损耗。In an optional embodiment, the first transmission loss value is the loss of electromagnetic wave intensity due to environmental factors in the process of receiving the wireless transmission power information of the gateway device by the device to be authenticated.

在一可选实施例中,在信息传输过程中,RSSI的实际值受到包括但不限于空气、遮挡物、蓝牙传输损耗的影响。In an optional embodiment, during the information transmission process, the actual value of RSSI is affected by, but not limited to, air, obstructions, and Bluetooth transmission loss.

在一可选实施例中,结合待连接设备的无线发射功率信息、待连接设备的RSSI门限值,确定待连接设备和待认证设备之间的第二传输损耗值的步骤,包括:In an optional embodiment, the step of determining the second transmission loss value between the device to be connected and the device to be authenticated includes:

首先,根据待连接设备的无线发射功率信息,确定待认证设备接收到待连接设备的RSSI实际值。First, according to the wireless transmit power information of the device to be connected, it is determined that the device to be authenticated receives the actual value of RSSI of the device to be connected.

然后,根据RSSI实际值和待连接设备的RSSI门限计算待连接设备功率信息的第二传输损耗值。Then, the second transmission loss value of the power information of the device to be connected is calculated according to the actual value of RSSI and the RSSI threshold of the device to be connected.

在一可选实施例中,第二传输损耗值是待认证设备接收待连接设备无线发射功率信息的过程中,电磁波强度因环境因素而造成的损耗。In an optional embodiment, the second transmission loss value is the loss of electromagnetic wave intensity due to environmental factors in the process of receiving the wireless transmission power information of the device to be connected by the device to be authenticated.

在一可选实施例中,在电磁波在传输过程中穿透物体时,会对电磁波强度造成一些损耗,具体造成的损耗根穿透的物体有关系,示例性地,穿透8毫米木板造成的电磁波强度损耗在1db-1.8db,穿透12毫米玻璃造成的电磁波强度损耗约在2db-3db,穿透25厘米水泥墙造成的电磁波损耗约在20-30db。In an optional embodiment, when the electromagnetic wave penetrates the object during the transmission process, it will cause some loss of the intensity of the electromagnetic wave, and the specific loss is related to the penetrated object. The electromagnetic wave intensity loss is 1db-1.8db, the electromagnetic wave intensity loss caused by penetrating 12mm glass is about 2db-3db, and the electromagnetic wave loss caused by penetrating a 25cm cement wall is about 20-30db.

在一可选实施例中,实际应用中,蓝牙天线的效率通常在30%-40%,因此天线造成的损耗在8db-10db,示例性地,当待认证设备与待连接设备距离为0.2米时,总损耗约为:34db(空中25db(空中)+9db(天线)),芯片RSSI计量误差在2db-3db,因此待认证设备与待连接设备距离为0.2米时测试得损耗为40db(34+2*3)。In an optional embodiment, in practical applications, the efficiency of the Bluetooth antenna is usually 30%-40%, so the loss caused by the antenna is 8db-10db, for example, when the distance between the device to be authenticated and the device to be connected is 0.2 meters The total loss is about: 34db (25db (air) + 9db (antenna) in the air), and the RSSI measurement error of the chip is 2db-3db, so when the distance between the device to be certified and the device to be connected is 0.2 meters, the test loss is 40db (34 +2*3).

在一可选实施例中,若所述第一传输损耗值,以及所述第二传输损耗值满足第一预设条件,将所述待认证设备的设备信息加入所述待连接设备的信任列表的步骤,包括:In an optional embodiment, if the first transmission loss value and the second transmission loss value satisfy a first preset condition, the device information of the device to be authenticated is added to the trust list of the device to be connected steps, including:

若第一传输损耗值小于或等于第一预设值,且第二传输损耗值小于或等于第二预设值,判定第一传输损耗值以及第二传输损耗值满足第一预设条件,将待认证设备的设备信息加入待连接设备的信任列表;第一预设值为在无遮挡状态下,网关设备发送的无线发射功率信息在第一预设范围内传输损耗值的最大传输损耗值;第二预设值为在无遮挡状态下,待连接设备发送的无线发射功率信息在第二预设范围内的最大传输损耗值。If the first transmission loss value is less than or equal to the first preset value, and the second transmission loss value is less than or equal to the second preset value, it is determined that the first transmission loss value and the second transmission loss value satisfy the first preset condition, and the The device information of the device to be authenticated is added to the trust list of the device to be connected; the first preset value is the maximum transmission loss value of the transmission loss value within the first preset range of the wireless transmission power information sent by the gateway device in the unobstructed state; The second preset value is the maximum transmission loss value within the second preset range of the wireless transmission power information sent by the device to be connected in the unobstructed state.

