[go: up one dir, main page]

CN111611574B - Information acquisition method, device, equipment and system - Google Patents

Information acquisition method, device, equipment and system Download PDF

Info

Publication number
CN111611574B
CN111611574B CN201910133472.7A CN201910133472A CN111611574B CN 111611574 B CN111611574 B CN 111611574B CN 201910133472 A CN201910133472 A CN 201910133472A CN 111611574 B CN111611574 B CN 111611574B
Authority
CN
China
Prior art keywords
terminal equipment
information
parameter
server
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910133472.7A
Other languages
Chinese (zh)
Other versions
CN111611574A (en
Inventor
肖月振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910133472.7A priority Critical patent/CN111611574B/en
Publication of CN111611574A publication Critical patent/CN111611574A/en
Application granted granted Critical
Publication of CN111611574B publication Critical patent/CN111611574B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention provides an information acquisition method, device, equipment and system, wherein the method comprises the following steps: responding to the networking operation of the terminal equipment, and sending a first access request to a server by the terminal equipment, wherein the first access request comprises authentication information corresponding to the terminal equipment; the terminal equipment receives equipment description information sent by the server when the terminal equipment accords with the preset condition according to the authentication information; the device description information is stored in a storage space of the terminal device. The networking of the terminal equipment is used as the basis of using the terminal equipment by a user, so that the terminal equipment automatically applies for the equipment description information to the server only when the terminal equipment is actually used, thereby realizing the automatic burning of the equipment description information into the terminal equipment, and avoiding the problem of equipment description information waste caused by the fact that the equipment description information is burned into the terminal equipment in advance but the terminal equipment is not used later.

Description

Information acquisition method, device, equipment and system
Technical Field
The present invention relates to the field of internet technologies, and in particular, to an information acquisition method, apparatus, device, and system.
Background
Although the internet of things industry is actively developed at present, internet of things standards pushed by all internet of things platforms are different, and all the standards require device description information corresponding to the internet of things platforms to be placed in internet of things terminal devices.
At present, after a manufacturer produces terminal equipment, the manufacturer applies for purchasing equipment description information from a platform of the internet of things, and then relevant staff of the manufacturer stores (or is called burning) the purchased equipment description information into corresponding terminal equipment, and finally, the terminal equipment with the equipment description information burned is sold to a user for use.
Disclosure of Invention
The embodiment of the invention provides an information acquisition method, an information acquisition device and an information acquisition system, which can realize automatic burning of equipment description information into terminal equipment and can also avoid waste of the equipment description information.
In a first aspect, an embodiment of the present invention provides an information acquisition method, applied to a terminal device, including:
responding to networking operation of terminal equipment, and sending a first access request to a server, wherein the first access request comprises authentication information corresponding to the terminal equipment;
receiving equipment description information sent by the server when the terminal equipment accords with a preset condition according to the authentication information;
And storing the equipment description information into a storage space of the terminal equipment.
In a second aspect, an embodiment of the present invention provides an information obtaining apparatus, located in a terminal device, including:
the terminal equipment comprises a sending module, a server and a receiving module, wherein the sending module is used for responding to the networking operation of the terminal equipment and sending a first access request to the server, and the first access request comprises authentication information corresponding to the terminal equipment;
the receiving module is used for receiving equipment description information sent by the server when the terminal equipment accords with the preset condition according to the authentication information;
and the storage module is used for storing the equipment description information into the storage space of the terminal equipment.
In a third aspect, an embodiment of the present invention provides a terminal device, including a first processor and a first memory, where the first memory stores executable code, and when the executable code is executed by the first processor, causes the first processor to execute the information acquiring method in the first aspect.
Embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code which, when executed by a processor of a terminal device, causes the processor to perform the information acquisition method in the first aspect.
In a fourth aspect, an embodiment of the present invention provides an information obtaining method, applied to a server, where the method includes:
receiving a first access request sent by terminal equipment, wherein the first access request comprises authentication information corresponding to the terminal equipment;
and if the terminal equipment meets the preset condition according to the identity verification information, sending equipment description information to the terminal equipment so that the terminal equipment stores the equipment description information into a storage space of the terminal equipment.
In a fifth aspect, an embodiment of the present invention provides an information acquiring apparatus, located in a server, including:
the terminal equipment comprises a receiving module, a receiving module and a processing module, wherein the receiving module is used for receiving a first access request sent by the terminal equipment, and the first access request comprises authentication information corresponding to the terminal equipment;
the determining module is used for determining whether the terminal equipment accords with a preset condition according to the identity verification information;
and the sending module is used for sending the equipment description information to the terminal equipment if the determining module determines that the terminal equipment meets the preset condition, so that the terminal equipment stores the equipment description information into a storage space of the terminal equipment.
In a sixth aspect, an embodiment of the present invention provides a server, including a second processor and a second memory, where the second memory stores executable code, and when the executable code is executed by the second processor, causes the second processor to perform the information acquiring method in the fourth aspect.
Embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code which, when executed by a processor of a server, causes the processor to perform the information acquisition method in the fourth aspect.
In a seventh aspect, an embodiment of the present invention provides an information acquisition system, including:
terminal equipment and a server;
the terminal equipment is used for responding to the networking operation of the terminal equipment and sending a first access request to the server, wherein the first access request comprises authentication information corresponding to the terminal equipment; storing the equipment description information sent by the server into a storage space of the terminal equipment;
and the server is used for sending the equipment description information to the terminal equipment if the terminal equipment meets the preset condition according to the authentication information.
In the embodiment of the invention, if the user networking the terminal equipment, the user is stated to really use the terminal equipment, and at the moment, the terminal equipment is triggered to log in the Internet of things platform, namely the server. Specifically, the terminal device sends an access request (for distinction, referred to as a first access request) to the server, where the first access request includes authentication information corresponding to the terminal device. Therefore, when the server receives the first access request, whether the terminal equipment meets the preset condition or not can be determined to be effective or not according to the identity verification information, if the terminal equipment meets the preset condition, the equipment description information is distributed to the terminal equipment, and the equipment description information is sent to the terminal equipment. The terminal device stores the received device description information into a storage space of the terminal device. Therefore, the terminal equipment automatically applies for the equipment description information from the server only when the terminal equipment is actually used, so that the equipment description information is automatically burnt into the terminal equipment, and the problem of equipment description information waste caused by that the equipment description information is burnt into the terminal equipment in advance but the terminal equipment is not used later is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an operation process of an information acquisition system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating another operation of the information acquisition system according to the embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating another operation of the information acquisition system according to the embodiment of the present invention;
fig. 4 is a schematic structural diagram of an information obtaining apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal device corresponding to the information acquisition apparatus provided in the embodiment shown in fig. 4;
fig. 6 is a schematic structural diagram of another information obtaining apparatus according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a server corresponding to the information acquisition apparatus provided in the embodiment shown in fig. 6.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include the plural forms as well. Unless the context clearly indicates otherwise, "plurality" generally includes at least two.
The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a product or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such product or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a commodity or system comprising such elements.
In addition, the sequence of steps in the method embodiments described below is only an example and is not strictly limited.
Before describing the information acquisition method provided by the embodiment of the present invention, description information of the device mentioned in the present invention is described.
The device description information, which may also be referred to as device attribute information, serves to identify the terminal device. In general, device description information can be divided into three categories: a first parameter (may also be referred to as a device self parameter) for uniquely identifying the terminal device itself, a second parameter (may also be referred to as a device vendor parameter) for uniquely identifying the vendor to which the terminal device belongs, and a third parameter (may also be referred to as a device category parameter) for uniquely identifying the product category to which the terminal device belongs.
Wherein the second parameter is the equipment manufacturer parameter: various terminal devices manufactured by the same manufacturer have the same equipment manufacturer parameters, and thus, the equipment manufacturer parameters are used to uniquely characterize a certain manufacturer. The device vendor parameters may include, for example, vendor identification, vendor key, etc.
Third parameter is equipment category parameter: terminal devices of the same category of the same manufacturer have the same device category parameter, and therefore, the device category parameter is used to uniquely describe one device category. The device category parameters may include, for example, product category identification, keys to which the product category corresponds, and the like.
The first parameter is the device itself parameter: to uniquely describe a terminal device, even different terminal devices of the same category produced by the same manufacturer will have different device parameters themselves. The device itself information may include, for example, a serial number, a device key, a MAC address, and the like.
As can be seen from the meaning of the above parameters, for the second parameter, since all terminal devices manufactured by one manufacturer need to burn the same second parameter, specific terminal devices do not need to be distinguished, so that the burning operation is relatively easy and efficient. For the third parameter, only different types of destination terminal equipment need to be distinguished, and burning is relatively easy. However, as for the first parameters, since the terminal devices need to be distinguished, the first parameters that need to be recorded by different terminal devices are different, the operation is not easy and the error is easy. Thus, alternatively, the information acquisition method herein may be applied to a scenario in which the first parameter is burned into the terminal device. Of course, the information acquisition method herein may also be applicable to a scenario in which the second parameter and the third parameter are burned into the terminal device.
In addition, through research and study of the inventor, it is found that at present, a lot of terminal devices are burnt into the terminal devices by relevant personnel of equipment manufacturers before being actually used. If some of the terminal devices are not actually used later, such as not sold, or are not available due to damage to the devices caused by some unexpected reasons, the pre-burned device description information is wasted. On the one hand, the equipment description information is purchased by a manufacturer from the internet of things platform, and if the equipment description information is not used, the cost of the manufacturer is wasted, on the other hand, the equipment description information is generated by the internet of things platform, and the generation of the equipment description information consumes computing resources, storage resources and the like of the internet of things platform, and if the equipment description information is not used, the resource of the internet of things platform is wasted.
Therefore, the embodiment of the invention provides a solution for automatically burning the equipment description information to the terminal equipment at a proper time.
Fig. 1 is a schematic diagram of an operation process of an information acquisition system according to an embodiment of the present invention, where, as shown in fig. 1, the information acquisition system includes: terminal equipment and a server.
In order to realize the burning of the device description information of the terminal device, an optional working process of the terminal device and the server comprises the following steps:
in step s1, in response to the networking operation of the terminal device, the terminal device sends a first access request to the server, where the first access request includes authentication information corresponding to the terminal device. In step s2, if the server determines that the terminal device meets the preset condition according to the authentication information, the server sends device description information to the terminal device. In step s3, the terminal device stores (or burns) the device description information sent by the server into the storage space of the terminal device.
The terminal equipment is equipment which needs to be input with equipment description information, and can be internet of things terminal equipment such as a sensor, intelligent wearable equipment, intelligent household equipment and the like. In the using process of the terminal equipment, networking is needed before the terminal equipment can be used.
The server may be located at the cloud. The server is understood as a generic term, which refers to a generic term for a device that provides device description information and assists a terminal device in burning the device description information.
After the terminal equipment is produced, the manufacturer corresponding to the terminal equipment (i.e. the manufacturer producing the terminal equipment) can sell the terminal equipment to users (i.e. consumers) for use. When using these terminal devices, the user needs to connect these terminal devices to the network first. For example, in a home environment, a user needs to first connect a smart audio device to a home wireless network before using the smart audio device.
Therefore, in the embodiment of the present invention, the terminal device is connected to the network as the basis that the user wants to actually use the terminal device, and when the terminal device is successfully connected to the network, the terminal device is triggered to execute a process of applying device description information to the server to burn the device description information into the storage space of the server, and the first step of the process is to send the first access request to the server.
In an alternative embodiment, the authentication information may be obtained by:
the manufacturer corresponding to the terminal device (i.e. the manufacturer that produces the terminal device) may store some manufacturer custom information in advance in the terminal device, where the manufacturer custom information may include, for example, a key (to be distinguished from other keys mentioned later, referred to as a first key) and other preset information customized by the manufacturer. The preset information may be, for example, the name of the manufacturer, or even a string of randomly generated character strings. Of course, the vendor custom information may also include encryption and decryption algorithm information using the first key corresponding to the first key. Therefore, based on the first key and preset information which are stored in the terminal equipment and are generated in advance by the manufacturer of the terminal equipment, the terminal equipment can encrypt the preset information according to the first key so as to obtain the identity verification information corresponding to the terminal equipment.
It should be noted that, in order to realize identity verification of the terminal device, after the vendor user-defined information is stored in the terminal device, the vendor user-defined information may also be uploaded to the server. For example, when the vendor customized information includes the first key and the preset information, the first key and the preset information may be further transmitted to the server by the terminal device or other management device of the vendor.
It can be understood that when a manufacturer produces a plurality of terminal devices of the same or different types, the manufacturer can store the same manufacturer custom information in all the generated terminal devices, so that the server can perform identity verification on all the terminal devices generated by the manufacturer based on the manufacturer custom information. At this time, the server verifies the identity of a terminal device, mainly to verify whether the terminal device is a terminal device of a certain valid manufacturer, and the validity of the manufacturer is determined by whether the user-defined information of the manufacturer corresponding to the manufacturer is stored in the server.
Based on this, the terminal device may send a first access request including at least the authentication information to the server after encrypting the preset information according to the first key stored in the terminal device itself to obtain the authentication information.
Optionally, in order to facilitate identity verification of the terminal device, the first access request may further include a vendor name corresponding to the terminal device, where the vendor name may be a part of vendor custom information. Therefore, when the server receives the first access request, the identity verification information and the manufacturer name are analyzed from the first access request, and then manufacturer custom information (called target manufacturer custom information for convenience of description) corresponding to the current terminal equipment can be found out from stored manufacturer custom information corresponding to a plurality of manufacturers according to the manufacturer name. And then, the first key is found from the customized information of the target manufacturer, and the authentication information contained in the first access request is decrypted by using the first password so as to obtain encrypted preset information. Comparing whether preset information contained in the target manufacturer custom information is the same as preset information obtained through decryption, if so, the terminal equipment passes identity verification, and the terminal equipment is proved to accord with preset conditions.
Optionally, the first access request may not include a vendor name, and at this time, the server may sequentially decrypt the authentication information in the first access request using the key included in the vendor custom information stored locally, so as to find a key capable of successfully decrypting the authentication information, and then verify preset information in the authentication information according to vendor custom information corresponding to the key.
When the server determines that the terminal device meets the preset condition, the server can allocate device description information for the terminal device and send the allocated device description information to the terminal device.
According to the foregoing description of the division of the device description information, the device description information may include any one of the following parameters: the first parameter for uniquely identifying the terminal device itself, the second parameter for uniquely identifying the vendor to which the terminal device belongs, and the third parameter for uniquely identifying the product category to which the terminal device belongs. That is, the terminal device may obtain one or more of the first parameter, the second parameter, and the third parameter from the server in the execution flow shown in fig. 1.
It should be noted that, when the device description information is the second parameter, all terminal devices produced by the same manufacturer should be assigned the same second parameter, that is, when different terminal devices produced by the same manufacturer access the server to apply the device description information to the server, the server should feed back the same second parameter. In order to achieve the above effect, as described above, vendor custom information stored in the terminal device and the server may include vendor names, and when the server allocates a second parameter corresponding to a vendor name for the first time, the corresponding relationship between the vendor name and the second parameter is saved, so that each terminal device corresponding to the vendor name can obtain the same second parameter from the server.
Similarly, for the third parameter, vendor custom information stored by the terminal device and the server may include not only a vendor name but also a product category name, so that when the server allocates the third parameter corresponding to a product category under a vendor name for the first time, the corresponding relationship between the vendor name and the product category and the third parameter is saved, so that each terminal device corresponding to the vendor name and the product category can obtain the same third parameter from the server.
It should be further noted that, although the manufacturer name and the product category name may identify the manufacturer and the product category, the manufacturer identification, the product category identification and the serial number in the above parameters should be understood as character strings of differences generated by the server according to a set algorithm. Similarly, the vendor key, the key corresponding to the product category, and the device key are keys of the difference generated by the server according to the set key generation algorithm. And whether the generated character string, key is used as the first parameter, the second parameter, or the third parameter is set by the manufacturer. For example, if a manufacturer wants to burn the second parameter for each terminal device that it produces, then relevant information that characterizes the second parameter that needs to be applied for may be written in each terminal device, so that the relevant information may be carried in the first access request sent by the terminal device to the server.
In summary, through the above scheme, the terminal device automatically applies for the device description information to the server only when the terminal device is actually used, so that the device description information is automatically burnt into the terminal device, and the problem of waste of the device description information caused by that the device description information is burnt into the terminal device in advance but the terminal device is not used later is avoided. When the terminal equipment applies for the equipment description information from the server, the identity of the terminal equipment needs to be verified through the server, and the identity verification process ensures the safety of equipment description information distribution.
FIG. 2 is a schematic diagram illustrating another operation of the information acquisition system according to the embodiment of the present invention, such as
As shown in fig. 2, the steps may be included as follows:
201. the manufacturer writes the first secret key generated by the manufacturer, preset information customized by the manufacturer and the second parameter applied to the terminal equipment.
The meaning of the first key and the preset information described above may be referred to the description in the foregoing embodiment.
In this embodiment, it is assumed that the terminal device has been burned with a second parameter for uniquely identifying the vendor to which the terminal device belongs, or has been burned with a third parameter for uniquely identifying the product category to which the terminal device belongs. In fig. 2, the terminal device has been burned with the second parameter as an example, it is understood that the second parameter may be replaced by the third parameter.
As described above, the same second parameters are burnt in all the terminal devices produced by the same manufacturer, and the staff related to the manufacturer does not need to distinguish the terminal devices, so that the burning of the second parameters is easier to realize. Similarly, the same third parameters are burnt in the terminal devices of the same product category produced by the same manufacturer, and the relevant staff of the manufacturer does not need to distinguish the terminal devices of the same product category, so that the burning of the third parameters is easy to realize. Therefore, the second parameter and the third parameter can be recorded by adopting a traditional scheme, namely, the second parameter or the third parameter can be manually recorded in the terminal equipment when the terminal equipment leaves the factory. Moreover, since the second parameter and the third parameter are shared by several terminal apparatuses, cost loss is not great even if eventually some terminal apparatuses are not actually used.
Based on this, in this embodiment, the terminal device applies for the device description information from the server, which means that the first parameter for uniquely identifying the terminal device itself is obtained from the server. That is, the terminal device may apply for obtaining the first parameter according to the scheme provided in the present embodiment, and burn the first parameter into its own storage space, such as a flash.
202. And the manufacturer sends the first secret key and preset information customized by the manufacturer to the server.
203. And responding to the networking operation of the terminal equipment, and sending a first access request to the server by the terminal equipment, wherein the first access request comprises a ciphertext obtained by encrypting preset information according to a first key.
204. The server decrypts the ciphertext according to the first key to obtain preset information, and if the preset information obtained by decryption exists locally, the terminal equipment is determined to accord with preset conditions.
The execution of steps 202-204 may be described in the previous embodiments, and is not repeated here. The verification of whether the terminal equipment is effective equipment belonging to a certain manufacturer is realized through the steps, however, when the second parameter or the third parameter is already stored in the terminal equipment, whether the second parameter or the third parameter which is already burnt in the terminal equipment accords with a preset condition or is effective can be further verified for safety, which is equivalent to further identity verification of the terminal equipment, and the verification is shown in the step Cheng Ruxia.
205. The server transmits authentication information indicating that the terminal device passes the authentication to the terminal device.
When the server decrypts the ciphertext contained in the first access request to obtain preset information and determines that the preset information exists locally, the authentication information can be fed back to the terminal equipment so as to trigger the terminal equipment to execute subsequent steps.
206. And the terminal equipment sends a second access request to the server according to the second parameter.
207. And if the server determines that the second parameter meets the preset condition, the server distributes the first parameter.
Taking the example that the terminal equipment has been burnt with the second parameter, the terminal equipment can send a second access request to the server according to the second parameter after receiving the authentication information. The second access request is sent for the purposes of: the server verifies the validity of the second parameter, and distributes the first parameter to the terminal equipment when the second parameter is determined to be in accordance with the preset condition. And the second parameter meets the preset condition, namely passing the validity verification.
In order to realize validity verification of the second parameter, optionally, after receiving the authentication information, the terminal device may generate the second key according to a certain key generation algorithm, and may also send the generated second key to the server.
Alternatively, the second key may correspond to a symmetric encryption algorithm or an asymmetric encryption algorithm. It will be appreciated that when a symmetric encryption algorithm is employed, the same second key is stored in the terminal device and the server. When the asymmetric encryption algorithm is adopted, the second key can be considered to contain a public key and a private key, the private key is stored in the terminal device, and the public key is sent to the server, that is, in the asymmetric encryption situation, the second key sent to the server refers to the public key generated by the terminal device.
In addition, it should be noted that, when the server performs identity verification on the terminal device based on the first access request sent by the terminal device, the server may obtain network information such as an IP address and a port number of the terminal device, and may use the IP address and the port number as an identifier of the terminal device, so that when receiving the second key, the IP address and the port number of the terminal device may be stored correspondingly to the second key, so as to distinguish the second keys generated by different terminal devices.
In an alternative, the second parameter burnt into the terminal equipment is also server-distributed, so that the second parameter can also be stored in the server. Based on this, the terminal device sends a second access request to the server according to the second parameter, which may be: and the terminal equipment encrypts the second parameter by adopting the second key, and sends the encrypted ciphertext to the server along with the second access request. The server inquires a corresponding second key according to the IP address and the port number of the terminal equipment, decrypts the ciphertext by adopting the inquired second key to obtain an encrypted second parameter, further determines whether the decrypted second parameter exists in the record according to a locally stored second parameter distribution record, and if so, indicates that the second parameter meets the preset condition.
Since the second parameter may include information such as vendor identifier, vendor key, etc., and information such as vendor key information in these information is more sensitive, in order to ensure security of the sensitive information, the second key may be used to encrypt non-sensitive information in the second parameter, such as vendor identifier.
In another alternative manner, the terminal device sends the second access request to the server according to the second parameter, which may be further implemented as:
the terminal equipment carries out digital signature processing on the second parameter stored in the terminal equipment according to the second secret key so as to obtain first signature information;
the terminal device sends a second access request to the server, wherein the second access request comprises a second key, first signature information and a second parameter subjected to digital signature.
In this way, the server determines that the second parameter to be digitally signed meets the preset condition when determining that the first signature information passes the signature verification according to the received second key.
Taking the example that the second key comprises a public key and a private key, the terminal device performs digital signature processing on the second parameter according to the second key, which means that the terminal device performs digital signature processing on the second parameter by adopting the private key. Correspondingly, the server performs signature verification on the first signature information according to the received second key, namely the server performs signature verification on the first signature information according to the received public key.
It should be noted that, after the second key, such as the public key and the private key, is generated, the terminal device may immediately send the public key to the server, so that at this time, the second access request carries the first signature information and the second parameter that is digitally signed. Of course, the terminal device may also carry the generated second key, such as the public key, with the second access request to send to the server when sending the second access request.
Taking the example that the second key includes a private key and a public key, the process that the terminal device performs digital signature processing on the second parameter may alternatively be implemented as: the terminal equipment adopts a set hash algorithm to carry out hash operation on the second parameter to obtain a hash value (assumed to be hash 1), and then adopts a private key to encrypt the hash1 to obtain first signature information. After receiving the second access request including the public key, the first signature information and the second parameter, the server may decrypt the first signature information by using the public key to obtain a hash1, perform a hash operation on the received second parameter according to the set hash algorithm to obtain a hash value (assumed to be hash 2), compare the decrypted hash1 with the calculated hash2, and if the decrypted hash1 and the calculated hash2 are consistent, indicate that the second parameter meets a preset condition.
It will be appreciated that as previously described the second parameter may contain sensitive information such as a vendor key, or alternatively may be only non-sensitive information in the second parameter.
In addition, it should be noted that the digital signature processing may further include auxiliary information such as a random number and a timestamp generated by the terminal device, in addition to the second parameter, that is, the terminal device may perform a hash operation on the concatenation result of the second parameter, the random number and the timestamp.
When the server determines that the second parameter meets the preset condition through the method, the validity of the terminal equipment is further confirmed, and the first parameter can be allocated to the terminal equipment.
208. The server sends the first parameter to the terminal device.
209. The terminal device burns the first parameter into the storage space of the terminal device.
In this embodiment, the identity of the terminal device is accurately verified in combination with the information customized by the manufacturer of the terminal device and the second parameter or the third parameter that has been burnt into the terminal device, so as to ensure that the allocated first parameter is actually allocated to the valid terminal device.
After the device description information, such as the first parameter, is burned into the terminal device, in order for the server to monitor and manage the usage situation of the terminal device, the terminal device needs to log onto the server, so that data generated in the operation process of the subsequent terminal device can be uploaded to the server for storage, analysis, monitoring and the like.
On the basis of the embodiment shown in fig. 1 or fig. 2, when the server distributes the device description information to the terminal device, the process of the terminal device logging in the server based on the device description information that has been burned may be as shown in fig. 3.
In the embodiment shown in fig. 3, it is schematically shown that the terminal device is assigned a first parameter in the manner of the embodiment shown in fig. 2, so that the terminal device can log in to the server based on the first parameter. It will be appreciated, however, that,
the procedure of logging on to the server based on the first parameter in the embodiment shown in fig. 3 may also be applied to the embodiment shown in fig. 1, except that the terminal device needs to log on to the server based on the device description information (possibly the first parameter, possibly the second parameter, and possibly the third parameter) obtained from the server.
FIG. 3 is a schematic diagram illustrating another operation of the information acquisition system according to the embodiment of the present invention, for example
As shown in fig. 3, the steps may be included as follows:
301. the manufacturer writes the first secret key generated by the manufacturer, preset information customized by the manufacturer and the second parameter applied to the terminal equipment.
302. And the manufacturer sends the first secret key and preset information customized by the manufacturer to the server.
303. And responding to the networking operation of the terminal equipment, and sending a first access request to the server by the terminal equipment, wherein the first access request comprises a ciphertext obtained by encrypting preset information according to a first key.
304. The server decrypts the ciphertext according to the first key to obtain preset information, and if the preset information obtained by decryption exists locally, the terminal equipment is determined to accord with preset conditions.
305. The server transmits authentication information indicating that the terminal device passes the authentication to the terminal device.
306. And the terminal equipment sends a second access request to the server according to the second parameter.
307. And if the server determines that the second parameter meets the preset condition, the server distributes the first parameter.
308. The server sends the first parameter to the terminal device.
309. The terminal device burns the first parameter into the storage space of the terminal device.
310. And the terminal equipment sends a third access request to the server according to the first parameter.
311. The server establishes a communication connection with the terminal device upon determining that the third access request is valid.
The third access request corresponds to the behavior of the terminal device logging into the server based on the first parameter. Similar to the terminal device sending the second access request to the server according to the second parameter, optionally, the terminal device sending the third access request to the server according to the first parameter may be implemented as:
the terminal equipment generates a third key, performs digital signature processing on the first parameter according to the third key to obtain second signature information, and sends a third access request to the server, wherein the third access request comprises the third key, the second signature information and the first parameter.
Similar to the second key, when the third key is generated using an asymmetric encryption algorithm, the third key includes a public key and a private key, the private key being stored locally at the terminal device, the public key being sent to the server.
Based on the above, after receiving the third access request, the server performs signature verification on the second signature information according to the received third key (for example, the public key), if the signature verification passes, the first parameter is indicated to be in accordance with the preset condition, and the third access request is determined to be valid. The second signature information obtaining process and the signature verification process may be implemented with reference to the first signature information obtaining and signature verification process.
When the server determines that the third access request is valid, a communication connection with the terminal device is established and maintained, so that data generated during subsequent operation of the terminal device can be transmitted to the server based on the communication connection.
In another alternative embodiment, after the first parameter is allocated, the server may further start a timing window with a preset duration, where the timing window functions as: after the terminal device obtains the first parameter, the terminal device is limited to log on the server only within the duration range of the timing window, and the logging action is considered to be valid. Based on this, if the server receives the third access request within a preset time period (i.e., the above-mentioned timing window) after it sends the first parameter to the terminal device, and determines that the second signature information in the third access request passes the signature verification according to the third key, it is determined that the third access request is valid.
Conversely, if the time of receiving the third access request has exceeded the time range defined by the timing window, or the second signature information does not pass the verification, it is indicated that the third access request is invalid, and at this time, the server may send a notification message to the terminal device, notifying it to delete the burnt first parameter. Based on the notification message, the terminal device deletes the burnt first parameter, and further, the second access request can be sent to the server again, so as to trigger the server to allocate the first parameter to the terminal device again, where the reallocated first parameter may be the same as or different from the first parameter allocated before.
In the above embodiment, the setting of the timing window is also a protection mechanism for the cost expenditure of the manufacturer. Specifically, the terminal device manufactured by the manufacturer obtains the device description information from the server, and the manufacturer needs to pay for the device description information. Basically, in the design of the timing window in the above embodiment, if the terminal device fails to successfully log into the server within the time limit range of the timing window, the server does not charge the device description information allocated to the terminal device. This means that the server will charge for the device description information only if the terminal device actually uses the device description information assigned by the server.
The server mentioned in the above embodiments is a service node located in the cloud for managing each terminal device of the internet of things (i.e. the terminal device described above). In general, however, the management of the terminal devices can be divided into two layers: control plane and data plane, wherein the control plane management can include various verification processes as described above, and the data plane management can include processes such as storage, analysis and the like of data generated during the operation of the terminal device.
Based on the above, the server may be realized in a concrete implementation manner as a complete machine device integrating the control plane and the data plane, or may be realized as independent nodes corresponding to the control plane and the data plane respectively.
When the server is implemented as a complete machine device integrating a control plane and a data plane, the working process of the server is as described in the foregoing embodiments.
When the server is implemented as independent nodes corresponding to the control plane and the data plane, respectively, the node corresponding to the control plane is referred to as a control server, and the node corresponding to the data plane is referred to as a data server. At this time, by
For the embodiment shown in fig. 3, the servers mentioned in steps 301-308 are control servers and the servers mentioned in step 310 are data servers. Of course, it is understood that the server that opens the timing window is also the control server. Thus, based on the embodiment shown in fig. 3, in the process of performing validity judgment on the third access request, the coordination of the control server and the data server is required, which is specifically shown as follows:
the terminal device sends the third access request to the data server according to the first parameter, and the data server determines whether the first parameter corresponding to the third access request is valid, that is, as described above, the data server may check the second signature information according to the third key to determine whether the first parameter is valid.
If the data server determines that the first parameter is valid, a notification message is sent to the control server to inform the control server that the first parameter is valid. At this time, the control server determines whether the timing window corresponding to the first parameter is closed, that is, whether the preset time period has ended, and if not, sends a notification message to the data server to inform that the timing window corresponding to the first parameter is not closed, at this time, the data server determines that the third access request is valid, and establishes and maintains the communication connection with the terminal device. Otherwise, if the control server determines that the timing window corresponding to the first parameter is closed, a notification message is sent to the data server to inform that the timing window corresponding to the first parameter is closed, and at this time, the data server sends a notification message to the terminal device to inform the terminal device to delete the burnt first parameter.
In contrast, if the data server determines that the first parameter is invalid, a notification message is sent to the terminal device to inform the terminal device to delete the burnt first parameter.
An information acquisition apparatus of one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these information acquisition devices may be configured by the steps taught by the present solution using commercially available hardware components.
Fig. 4 is a schematic structural diagram of an information acquisition device according to an embodiment of the present invention, where the information acquisition device is located in a terminal device. As shown in fig. 4, the apparatus includes: a transmitting module 11, a receiving module 12, and a storage module 13.
And the sending module 11 is configured to send a first access request to a server in response to a networking operation of the terminal device, where the first access request includes authentication information corresponding to the terminal device.
And a receiving module 12, configured to receive device description information sent by the server when it is determined that the terminal device meets a preset condition according to the authentication information.
A storage module 13, configured to store the device description information into a storage space of the terminal device.
Optionally, the terminal device stores a first key and preset information generated in advance by a manufacturer of the terminal device. The transmitting module 11 may also be configured to: and sending the first key and the preset information to the server. The information acquisition device may further include: the processing module is used for encrypting the preset information according to the first key to obtain the identity verification information, so that the server determines that the terminal equipment meets preset conditions when decrypting to obtain the preset information according to the obtained first key and finding that the preset information is locally stored.
Optionally, the device description information includes any one of the following parameters: the terminal equipment comprises a first parameter for uniquely identifying the terminal equipment, a second parameter for uniquely identifying a manufacturer to which the terminal equipment belongs, and a third parameter for uniquely identifying a product category to which the terminal equipment belongs.
In an optional embodiment, the device description information is the first parameter, and the terminal device stores the second parameter or the third parameter. At this time, the transmitting module 11 may further be configured to: and sending a second access request to the server according to the second parameter or the third parameter so as to enable the server to determine whether the second parameter or the third parameter meets a preset condition.
Wherein, optionally, to implement the sending of the second access request, the processing module may be further configured to: generating a second key; and carrying out digital signature processing on the second parameter or the third parameter stored in the terminal equipment according to the second key so as to obtain first signature information. Thus, a second access request is sent to the server through the sending module 11, where the second access request includes the second key, the first signature information, and the second parameter or the third parameter that is digitally signed, so that the server determines that the second parameter or the third parameter that is digitally signed meets a preset condition when determining that the first signature information passes a signature verification according to the second key.
In an alternative embodiment, the sending module may be further configured to: and sending a third access request to a server according to the equipment description information, so that the server establishes communication connection with the terminal equipment when the third access request is determined to be valid.
Wherein, optionally, to implement the sending of the second access request, the processing module may be further configured to: generating a third key; and carrying out digital signature processing on the equipment description information according to the third key so as to obtain second signature information. Thus, the third access request is sent to the server through the sending module 11, where the third access request includes the third key, the second signature information and the device description information. And if the server receives the third access request within a preset time period after the equipment description information is sent to the terminal equipment, and the server determines that the second signature information passes the signature verification according to the third secret key, the server determines that the third access request is valid.
The apparatus shown in fig. 4 may perform the method performed by the terminal device in the foregoing embodiments, and for the parts not described in detail in this embodiment, reference may be made to the description related to the foregoing embodiments, which is not repeated herein.
In one possible design, the structure of the information obtaining apparatus shown in fig. 4 may be implemented as a terminal device, where the terminal device may be, for example, an internet of things device such as a sensor, a smart home device, a wearable device, and the like. As shown in fig. 5, the terminal device may include: a first processor 21, and a first memory 22. Wherein the first memory 22 stores executable code thereon, which when executed by the first processor 21, causes at least the first processor 21 to perform the steps of:
responding to networking operation of terminal equipment, and sending a first access request to a server, wherein the first access request comprises authentication information corresponding to the terminal equipment;
receiving equipment description information sent by the server when the terminal equipment accords with a preset condition according to the authentication information;
and storing the equipment description information into a storage space of the terminal equipment.
The structure of the terminal device may further include a first communication interface 23, which is used for the terminal device to communicate with other devices or a communication network.
Further, embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code that, when executed by a processor of a terminal device, causes the processor to perform the steps performed by the terminal device in the foregoing embodiments.
Fig. 6 is a schematic structural diagram of another information obtaining apparatus according to an embodiment of the present invention, which is located in a server, as shown in fig. 6, and includes: a receiving module 31, a determining module 32, and a transmitting module 33.
The receiving module 31 is configured to receive a first access request sent by a terminal device, where the first access request includes authentication information corresponding to the terminal device.
And the determining module 32 is configured to determine whether the terminal device meets a preset condition according to the authentication information.
And a sending module 33, configured to send device description information to the terminal device if the determining module 32 determines that the terminal device meets a preset condition, so that the terminal device stores the device description information in a storage space of the terminal device.
Optionally, the receiving module 31 may be further configured to: and receiving a first key and preset information sent by the terminal equipment, wherein the first key and the preset information are generated in advance by a manufacturer of the terminal equipment. The determining module 32 may specifically be configured to: decrypting the authentication information according to the obtained first key to obtain the preset information, wherein the authentication information is the result of encrypting the preset information by the terminal equipment according to the first key; and if the preset information is determined to be stored locally, determining that the terminal equipment accords with a preset condition.
Wherein the device description information includes any one of the following parameters: the terminal equipment comprises a first parameter for uniquely identifying the terminal equipment, a second parameter for uniquely identifying a manufacturer to which the terminal equipment belongs, and a third parameter for uniquely identifying a product category to which the terminal equipment belongs.
In an alternative embodiment, the device description information is the first parameter, and at this time, the receiving module 31 is further configured to: and receiving a second access request sent by the terminal equipment according to the stored second parameter or the third parameter. The determining module is further configured to: and determining whether the second parameter or the third parameter meets a preset condition.
In the process of receiving the second access request, the receiving module 31 may specifically be configured to: and receiving the second access request sent by the terminal equipment, wherein the second access request comprises a second key generated by the terminal equipment, first signature information and the second parameter or the third parameter subjected to digital signature, and the first signature information is obtained by the terminal equipment through digital signature processing on the second parameter or the third parameter stored in the terminal equipment according to the second key. At this time, the determining module 32 may specifically be configured to: if the first signature information is determined to pass the signature verification according to the second secret key, the second parameter or the third parameter is determined to accord with a preset condition.
In an alternative embodiment, the receiving module 31 may be further configured to: and receiving a third access request sent by the terminal equipment according to the equipment description information. The determination module 32 may also be configured to: determining whether the third access request is valid. At this time, the information acquisition apparatus further includes: a processing module, configured to establish a communication connection with the terminal device if the determining module 32 determines that the third access request is valid; and if the third access request is invalid, notifying the terminal equipment that the equipment description information is invalid so as to enable the terminal equipment to delete the equipment description information.
In the process of receiving the third access request, the receiving module 31 may specifically be configured to: and receiving the third access request sent by the terminal equipment, wherein the third access request comprises a third secret key generated by the terminal equipment, second signature information and the equipment description information, and the second signature information is obtained by the terminal equipment through digital signature processing on the equipment description information according to the third secret key. At this time, the determining module 32 may specifically be configured to: and if the third access request is received within a preset time period after the equipment description information is sent to the terminal equipment, and the second signature information is determined to pass the signature verification according to the third secret key, determining that the third access request is valid.
The apparatus shown in fig. 6 may perform the method performed by the server in the foregoing embodiments, and for the portions of this embodiment not described in detail, reference may be made to the description related to the foregoing embodiments, which are not described herein again.
In one possible design, the structure of the information acquisition apparatus shown in fig. 6 described above may be implemented as a server. As shown in fig. 7, the server may include: a second processor 41 and a second memory 42. Wherein the second memory 42 has executable code stored thereon, which when executed by the second processor 41, causes at least the second processor 41 to perform the steps of:
receiving a first access request sent by terminal equipment, wherein the first access request comprises authentication information corresponding to the terminal equipment;
and if the terminal equipment meets the preset condition according to the identity verification information, sending equipment description information to the terminal equipment so that the terminal equipment stores the equipment description information into a storage space of the terminal equipment.
The server may further include a second communication interface 43 for the server to communicate with other devices or communication networks.
Additionally, embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code that, when executed by a processor of a server, causes the processor to perform the steps performed by the server in the previous embodiments.
The apparatus embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (18)

1. An information acquisition method, which is applied to a terminal device, wherein a first key and preset information generated in advance by a manufacturer of the terminal device are stored in the terminal device, the method comprising:
transmitting the first key and the preset information to a server;
encrypting the preset information according to the first key to obtain authentication information corresponding to the terminal equipment;
responding to networking operation of terminal equipment, and sending a first access request to the server, wherein the first access request comprises the identity verification information;
receiving device description information sent by the server when the terminal device meets preset conditions according to the authentication information, wherein the server determines that the terminal device meets the preset conditions when decrypting and obtaining the preset information according to the obtained first key and finding that the preset information is locally stored;
and storing the equipment description information into a storage space of the terminal equipment.
2. The method of claim 1, wherein the device description information includes any one of the following parameters: the terminal equipment comprises a first parameter for uniquely identifying the terminal equipment, a second parameter for uniquely identifying a manufacturer to which the terminal equipment belongs, and a third parameter for uniquely identifying a product category to which the terminal equipment belongs.
3. The method according to claim 2, wherein the device description information is the first parameter, and the terminal device stores the second parameter or the third parameter;
the method further comprises the steps of:
and sending a second access request to the server according to the second parameter or the third parameter so as to enable the server to determine whether the second parameter or the third parameter meets a preset condition.
4. A method according to claim 3, wherein said sending a second access request to said server according to said second parameter or said third parameter comprises:
generating a second key;
performing digital signature processing on the second parameter or the third parameter stored in the terminal equipment according to the second key to obtain first signature information;
and sending a second access request to the server, wherein the second access request comprises the second secret key, the first signature information and the second parameter or the third parameter subjected to digital signature, so that the server determines that the second parameter or the third parameter subjected to digital signature accords with a preset condition when determining that the first signature information passes the signature verification according to the second secret key.
5. The method according to any one of claims 1 to 4, further comprising:
and sending a third access request to a server according to the equipment description information, so that the server establishes communication connection with the terminal equipment when the third access request meets the preset condition.
6. The method of claim 5, wherein the sending a third access request to a server according to the device description information comprises:
generating a third key;
performing digital signature processing on the equipment description information according to the third secret key to obtain second signature information;
sending the third access request to the server, wherein the third access request comprises the third secret key, the second signature information and the equipment description information;
if the server receives the third access request within a preset time period after the device description information is sent to the terminal device, and the server determines that the second signature information passes the signature verification according to the third key, the server determines that the third access request meets a preset condition.
7. An information acquisition method, applied to a server, comprising:
receiving a first key and preset information sent by terminal equipment, wherein the first key and the preset information are generated in advance by a manufacturer of the terminal equipment;
receiving a first access request sent by the terminal equipment, wherein the first access request comprises authentication information corresponding to the terminal equipment, and the authentication information is a result of encrypting the preset information by the terminal equipment according to the first key;
decrypting the authentication information according to the obtained first key to obtain the preset information;
if the preset information is determined to be stored locally, determining that the terminal equipment accords with a preset condition;
and if the terminal equipment meets the preset condition, sending equipment description information to the terminal equipment so that the terminal equipment stores the equipment description information into a storage space of the terminal equipment.
8. The method of claim 7, wherein the device description information includes any one of the following parameters: the terminal equipment comprises a first parameter for uniquely identifying the terminal equipment, a second parameter for uniquely identifying a manufacturer to which the terminal equipment belongs, and a third parameter for uniquely identifying a product category to which the terminal equipment belongs.
9. The method of claim 8, wherein the device description information is the first parameter, the method further comprising:
receiving a second access request sent by the terminal equipment according to the stored second parameter or the third parameter;
and determining whether the second parameter or the third parameter meets a preset condition.
10. The method according to claim 9, wherein the receiving the second access request sent by the terminal device according to the stored second parameter or third parameter comprises:
receiving the second access request sent by the terminal equipment, wherein the second access request comprises a second key generated by the terminal equipment, first signature information and the second parameter or the third parameter subjected to digital signature, and the first signature information is obtained by the terminal equipment through digital signature processing on the second parameter or the third parameter stored in the terminal equipment according to the second key;
the determining whether the second parameter or the third parameter meets a preset condition includes:
if the first signature information is determined to pass the signature verification according to the second secret key, the second parameter or the third parameter is determined to accord with a preset condition.
11. The method according to any one of claims 7 to 10, further comprising:
receiving a third access request sent by the terminal equipment according to the equipment description information;
determining whether the third access request is valid;
and if the third access request is valid, establishing communication connection with the terminal equipment.
12. The method of claim 11, wherein the method further comprises:
and if the third access request is invalid, notifying the terminal equipment that the equipment description information is invalid so as to enable the terminal equipment to delete the equipment description information.
13. The method according to claim 11, wherein the receiving the third access request sent by the terminal device according to the device description information includes:
receiving the third access request sent by the terminal equipment, wherein the third access request comprises a third secret key generated by the terminal equipment, second signature information and the equipment description information, and the second signature information is obtained by the terminal equipment through digital signature processing on the equipment description information according to the third secret key;
The determining whether the third access request is valid includes:
and if the third access request is received within a preset time period after the equipment description information is sent to the terminal equipment, and the second signature information is determined to pass the signature verification according to the third secret key, determining that the third access request is valid.
14. An information acquisition apparatus, characterized in that it is located in a terminal device, where a first key and preset information generated in advance by a manufacturer of the terminal device are stored, comprising:
the sending module is used for sending the first secret key and the preset information to a server; encrypting the preset information according to the first key to obtain authentication information corresponding to the terminal equipment; responding to networking operation of terminal equipment, and sending a first access request to the server, wherein the first access request comprises the identity verification information;
the receiving module is used for receiving equipment description information sent by the server when the terminal equipment meets preset conditions according to the authentication information, wherein the server determines that the terminal equipment meets the preset conditions when obtaining the preset information according to the obtained first key decryption and finding that the preset information is locally stored;
And the storage module is used for storing the equipment description information into the storage space of the terminal equipment.
15. A terminal device, comprising: a memory, a processor; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the information acquisition method of any one of claims 1 to 6.
16. An information acquisition apparatus, located in a server, comprising:
the terminal equipment comprises a receiving module, a receiving module and a processing module, wherein the receiving module is used for receiving a first secret key and preset information sent by the terminal equipment, and the first secret key and the preset information are generated in advance by a manufacturer of the terminal equipment; receiving a first access request sent by the terminal equipment, wherein the first access request comprises authentication information corresponding to the terminal equipment, and the authentication information is a result of encrypting the preset information by the terminal equipment according to the first key;
a determining module, configured to decrypt the authentication information according to the obtained first key to obtain the preset information; if the preset information is determined to be stored locally, determining that the terminal equipment accords with a preset condition;
And the sending module is used for sending the equipment description information to the terminal equipment if the determining module determines that the terminal equipment meets the preset condition, so that the terminal equipment stores the equipment description information into a storage space of the terminal equipment.
17. A server, comprising: a memory, a processor; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the information acquisition method of any one of claims 7 to 13.
18. An information acquisition system, comprising:
the terminal equipment comprises terminal equipment and a server, wherein the terminal equipment stores a first key and preset information which are generated in advance by a manufacturer of the terminal equipment;
the terminal equipment is used for sending the first key and the preset information to the server; encrypting the preset information according to the first key to obtain authentication information corresponding to the terminal equipment; responding to the networking operation of the terminal equipment, and sending a first access request to the server, wherein the first access request comprises the identity verification information; storing the equipment description information sent by the server into a storage space of the terminal equipment;
The server is used for receiving the first key and the preset information sent by the terminal equipment; decrypting the authentication information according to the obtained first key to obtain the preset information; if the preset information is determined to be stored locally, determining that the terminal equipment accords with a preset condition; and if the terminal equipment is determined to meet the preset condition, sending equipment description information to the terminal equipment.
CN201910133472.7A 2019-02-22 2019-02-22 Information acquisition method, device, equipment and system Active CN111611574B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910133472.7A CN111611574B (en) 2019-02-22 2019-02-22 Information acquisition method, device, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910133472.7A CN111611574B (en) 2019-02-22 2019-02-22 Information acquisition method, device, equipment and system

Publications (2)

Publication Number Publication Date
CN111611574A CN111611574A (en) 2020-09-01
CN111611574B true CN111611574B (en) 2023-11-17

Family

ID=72201905

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910133472.7A Active CN111611574B (en) 2019-02-22 2019-02-22 Information acquisition method, device, equipment and system

Country Status (1)

Country Link
CN (1) CN111611574B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112788150A (en) * 2021-01-25 2021-05-11 广东电网有限责任公司惠州供电局 Registration method, terminal device, block chain management screen platform and storage medium
CN112953893B (en) * 2021-01-26 2022-07-08 支付宝(杭州)信息技术有限公司 Identity verification method, device, equipment and system based on privacy protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691603A (en) * 2004-04-28 2005-11-02 联想(北京)有限公司 A method for implementing equipment group and intercommunication between grouped equipments
CN104065652A (en) * 2014-06-09 2014-09-24 韩晟 Method, device and system for identity verification and related device
CN106714075A (en) * 2015-08-10 2017-05-24 华为技术有限公司 Authorization processing method and equipment
CN107241339A (en) * 2017-06-29 2017-10-10 北京小米移动软件有限公司 Auth method, device and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691603A (en) * 2004-04-28 2005-11-02 联想(北京)有限公司 A method for implementing equipment group and intercommunication between grouped equipments
CN104065652A (en) * 2014-06-09 2014-09-24 韩晟 Method, device and system for identity verification and related device
CN106714075A (en) * 2015-08-10 2017-05-24 华为技术有限公司 Authorization processing method and equipment
CN107241339A (en) * 2017-06-29 2017-10-10 北京小米移动软件有限公司 Auth method, device and storage medium

Also Published As

Publication number Publication date
CN111611574A (en) 2020-09-01

Similar Documents

Publication Publication Date Title
US20230043229A1 (en) Enhanced monitoring and protection of enterprise data
EP3550783B1 (en) Internet of things device burning verification method and apparatus
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
US8196186B2 (en) Security architecture for peer-to-peer storage system
CN102804677B (en) Discovery of secure network enclaves
CN105007577B (en) A kind of virtual SIM card parameter management method, mobile terminal and server
CN108243176B (en) Data transmission method and device
CN113572728B (en) Method, device, equipment and medium for authenticating Internet of things equipment
CN105635094A (en) Security authentication method, security authentication device and security verification system
WO2015003503A1 (en) Network device, terminal device and information security improving method
CN104320389A (en) Fusion identify protection system and fusion identify protection method based on cloud computing
CN104836784A (en) Information processing method, client, and server
CN103716334A (en) Authentication method and system based on 802.1X protocol
CN110519259B (en) Method and device for configuring communication encryption between cloud platform objects and readable storage medium
CN106411884A (en) Method and device for data storage and encryption
EP3039896A1 (en) Method and network node device for controlling the run of technology specific push-button configuration sessions within a heterogeneous or homogeneous wireless network and heterogeneous or homogeneous wireless network
CN105099686B (en) Data synchronous method, server, terminal and system
CN111611574B (en) Information acquisition method, device, equipment and system
CN105610667B (en) The method and apparatus for establishing Virtual Private Network channel
CN108259460A (en) Apparatus control method and device
CN113434474A (en) Flow auditing method, equipment and storage medium based on federal learning
WO2015169003A1 (en) Account assignment method and apparatus
JP6056970B2 (en) Information processing apparatus, terminal, information processing system, and information processing method
CN112751800B (en) Authentication method and device
CN106537962B (en) Wireless network configuration, access and access method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant