Search

CN-116170199-B - Equipment access verification system based on gateway of Internet of things

CN116170199BCN 116170199 BCN116170199 BCN 116170199BCN-116170199-B

Abstract

The invention provides an equipment access verification system based on an Internet of things gateway, which comprises an information acquisition module, a first verification module, a second verification module and a security authentication module, wherein the information acquisition module is used for acquiring equipment information to be accessed in real time, storing the equipment information to be accessed acquired in real time and transmitting the equipment information to be accessed to an equipment analysis processor to acquire equipment analysis results, the first verification module is used for sending a qualified verification request to gateway equipment to acquire a first verification result of the same equipment to be accessed, the second verification module is used for carrying out security verification on the corresponding equipment to be accessed according to the equipment analysis results to acquire a second verification result, and the security authentication module is used for carrying out comprehensive security authentication on the same equipment to be accessed based on the first verification result and the second verification result, so that the problem that a large number of unsafe users access once authentication services of the gateway are abnormal is solved.

Inventors

  • ZHANG SHUGUI
  • LI YANG

Assignees

  • 深圳铸泰科技有限公司

Dates

Publication Date
20260505
Application Date
20230129

Claims (4)

  1. 1. An equipment access verification system based on an internet of things gateway, which is characterized by comprising: The information acquisition module is used for acquiring the information of the equipment to be accessed in real time, storing the information of the equipment to be accessed acquired in real time and transmitting the information to the equipment analysis processor to acquire an equipment analysis result; the first verification module is used for sending a qualified verification request to the gateway equipment and obtaining a first verification result of the same equipment to be accessed; the second verification module is used for carrying out security verification on the corresponding equipment to be accessed according to the equipment analysis result, and obtaining a second verification result; the security authentication module is used for carrying out comprehensive security authentication on the same equipment to be accessed based on the first authentication result and the second authentication result; an information acquisition module comprising: The detection unit is used for detecting whether equipment sends an access gateway request in real time, and if so, generating an equipment acquisition instruction; The acquisition unit is used for acquiring the information of the equipment to be accessed according to the equipment acquisition instruction; The transmission unit is used for transmitting the equipment information to be accessed to the equipment analysis processor through a 5G network and starting the equipment analysis function of the equipment analysis processor; The receiving unit is used for receiving and counting the equipment analysis result of the equipment analysis processor for each piece of equipment information to be accessed, wherein the equipment analysis result comprises equipment type, equipment software and hardware information and equipment safety information; A first authentication module comprising: the first acquisition unit is used for acquiring the unique identification code of each device to be accessed according to the device analysis result; The generating unit is used for generating a question verification code of each device to be accessed according to the unique identification code of the device to be accessed; The detection unit is used for receiving verification information fed back by each device to be accessed for the questioning type question verification code and detecting whether the verification information is qualified or not; The first verification unit is used for verifying whether the verification information is consistent with the standard answer or not, if so, the verification is qualified; A second authentication module comprising: The second acquisition unit is used for acquiring the network security attribute and the equipment security attribute of each equipment to be accessed according to the equipment analysis result; The analysis unit is used for analyzing the network security attribute and the equipment security attribute of each equipment to be accessed, and determining the equipment self security and the equipment network access security of each equipment to be accessed according to the analysis result; The second verification unit is used for carrying out security verification on the equipment to be accessed according to the equipment self security and the equipment network access security of each piece of equipment to be accessed, and obtaining a second verification result; A security authentication module comprising: the first extraction unit is used for extracting a first verification parameter from the first verification result and extracting a second verification parameter from the second verification result; the second extraction unit is used for extracting a security authentication index from the first verification parameter and the second verification parameter; The starting unit is used for starting a preset security authentication program; the authentication unit is used for carrying out comprehensive security authentication on the security authentication index by utilizing the preset security authentication program; The system further comprises: The first acquisition module is used for acquiring equipment indication information according to the authentication information of each piece of equipment to be accessed, wherein the equipment indication information is the next step indication information of each piece of equipment to be accessed; The second acquisition module is used for acquiring the deployment encryption grade of each device to be accessed according to the device indication information of the device to be accessed; The selection module is used for selecting an adaptive access protocol according to the deployment encryption grade of each device to be accessed; The access module is used for accessing the equipment to be accessed into the gateway of the Internet of things through the access protocol of each piece of equipment to be accessed; after the second obtaining module obtains the deployment encryption grade of each device to be accessed according to the device indication information of the device to be accessed, the system is further used for: Deploying gateway nodes for each device to be accessed according to the deployment encryption grade of the device to be accessed, and acquiring deployment results; Generating a gateway equipment deployment scheme according to the deployment result, and acquiring access equipment to be allocated of each gateway node according to the gateway equipment deployment scheme; Acquiring node allocation load capacity of each gateway node, and determining network communication cost index of each gateway node according to the node allocation load capacity of the gateway node; Determining a virtual data hop count and a communication delay coefficient under a network communication cost index of each gateway node, wherein the virtual data hop count is an index quantity of data hop when data is transmitted in each gateway; according to the node distribution load capacity, the network communication cost index of each gateway node and the data virtual hop count and the communication delay coefficient under the network communication cost index of the gateway node, calculating the equipment deployment difficulty coefficient of each gateway node: Wherein, the A device deployment difficulty factor denoted as the i-th gateway node, Represented as a first system random weight value, The node denoted as the i-th gateway node allocates a load, Indicated as an allocated load amount reference threshold to maintain the best performance of the gateway node, Represented as a second system random weight value, A network communication cost index denoted as the i-th gateway node, The virtual number of hops of the data denoted as i-th gateway node, Represented as a data virtual hop count reference threshold for a node in a standard state, Denoted as the communication delay coefficient of the i-th gateway node, Expressed as the proportion of overhead generated by the network when data is delivered by the ith gateway node, e is expressed as a natural constant, takes on a value of 2.72, A current performance index, denoted as i-th gateway node; selecting an adaptive optimal access device from the access devices to be allocated of each gateway node according to the device deployment difficulty coefficient of each gateway node; the higher the deployment difficulty coefficient is, the higher the running performance is, the access equipment to be allocated is selected.
  2. 2. The internet of things gateway-based device access authentication system of claim 1, wherein the second authentication unit comprises: the generation subunit is used for generating a security verification index set of each device to be accessed according to the device self security related index weight and the device network access security related index weight of the device to be accessed; a determining subunit, configured to determine a data type of each security index in the security verification index set of each device to be accessed; the verification subunit is used for selecting a verification channel to perform security verification on each security index according to the data type of each security index in the security verification index set of each device to be accessed; And the calculation unit is used for carrying out weighted calculation on the verification result of each security index in the security verification index set of each device to be accessed so as to determine the security index of the device to be accessed.
  3. 3. The device access verification system based on the internet of things gateway according to claim 1, wherein the determining module, configured to obtain, according to the device indication information of each device to be accessed, a deployment encryption level of the device to be accessed includes: the second acquisition unit is used for acquiring the authorized authority information and the unauthorized authority information of each device to be accessed according to the device indication information of the device to be accessed; The first determining unit is used for determining gateway authority function information corresponding to the authorized authority information and the unauthorized authority information respectively; The second determining unit is used for determining the authority level corresponding to the gateway authority function information; and the fourth acquisition unit is used for acquiring the deployment encryption grade of each device to be accessed according to the authority grade corresponding to the gateway authority function information.
  4. 4. The gateway-based device access verification system according to claim 3, wherein the second obtaining unit obtains the authorized authority information and the unauthorized authority information of each device to be accessed according to the device indication information of the device to be accessed, and includes: acquiring a trigger instruction of each piece of authority information; Based on the trigger instruction, instruction response information is called from the equipment indication information of each equipment to be accessed; Judging the current matching degree between the triggering instruction of each authority information and the instruction response information of the authority information in the equipment indication information of each equipment to be accessed; confirming first authority information with the current matching degree being greater than or equal to the preset matching degree as authorized authority information, and preliminarily confirming second authority information with the current matching degree being smaller than the preset matching degree as unauthorized authority information; acquiring a right seed corresponding to each piece of second right information, wherein the right seed takes an implicit control parameter of equipment or an explicit control parameter of equipment as a core, wherein the implicit control parameter of the equipment directly verifies whether a user has operation right or not through the parameters, and the explicit control parameter of the equipment can remove one parameter in a set representing a certain right parameter without modifying all parameters; Performing multidimensional behavior evaluation on the authority seeds, obtaining an evaluation result, and determining the authority type of each piece of second authority information according to the evaluation result, wherein the authority type comprises a common authority and a high-level authority; Determining a permission evaluation related index of each second permission information according to the permission type of each second permission information; Acquiring an associated authority assessment index of each piece of second authority information from instruction response information of each piece of equipment to be accessed, and determining a missing authority assessment index according to a similarity interval of the authority assessment related index and the associated authority assessment index; the associated device data of the missing permission evaluation index is called from the device indication information of each device to be accessed; and carrying out authority assessment on the associated equipment data according to the assessment rule of the missing authority assessment index, if the authority assessment result is that the associated equipment data accords with the authority use condition, confirming the second authority information as authorized authority information, and if the authority assessment result is that the associated equipment data does not accord with the authority use condition, further confirming the second authority information as unauthorized authority information.

Description

Equipment access verification system based on gateway of Internet of things Technical Field The invention relates to the technical field of the Internet of things, in particular to a device access verification system based on an Internet of things gateway. Background At present, with the popularization of networks, the fire and heat development of industries such as mobile office, internet of things, internet of vehicles and the like, network architecture is increasingly complicated, how to define network boundaries of companies and protect intranet resources deployed in various places becomes a problem that needs to be faced by many large enterprises nowadays, and identity authentication and edge access are capabilities that the enterprises must possess. In the conventional centralized network architecture, however, the access of the terminal device of the user needs to be authenticated at the gateway of the network, and once the authentication service of the gateway is abnormal, a large number of unsafe user accesses are caused. Therefore, the invention provides a device access verification system based on the gateway of the Internet of things. Disclosure of Invention The invention provides a device access verification system based on an Internet of things gateway, which is used for acquiring device information to be accessed in real time, storing the device information to be accessed acquired in real time and transmitting the device information to be accessed to a device analysis processor, acquiring a device analysis result, sending qualified verification to gateway devices based on the device analysis result, acquiring a first verification result, carrying out security verification on each device to be accessed according to the device analysis result, acquiring a second verification result, carrying out comprehensive security authentication on the device to be accessed based on the first verification result and the second verification result, and solving the problem that a large number of unsafe users access once the authentication service of the gateway is abnormal in the background technology. The invention provides a device access verification system based on an Internet of things gateway, which comprises the following steps: The information acquisition module is used for acquiring the information of the equipment to be accessed in real time, storing the information of the equipment to be accessed acquired in real time and transmitting the information to the equipment analysis processor to acquire an equipment analysis result; the first verification module is used for sending a qualified verification request to the gateway equipment and obtaining a first verification result of the same equipment to be accessed; the second verification module is used for carrying out security verification on the corresponding equipment to be accessed according to the equipment analysis result, and obtaining a second verification result; And the security authentication module is used for carrying out comprehensive security authentication on the same equipment to be accessed based on the first verification result and the second verification result. Preferably, the information acquisition module includes: The detection unit is used for detecting whether equipment sends an access gateway request in real time, and if so, generating an equipment acquisition instruction; The acquisition unit is used for acquiring the information of the equipment to be accessed according to the equipment acquisition instruction; The transmission unit is used for transmitting the equipment information to be accessed to the equipment analysis processor through a 5G network and starting the equipment analysis function of the equipment analysis processor; The receiving unit is used for receiving and counting the equipment analysis result of the equipment analysis processor for each piece of equipment information to be accessed, wherein the equipment analysis result comprises equipment type, equipment software and hardware information and equipment safety information. Preferably, the first verification module includes: the first acquisition unit is used for acquiring the unique identification code of each device to be accessed according to the device analysis result; The generating unit is used for generating a question verification code of each device to be accessed according to the unique identification code of the device to be accessed; The detection unit is used for receiving verification information fed back by each device to be accessed for the questioning type question verification code and detecting whether the verification information is qualified or not; And the first verification unit is used for verifying whether the verification information is qualified or not when the verification information is consistent with the standard answer, and if the verification information is inconsistent with the standard answer, the verification is not