在一可选实施例中,当第一传输损耗值大于第一预设值,和/或,第二传输损耗值大于第二预设值时,则判定待认证设备、网关设备、待连接设备不在同一房间内,此时第一传输损耗值以及第二传输损耗值不满足第一预设条件。In an optional embodiment, when the first transmission loss value is greater than the first preset value, and/or the second transmission loss value is greater than the second preset value, it is determined that the device to be authenticated, the gateway device, the device to be connected If they are not in the same room, at this time, the first transmission loss value and the second transmission loss value do not meet the first preset condition.

在一可选实施例中,第一预设值和第二预设值可以根据网关设备和待连接设备所处环境进行设置,若网关设备放置在盒子内,此时可以设置较大的第一预设值,若网关设备设置暴露在外,可以设置较小的第一预设值,同理,若待连接设备放置在盒子内,此时可以设置较大的第二预设值,若待连接设备设置暴露在外,可以设置较小的第二预设值。示例性地,网关设备放在8毫米木板箱子内的第一预设值比放在空地中的第一预设值大1db-1.8db,具体视实际情况而定。In an optional embodiment, the first preset value and the second preset value can be set according to the environment where the gateway device and the device to be connected are located. If the gateway device is placed in a box, a larger first value can be set at this time. The default value. If the gateway device settings are exposed, a smaller first preset value can be set. Similarly, if the device to be connected is placed in a box, a larger second preset value can be set at this time. The device settings are exposed and a smaller second preset can be set. Exemplarily, the first preset value of the gateway device placed in the 8mm wooden box is 1db-1.8db larger than the first preset value placed in the open space, depending on the actual situation.

在一可选实施例中,第一预设范围根据网关设备所处的环境进行设置,示例性地,可以设置第一预设范围为50cm,只有待认证设备在网关设备在以网关设备为中心,半径50cm的球形范围内才可以接收到网关设备发的无线发射功率信息。In an optional embodiment, the first preset range is set according to the environment in which the gateway device is located. Exemplarily, the first preset range can be set to 50 cm, and only the device to be authenticated is centered on the gateway device when the gateway device is located. , the wireless transmission power information sent by the gateway device can be received only within a spherical range with a radius of 50cm.

在一可选实施例中,当待认证设备加入到待连接设备的信任列表后,待认证设备才可以与待连接设备连接,并控制待连接设备。In an optional embodiment, after the device to be authenticated is added to the trust list of the device to be connected, the device to be authenticated can be connected to the device to be connected and control the device to be connected.

在一可选实施例中,若第一传输损耗值,以及第二传输损耗值满足第一预设条件,将待认证设备的设备信息加入待连接设备的信任列表的步骤,包括:In an optional embodiment, if the first transmission loss value and the second transmission loss value satisfy the first preset condition, the step of adding the device information of the device to be authenticated to the trust list of the device to be connected includes:

根据第一传输损耗值计算第一理想状态距离,根据第二传输损耗值计算第二理想状态距离。The first ideal state distance is calculated according to the first transmission loss value, and the second ideal state distance is calculated according to the second transmission loss value.

当第一理想状态距离小于或等于第三预设值,且第二理想状态距离小于或等于第四预设值,判定第一传输损耗值以及第二传输损耗值满足第一预设条件,将待认证设备的设备信息加入待连接设备的信任列表;第三预设值为在无遮挡状态下,网关设备发送的无线发射功率信息在第一预设范围内的最远距离;第四预设值为在无遮挡状态下,待连接设备发送的无线发射功率信息在第二预设范围内的最远距离。When the first ideal state distance is less than or equal to the third preset value, and the second ideal state distance is less than or equal to the fourth preset value, it is determined that the first transmission loss value and the second transmission loss value satisfy the first preset condition, and the The device information of the device to be authenticated is added to the trust list of the device to be connected; the third preset value is the longest distance within the first preset range of the wireless transmission power information sent by the gateway device in the unobstructed state; the fourth preset value is The value is the farthest distance within the second preset range of the wireless transmit power information sent by the device to be connected in the unobstructed state.

在一可选实施例中,可以通过对距离的判断计算待认证设备和网关设备、待认证设备和待连接设备是否处于无遮挡状态,把在第一传输损耗值和第二传输损耗值理解为自由空间损耗,通过自由空间损耗计算得到距离,通过该距离与第一预设范围、第二预设范围进行的比较,当待认证设备与网关设备中间有遮挡物时,则第一理想距离会大于第一预设范围,当待认证设备与待连接设备中间有遮挡物时,则第一理想距离会大于第一预设范围,可以根据距离快速判断待认证设备与网关设备之间、认证设备与待连接设备是否有遮挡物。In an optional embodiment, it is possible to calculate whether the device to be authenticated and the gateway device, the device to be authenticated and the device to be connected are in an unobstructed state by judging the distance, and the first transmission loss value and the second transmission loss value can be understood as Free space loss, the distance is obtained by calculating the free space loss, and by comparing the distance with the first preset range and the second preset range, when there is an obstruction between the device to be authenticated and the gateway device, the first ideal distance will be Greater than the first preset range, when there is an obstruction between the device to be authenticated and the device to be connected, the first ideal distance will be greater than the first preset range, and the distance between the device to be authenticated and the gateway device and the authentication device can be quickly determined according to the distance. Whether there is any obstruction with the device to be connected.

在一可选实施例中,距离的计算公式:In an optional embodiment, the calculation formula of the distance is:

Lbf=32.5+20lgF+20lgDLbf=32.5+20lgF+20lgD

Lbf=自由空间损耗(dB)/D=距离(km)/F=频率(MHz)Lbf = free space loss (dB) / D = distance (km) / F = frequency (MHz)

在一可选实施例中,若第一传输损耗值,以及第二传输损耗值满足第一预设条件,在将待认证设备的设备信息加入待连接设备的信任列表的步骤之前,还包括:In an optional embodiment, if the first transmission loss value and the second transmission loss value satisfy the first preset condition, before the step of adding the device information of the device to be authenticated to the trust list of the device to be connected, the method further includes:

待认证设备在限制时间内接收到任意一条由待连接设备发送的无线发射功率信息所对应的传输损耗值小于或等于第五预设值,执行将待认证设备的设备信息加入待连接设备的信任列表的步骤;第五预设值为在无遮挡状态下,待连接设备发送的无线发射功率信息在第三预设范围内的最大传输损耗值。When the device to be authenticated receives any piece of wireless transmission power information sent by the device to be connected within the time limit, the transmission loss value corresponding to the value is less than or equal to the fifth preset value, and the device information of the device to be authenticated is added to the trust of the device to be connected. The step of listing; the fifth preset value is the maximum transmission loss value within the third preset range of the wireless transmission power information sent by the device to be connected in the unobstructed state.

为避免出现一种情况,在一房间连接网关设备,立马又去另一房间连接该房间的待连接设备,所以设置一个限制时间,待认证设备需要在连接网关设备后,在该限制时间内接收到待连接设备发送的无线发射功率信息的传输损耗值小于或等于第五预设值,通过本实施例可以确定网关设备、待认证设备、待连接设备在同一房间内。In order to avoid a situation where the gateway device is connected in one room, and then immediately goes to another room to connect the device to be connected in the room, a time limit is set. The device to be authenticated needs to receive the device within the time limit after connecting to the gateway device. The transmission loss value of the wireless transmission power information sent to the device to be connected is less than or equal to the fifth preset value. Through this embodiment, it can be determined that the gateway device, the device to be authenticated, and the device to be connected are in the same room.

在一可选实施例中,当待认证设备要具体连接到一台待连接设备时,需要靠近该设备一定范围,第三预设范围就是需要靠近的范围,通过第二传输损耗值与第三预设范围内的最大传输损耗值进行比较,当第二传输损耗值小于第三预设范围的内的最大传输损耗值时,则认为待认证设备靠近了待连接设备。In an optional embodiment, when the device to be authenticated is specifically connected to a device to be connected, it needs to be close to the device within a certain range, and the third preset range is the range that needs to be approached. The maximum transmission loss value within the preset range is compared, and when the second transmission loss value is smaller than the maximum transmission loss value within the third preset range, it is considered that the device to be authenticated is close to the device to be connected.

本实施例提供一种身份认证系统,如图2所示,包括:云平台24、网关设备22、待认证设备21、待连接设备23。This embodiment provides an identity authentication system, as shown in FIG. 2 , including: a cloud platform 24 , a gateway device 22 , a device to be authenticated 21 , and a device to be connected 23 .

待连接设备23和所述网关设备22广播无线发射功率信息,详细内容见上述实施例中步骤S1的描述,在此不再赘述。The to-be-connected device 23 and the gateway device 22 broadcast the wireless transmission power information. For details, refer to the description of step S1 in the above embodiment, which will not be repeated here.

待认证设备21接收无线发射功率信息,并向云平台24发送无线发射功率信息,详细内容见上述实施例中步骤S1的描述,在此不再赘述。The to-be-authenticated device 21 receives the wireless transmission power information, and sends the wireless transmission power information to the cloud platform 24. For details, see the description of step S1 in the above embodiment, and details are not repeated here.

云平台24接收待认证设备21发送的无线发射功率信息,无线发射功率信息由网关设备22和待连接设备23发送给待认证设备21,结合网关设备22的无线发射功率信息、网关设备22的RSSI门限值,确定网关设备22和待认证设备21之间的第一传输损耗值;结合待连接设备23的无线发射功率信息、待连接设备23的RSSI门限值,确定待连接设备23和待认证设备21之间的第二传输损耗值;若第一传输损耗值,以及第二传输损耗值满足第一预设条件,将待认证设备21的设备信息加入待连接设备23的信任列表详细内容见上述实施例中步骤S1-步骤S4的描述,在此不再赘述。The cloud platform 24 receives the wireless transmit power information sent by the device to be authenticated 21, and the wireless transmit power information is sent by the gateway device 22 and the device to be connected 23 to the device to be authenticated 21, combined with the wireless transmit power information of the gateway device 22 and the RSSI of the gateway device 22 threshold value, determine the first transmission loss value between the gateway device 22 and the device to be authenticated 21; combine the wireless transmit power information of the device to be connected 23, the RSSI threshold value of the device to be connected 23, determine the device to be connected 23 and the device to be connected The second transmission loss value between the authentication devices 21; if the first transmission loss value and the second transmission loss value satisfy the first preset condition, the device information of the device to be authenticated 21 is added to the trust list of the device to be connected 23 Details See the description of step S1-step S4 in the above-mentioned embodiment, which will not be repeated here.

待连接设备23与信任列表中记载的待认证设备21连接。详细内容见上述实施例中步骤S4的描述,在此不再赘述。The device to be connected 23 is connected to the device to be authenticated 21 recorded in the trust list. For details, see the description of step S4 in the foregoing embodiment, which is not repeated here.

本实施例提供一种身份认证装置,如图3所示,包括:This embodiment provides an identity authentication device, as shown in FIG. 3 , including:

信号接收模块31,用于接收待认证设备发送的无线发射功率信息,所述无线发射功率信息由网关设备和待连接设备发送给所述待认证设备,详细内容见上述实施例中步骤S1的描述,在此不再赘述。The signal receiving module 31 is configured to receive the wireless transmission power information sent by the device to be authenticated. The wireless transmission power information is sent by the gateway device and the device to be connected to the device to be authenticated. For details, see the description of step S1 in the above embodiment. , and will not be repeated here.

第一传输损耗值计算模块32,用于结合所述网关设备的无线发射功率信息、所述网关设备的RSSI门限值,确定所述网关设备和所述待认证设备之间的第一传输损耗值,详细内容见上述实施例中步骤S2的描述,在此不再赘述。The first transmission loss value calculation module 32 is configured to combine the wireless transmission power information of the gateway device and the RSSI threshold value of the gateway device to determine the first transmission loss between the gateway device and the device to be authenticated For details, see the description of step S2 in the above embodiment, and details are not repeated here.

第二传输损耗值计算模块33,用于结合所述待连接设备的无线发射功率信息、所述待连接设备的RSSI门限值,确定所述待连接设备和所述待认证设备之间的第二传输损耗值,详细内容见上述实施例中步骤S3的描述,在此不再赘述。The second transmission loss value calculation module 33 is configured to combine the wireless transmit power information of the device to be connected and the RSSI threshold value of the device to be connected to determine the first transmission loss between the device to be connected and the device to be authenticated 2. The transmission loss value, see the description of step S3 in the above embodiment for details, and details are not repeated here.

信号发送模块34,若第一传输损耗值、第二传输损耗值满足预设条件,将待认证设备的设备信息加入待连接设备的信任列表,以使待连接设备按照所述信任列表与待认证设备连接,详细内容见上述实施例中步骤S4的描述,在此不再赘述。The signal sending module 34, if the first transmission loss value and the second transmission loss value meet the preset conditions, add the device information of the device to be authenticated to the trust list of the device to be connected, so that the device to be connected is based on the trust list and the device to be authenticated. For the device connection, see the description of step S4 in the above embodiment for details, and details are not repeated here.

本发明实施例提供一种计算机设备,如图4所示,包括:至少一个处理器41,例如CPU(Central Processing Unit,中央处理器),至少一个通信接口42,存储器44,至少一个通信总线43。其中,通信总线43用于实现这些件之间的连接通信。其中,通信接口42可以包括显示屏(Display)、键盘(Keyboard),可选通信接口42还可以包括标准的有线接口、无线接口。An embodiment of the present invention provides a computer device, as shown in FIG. 4 , including: at least one processor 41 , such as a CPU (Central Processing Unit, central processing unit), at least one communication interface 42 , a memory 44 , and at least one communication bus 43 . Among them, the communication bus 43 is used to realize the connection and communication between these pieces. The communication interface 42 may include a display screen (Display) and a keyboard (Keyboard), and the optional communication interface 42 may also include a standard wired interface and a wireless interface.

存储器44可以是高速RAM存储器(Ramdom Access Memory,易挥发性随机存取存储器),也可以是非不稳定的存储器(non-volatilememory),例如至少一个磁盘存储器。存储器44可选的还可以是至少一个位于远离前述处理器41的存储装置。其中处理器41可以执行上述实施例中提供中的身份认证方法。存储器44中存储一组程序代码,且处理器41调用存储器44中存储的程序代码,以用于执行上述实施例中提供的身份认证方法。其中,通信总线43可以是外设部件互连标(peripheralcomponent interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。通信总线43可以分为地址总线、数据总线、控制总线等。为便于表示,图4中仅用一条线表示,但并不表仅有一根总线或一种类型的总线。其中,存储器44可以包括易失性存储(英文:volatilememory),例如随机存取存储器(英文:random-access memory,缩写:RAM);存储器也可以包括非易失性存储器(英文:non-volatile memory),例如快闪存储器(英文:flash memory),硬盘(英文:hard disk drive,缩写:HDD)或固降硬盘(英文:solid-state drive,缩写:SSD);存储器44还可以包括上述种类的存储器的组合。其中,处理器41可以是中央处理器(英文:central processing unit,缩写:CPU),网络处理器(英文:network processor,缩写:NP)或者CPU和NP的组合。其中,处理器41还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(英文:application-specific integrated circuit,缩写:ASIC),可编程逻辑器件(英文:programmable logic device,缩写:PLD)或其组合。The memory 44 may be a high-speed RAM memory (Ramdom Access Memory, volatile random access memory), or may be a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 44 can optionally also be at least one storage device located away from the aforementioned processor 41 . The processor 41 may execute the identity authentication methods provided in the above embodiments. A set of program codes is stored in the memory 44, and the processor 41 calls the program codes stored in the memory 44 for executing the identity authentication method provided in the above-mentioned embodiment. The communication bus 43 may be a peripheral component interconnect (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The communication bus 43 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one line is shown in FIG. 4, but it does not mean that there is only one bus or one type of bus. The memory 44 may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory) ), such as flash memory (English: flash memory), hard disk (English: hard disk drive, abbreviation: HDD) or solid-state drive (English: solid-state drive, abbreviation: SSD); the memory 44 may also include the above types of combination of memory. The processor 41 may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP. The processor 41 may further include a hardware chip. The above-mentioned hardware chip may be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof.

上述PLD可以是复杂可编程逻辑器件(英文:complex programmablelogicdevice,缩写:CPLD),现场可编程逻辑门阵列(英文:field-programmable gatearray,缩写:FPGA),通用阵列逻辑(英文:generic array logic,缩写:GAL)或其任意组合。The above-mentioned PLD may be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), a field programmable gate array (English: field-programmable gate array, abbreviation: FPGA), a general-purpose array logic (English: generic array logic, abbreviation: FPGA) : GAL) or any combination thereof.

本发明实施例提供一种计算机可读存储介质,所述计算机存储介质存储有计算机可执行指令,该计算机可执行指令可执行上述任意方法实施例中的身份认证方法。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)、随机存储记忆体(Random Access Memory,RAM)、快闪存储器(Flash Memory)、硬盘(Hard Disk Drive,缩写:HDD)或固降硬盘(Solid-State Drive,SSD)等;存储介质还可以包括上述种类的存储器的组合。Embodiments of the present invention provide a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions can execute the identity authentication method in any of the foregoing method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard Disk Drive) , abbreviation: HDD) or solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

显然,上述实施例仅仅是为清楚地说明所作的举例,而并非对实施方式的限定。对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动。这里无需也无法对所有的实施方式予以穷举。而由此所引伸出的显而易见的变化或变动仍处于本发明创造的保护范围之中。Obviously, the above-mentioned embodiments are only examples for clear description, and are not intended to limit the implementation manner. For those of ordinary skill in the art, changes or modifications in other different forms can also be made on the basis of the above description. There is no need and cannot be exhaustive of all implementations here. And the obvious changes or changes derived from this are still within the protection scope of the present invention.

Claims (10)

1. An identity authentication method, the method comprising:
receiving wireless transmitting power information sent by equipment to be authenticated, wherein the wireless transmitting power information is sent to the equipment to be authenticated by gateway equipment and the equipment to be connected;
determining a first transmission loss value between the gateway device and the device to be authenticated by combining the wireless transmission power information of the gateway device and the RSSI threshold value of the gateway device;
determining a second transmission loss value between the equipment to be connected and the equipment to be authenticated by combining the wireless transmission power information of the equipment to be connected and the RSSI threshold value of the equipment to be connected;
and if the first transmission loss value and the second transmission loss value meet a first preset condition, adding the equipment information of the equipment to be authenticated into a trust list of the equipment to be connected so that the equipment to be connected is connected with the equipment to be authenticated according to the trust list.
2. The identity authentication method of claim 1, wherein determining a first transmission loss value between the gateway device and the device to be authenticated by combining the wireless transmission power information of the gateway device and an RSSI threshold value of the gateway device comprises:
determining an RSSI actual value of the gateway equipment received by the equipment to be authenticated according to the wireless transmission power information of the gateway equipment;
and calculating the first transmission loss value according to the RSSI actual value and the RSSI threshold of the gateway equipment.
3. The identity authentication method of claim 1, wherein determining a second transmission loss value between the device to be connected and the device to be authenticated by combining the wireless transmission power information of the device to be connected and an RSSI threshold value of the device to be connected comprises:
determining the RSSI actual value of the equipment to be connected received by the equipment to be authenticated according to the wireless transmission power information of the equipment to be connected;
and calculating a second transmission loss value of the power information of the equipment to be connected according to the actual RSSI value and the RSSI threshold of the equipment to be connected.
4. The identity authentication method according to claim 1, wherein if the first transmission loss value and the second transmission loss value satisfy a first preset condition, adding the device information of the device to be authenticated to a trust list of the device to be connected, includes:
if the first transmission loss value is smaller than or equal to a first preset value and the second transmission loss value is smaller than or equal to a second preset value, judging that the first transmission loss value and the second transmission loss value meet a first preset condition, and adding the equipment information of the equipment to be authenticated into a trust list of the equipment to be connected; the first preset value is the maximum transmission loss value of the wireless transmitting power information sent by the gateway equipment in a first preset range under the non-shielding state; the second preset value is the maximum transmission loss value of the wireless transmission power information sent by the equipment to be connected within a second preset range in a non-shielding state.
5. The identity authentication method according to claim 1, wherein if the first transmission loss value and the second transmission loss value satisfy a first preset condition, adding the device information of the device to be authenticated to a trust list of the device to be connected, includes:
calculating a first ideal state distance according to the first transmission loss value;
calculating a second ideal state distance according to the second transmission loss value;
when the first ideal state distance is smaller than or equal to a third preset value and the second ideal state distance is smaller than or equal to a fourth preset value, judging that the first transmission loss value and the second transmission loss value meet a first preset condition, and adding the equipment information of the equipment to be authenticated into a trust list of the equipment to be connected; the third preset value is a maximum non-occlusion boundary value of the wireless transmission power information of the gateway equipment in a non-occlusion state; and the fourth preset value is the maximum non-shielding boundary value of the wireless transmitting power information of the equipment to be connected in a non-shielding state.
6. The identity authentication method according to claim 1, 4 or 5, wherein if the first transmission loss value and the second transmission loss value satisfy a first preset condition, before the step of adding the device information of the device to be authenticated to the trust list of the device to be connected, the method further comprises:
if the second transmission loss value is smaller than or equal to a fifth preset value, or the transmission loss value corresponding to any piece of wireless transmission power information sent by the equipment to be connected and received by the equipment to be authenticated in a preset time period is smaller than or equal to the fifth preset value, executing a step of adding the equipment information of the equipment to be authenticated into a trust list of the equipment to be connected; and the fifth preset value is the maximum transmission loss value of the wireless transmission power information sent by the equipment to be connected within a third preset range in a non-shielding state.
7. An identity authentication system is characterized by comprising a cloud platform, gateway equipment, equipment to be authenticated and equipment to be connected,
the equipment to be connected and the gateway equipment broadcast wireless transmission power information;
the equipment to be authenticated receives the wireless transmission power information and sends the wireless transmission power information to the cloud platform;
the cloud platform receives wireless transmission power information sent by equipment to be authenticated, the wireless transmission power information is sent to the equipment to be authenticated by gateway equipment and equipment to be connected, and a first transmission loss value between the gateway equipment and the equipment to be authenticated is determined by combining the wireless transmission power information of the gateway equipment and an RSSI threshold value of the gateway equipment; determining a second transmission loss value between the equipment to be connected and the equipment to be authenticated by combining the wireless transmission power information of the equipment to be connected and the RSSI threshold value of the equipment to be connected; if the first transmission loss value and the second transmission loss value meet a first preset condition, adding the equipment information of the equipment to be authenticated into a trust list of the equipment to be connected;
and the equipment to be connected is connected with the equipment to be authenticated recorded in the trust list.
8. An identity authentication apparatus, comprising:
the system comprises a signal receiving module, a wireless transmitting power information receiving module and a wireless transmitting power information transmitting module, wherein the wireless transmitting power information is transmitted to equipment to be authenticated by gateway equipment and equipment to be connected;
a first transmission loss value calculation module, configured to determine, by combining the wireless transmission power information of the gateway device and the RSSI threshold value of the gateway device, a first transmission loss value between the gateway device and the device to be authenticated;
a second transmission loss value calculating module, configured to determine, by combining the wireless transmission power information of the device to be connected and the RSSI threshold value of the device to be connected, a second transmission loss value between the device to be connected and the device to be authenticated;
and if the first transmission loss value and the second transmission loss value meet a first preset condition, the signal sending module is used for adding the equipment information of the equipment to be authenticated into a trust list of the equipment to be connected so that the equipment to be connected is connected with the equipment to be authenticated according to the trust list.
9. A computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to perform the identity authentication method of any one of claims 1-6.
10. A computer-readable storage medium storing computer instructions for causing a computer to perform the method of authenticating identity of any one of claims 1-6.
CN202210202337.5A 2022-03-03 2022-03-03 Identity authentication method, system and device Pending CN114584983A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210202337.5A CN114584983A (en) 2022-03-03 2022-03-03 Identity authentication method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210202337.5A CN114584983A (en) 2022-03-03 2022-03-03 Identity authentication method, system and device

Publications (1)

Publication Number Publication Date
CN114584983A true CN114584983A (en) 2022-06-03

Family

ID=81771307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210202337.5A Pending CN114584983A (en) 2022-03-03 2022-03-03 Identity authentication method, system and device

Country Status (1)

Country Link
CN (1) CN114584983A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040203600A1 (en) * 2000-10-10 2004-10-14 Mccorkle John W. System and method for providing device authentication in a wireless network
CN103987044A (en) * 2014-06-03 2014-08-13 北京邮电大学 A Body Area Network Node Authentication Mechanism Based on Poor Received Signal Strength
WO2017016065A1 (en) * 2015-07-29 2017-02-02 宇龙计算机通信科技(深圳)有限公司 Smart home system equipment authentication method and apparatus
WO2018058796A1 (en) * 2016-09-28 2018-04-05 南京物联传感技术有限公司 Intelligent hardware apparatus-based security system employing proximity recognition matching
US20180184298A1 (en) * 2016-12-27 2018-06-28 Lite-On Electronics (Guangzhou) Limited GATEWAY, GATEWAY SETUP METHOD, AND IoT DEVICE SETUP METHOD IN IoT SYSTEM

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040203600A1 (en) * 2000-10-10 2004-10-14 Mccorkle John W. System and method for providing device authentication in a wireless network
CN103987044A (en) * 2014-06-03 2014-08-13 北京邮电大学 A Body Area Network Node Authentication Mechanism Based on Poor Received Signal Strength
WO2017016065A1 (en) * 2015-07-29 2017-02-02 宇龙计算机通信科技(深圳)有限公司 Smart home system equipment authentication method and apparatus
WO2018058796A1 (en) * 2016-09-28 2018-04-05 南京物联传感技术有限公司 Intelligent hardware apparatus-based security system employing proximity recognition matching
US20180184298A1 (en) * 2016-12-27 2018-06-28 Lite-On Electronics (Guangzhou) Limited GATEWAY, GATEWAY SETUP METHOD, AND IoT DEVICE SETUP METHOD IN IoT SYSTEM

Similar Documents

Publication Publication Date Title
CN104540128B (en) The method, apparatus and system of wireless network access
JP6509911B2 (en) Apparatus and method for high speed onboard internet enabled devices
CN104540186B (en) Method, device and system for wireless network access
CN108667699B (en) A method and device for interconnection between terminal equipment and gateway equipment
US11722877B2 (en) Method for discovering Bluetooth device and Bluetooth device
CN108781208B (en) Automatic wireless communication protocol switching
CN103181208B (en) Method and system for controlling terminal equipment access to wireless network
US10602362B2 (en) Gateway, gateway setup method, and IoT device setup method in IoT system
CN110546933A (en) Detecting Medium Access Control (MAC) address spoofing in Wi-Fi networks using channel correlation
WO2021184772A1 (en) Network distribution method and apparatus, electronic device, and computer readable medium
CN107703375A (en) Mobile terminal antenna test system and method
CN111726242A (en) Electronic device and control method thereof
CN111800820A (en) Method and user equipment for side link relay processing
TWI729114B (en) Wireless local area network access control method and device
CN110771059B (en) User device and random access control method
CN106102077A (en) Realize the method and device of wireless relay
JP7738131B2 (en) Service quality management system, terminal, server, service quality management program, and service quality management method
CN114584983A (en) Identity authentication method, system and device
CN107708141A (en) A wireless network scanning method, mobile terminal and storage medium
CN107969027B (en) Wireless network management method, wireless network management device and intelligent terminal
CN117715084A (en) A networking method and device for wireless equipment
AU2017403047A1 (en) Handover control method, and network-side device and system
CN103596249B (en) System and method for setting wireless network
CN105703965A (en) Detection method and detection device for access network, and terminal
JP6729688B2 (en) Wireless relay device, wireless control device, and wireless communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination