Search

CN-116232616-B - Equipment communication method and device based on MQTT protocol

CN116232616BCN 116232616 BCN116232616 BCN 116232616BCN-116232616-B

Abstract

The embodiment of the invention provides a device communication method and device based on an MQTT protocol, wherein the method is applied to an MQTT theme management server and comprises the following steps of receiving a first message reported by a controlled node, wherein the first message comprises a device ID of the controlled node; and after authenticating the control node, sending the random theme to the control node so that the control node and the controlled node can carry out MQTT protocol communication through the random theme. In the invention, the MQTT theme of the node communication is managed through the MQTT theme management server, and the MQTT theme is randomized, so that a malicious network node cannot intercept or interfere the node communication, thereby improving the communication security among nodes of the MQTT protocol network.

Inventors

  • Sun Yimu

Assignees

  • 中兴通讯股份有限公司

Dates

Publication Date
20260512
Application Date
20211202

Claims (16)

  1. 1. The device communication method based on the MQTT protocol is applied to an MQTT theme management server and is characterized by comprising the following steps: Receiving a first message reported by a controlled node, wherein the first message comprises the equipment ID of the controlled node; generating a random theme corresponding to the device ID of the controlled node, and returning the random theme to the controlled node; after authenticating a control node, the random theme is sent to the control node so that the control node and a controlled node can communicate with each other through the MQTT protocol by the random theme; wherein the MQTT theme management server generates a random theme corresponding to the device ID of the controlled node and returns the random theme to the controlled node, comprising: The MQTT theme management server calls a random character string generator to generate a first random character string as the random theme, and caches the mapping between the device ID of the controlled node and the first random character string; the MQTT theme management server returns the first random character string to the controlled node; Wherein before the MQTT theme management server sends the random theme to the control node, the MQTT theme management server further includes: The MQTT theme management server receives an authentication message reported by the control node in a POST mode of HTTP, wherein the authentication message comprises a user name and a password which are required by the authentication of the control node; the MQTT topic management server sends a first reply message to the control node, wherein a Cookie is set in the first reply message as an authentication mark; the MQTT topic management server receives a second message sent by the control node, wherein the second message comprises the equipment ID of the controlled node and the Cookie returned in the first reply message; The MQTT theme management server confirms that a node sending the message is the control node according to the Cookie in the second message, searches the first random character string in the mapping of the cached equipment ID and the first random character string according to the equipment ID in the message, generates a second random character string, and returns the first random character string and the second random character string to the control node.
  2. 2. The method of claim 1, wherein the MQTT theme management server receiving the first message reported by the controlled node comprises: And the MQTT theme management server receives the first message reported by the controlled node through a POST method of HTTP.
  3. 3. The method of claim 1, further comprising, after the MQTT theme management server returns the first random string to the controlled node: The MQTT topic management server sends a first subscription message to an MQTT proxy server, wherein subscription topics in the first subscription message are heritage topics, and the heritage topics comprise the first random character strings and fixed suffixes.
  4. 4. The method of claim 3, wherein after the MQTT theme management server returns the first random string to the controlled node, further comprising: and the controlled node sends an MQTT connection message to the MQTT proxy server, wherein the legacy subject in the MQTT connection message contains the first random character string and a fixed suffix.
  5. 5. The method as recited in claim 4, further comprising: And after the controlled node MQTT is successfully connected, sending a second subscription message to the MQTT proxy server, wherein the subscription topic in the second subscription message is the first random character string.
  6. 6. The method of claim 1, wherein after returning the first random string and the second random string to the control node, further comprising: the control node sends a third subscription message to an MQTT proxy server, wherein the topic of subscription in the third subscription message is the second random string; After receiving the reply of successful subscription of the MQTT proxy server, the control node sends a first distribution message to the MQTT proxy server, wherein the MQTT main topic of the first distribution message is the first random character string, and the message content comprises a management message and a second random character string.
  7. 7. The method of claim 6, wherein after the MQTT proxy server receives the first published message, further comprising: the MQTT proxy server forwards the first distribution message to the controlled node; After the controlled node executes the management message according to the first distribution message, sending a second distribution message to the MQTT proxy server, wherein the MQTT main question of the second distribution message is the second random character string, and the message content is the reply of the management message; And after receiving the second release message, the MQTT proxy server forwards the second release message to the control node based on the MQTT theme as a second random string.
  8. 8. The method as recited in claim 5, further comprising: and if the MQTT proxy server finds that the controlled node is offline, sending a third release message to all nodes subscribing the heritage theme, wherein the message content of the third release message is that the controlled node is offline.
  9. 9. The method as recited in claim 8, further comprising: And after receiving the third release message, the MQTT theme management server deletes the cached mapping between the device ID of the controlled node and the first random character string according to the random theme.
  10. 10. The method as recited in claim 9, further comprising: The MQTT theme management server receives an authentication message reported by the control node in a POST mode of HTTP, wherein the authentication message comprises a user name and a password which are required by the authentication of the control node; the MQTT topic management server sends a first reply message to the control node, wherein a Cookie is set in the first reply message as an authentication mark; the MQTT topic management server receives a second message sent by the control node, wherein the second message comprises the equipment ID of the controlled node and the returned Cookie; And the MQTT theme management server confirms that the node sending the message is the control node according to the Cookie in the second message, searches the first random character string in the mapping of the cached equipment ID and the first random character string according to the equipment ID in the message, and if the first random character string cannot be found, sends a second reply message to the control node, wherein the content of the second reply message is that the controlled node cannot be found.
  11. 11. The method of claim 10, wherein after the MQTT theme management server sends the second reply message to the control node, further comprising: And the control node gives up the management of the controlled node at this time when finding that the controlled node is offline according to the received second reply message.
  12. 12. An apparatus communication method based on an MQTT protocol, applied to a controlled node, is characterized by comprising: Reporting a first message to an MQTT theme management server, wherein the first message comprises the equipment ID of the controlled node; Receiving a random theme corresponding to the device ID of the controlled node, which is generated by the MQTT theme management server; after the control node passes the authentication of the MQTT topic management server and obtains the random topic from the MQTT topic management server, the controlled node and the control node carry out MQTT protocol communication through the random topic; The device communication method based on the MQTT protocol further comprises the steps of receiving a first distribution message sent by an MQTT proxy server, and sending a second distribution message to the MQTT proxy server after management information is executed according to the first distribution message, wherein the MQTT topic of the second distribution message is a second random character string, and the message content is the reply of the management message.
  13. 13. An MQTT theme management server, comprising: The first receiving module is used for receiving a first message reported by the controlled node, wherein the first message comprises the equipment ID of the controlled node; a generation module, configured to generate a random theme corresponding to a device ID of the controlled node, and return the random theme to the controlled node; the authentication module is used for transmitting the random theme to the control node after authenticating the control node so that the control node and the controlled node can communicate with each other through the MQTT protocol by the random theme; The MQTT theme management server is also used for calling a random character string generator, generating a first random character string as the random theme, and caching the mapping between the device ID of the controlled node and the first random character string; The MQTT theme management server is further used for receiving an authentication message reported by the control node in a POST mode of HTTP, wherein the authentication message comprises a user name and a password required by authentication of the control node, sending a first reply message to the control node, wherein a Cookie is set in the first reply message to serve as an authentication mark, receiving a second message sent by the control node, wherein the second message comprises a device ID of the controlled node and the Cookie returned in the first reply message, confirming that the node sending the message is the control node according to the Cookie in the second message, searching the first random string in a mapping of the cached device ID and the first random string according to the device ID in the message, generating a second random string, and returning the first random string and the second random string to the control node.
  14. 14. A controlled node, comprising: The sending module is used for reporting a first message to the MQTT theme management server, wherein the first message comprises the equipment ID of the controlled node; the second receiving module is used for receiving the random theme corresponding to the device ID of the controlled node, which is generated by the MQTT theme management server; The communication module is used for carrying out MQTT protocol communication with the control node through the random theme after the control node passes the authentication of the MQTT theme management server and obtains the random theme from the MQTT theme management server; The controlled node is further configured to receive a first distribution message sent by the MQTT proxy server, and send a second distribution message to the MQTT proxy server after the management message is executed according to the first distribution message, where an MQTT topic of the second distribution message is a second random string, and a message content is a reply of the management message.
  15. 15. A computer readable storage medium, characterized in that a computer program is stored in the computer readable storage medium, wherein the computer program, when being executed by a processor, implements the steps of the method according to any of the claims 1 to 11.
  16. 16. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 11 when the computer program is executed.

Description

Equipment communication method and device based on MQTT protocol Technical Field The embodiment of the invention relates to the field of communication, in particular to a device communication method and device based on a message queue telemetry transport (Message Queuing Telemetry Transport, MQTT) protocol. Background The MQTT protocol is an Internet of things communication protocol. As an instant messaging protocol with low cost and low bandwidth occupation, the method has wider application in the aspects of Internet of things, small-sized equipment, mobile application and the like. In the internet of things system, there is always a point-to-point device configuration/information query requirement. The MQTT protocol is based on a Publish/Subscribe (Publish/Subscribe) mode, in which two internet of things nodes with communication requirements often communicate through agreed topics. Under this mechanism, if there are malicious MQTT nodes in the network that are aware of the contracted topics, the privacy information can be stolen by subscribing to the specific topic or the wrong configuration information can be published to the specific topic. Creating a significant information security risk. The current common approach to preventing such security problems is to prohibit illegal nodes from accessing the MQTT network. The bidirectional authentication function of the transport layer security (Transport Layer Security, TLS) protocol is used as under the MQTT protocol to ensure that only legitimate devices can access the MQTT network. However, this solution has the following drawbacks: 1. if the software of the Internet of things equipment is cracked, the illegal equipment can also be authenticated to access the MQTT network by extracting the corresponding authentication certificate; 2. The network attacker can invade the Internet of things equipment which is accessed to the MQTT network through other network services of the Internet of things equipment, so that the purpose of illegally invading the MQTT network is achieved. Disclosure of Invention The embodiment of the invention provides a device communication method and device based on an MQTT protocol, which at least solve the problem that safety risk exists in the device-to-device communication based on the MQTT protocol in the related technology. According to one embodiment of the invention, a device communication method based on an MQTT protocol is provided, and the device communication method is applied to an MQTT theme management server, and comprises the steps of receiving a first message reported by a controlled node, wherein the first message comprises a device ID of the controlled node, generating a random theme corresponding to the device ID of the controlled node, returning the random theme to the controlled node, and sending the random theme to the control node after authenticating the control node so that the control node and the controlled node can communicate with each other through the MQTT protocol through the random theme. In one exemplary embodiment, the MQTT topic management server receiving a first message reported by a controlled node includes the MQTT topic management server receiving the first message reported by the controlled node through a submission (POST) method of a hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP). In one exemplary embodiment, the MQTT topic management server generates a random topic corresponding to the device ID of the controlled node and returns the random topic to the controlled node, and the MQTT topic management server calls a random character string generator to generate a first random character string as the random topic and caches the mapping of the device ID of the controlled node and the first random character string, and returns the first random character string to the controlled node. In one exemplary embodiment, after the MQTT topic management server returns the first random string to the controlled node, the MQTT topic management server sends a first subscription message to an MQTT proxy server, wherein a subscription topic in the first subscription message is a legacy topic, and the legacy topic comprises the first random string and a fixed suffix. In an exemplary embodiment, after the MQTT topic management server returns the first random string to the controlled node, the controlled node sends an MQTT connection message to the MQTT proxy server, wherein the legacy topic in the MQTT connection message contains the first random string and a fixed suffix. In an exemplary embodiment, the method further comprises sending a second subscription message to the MQTT proxy server after the controlled node MQTT connection is successful, the subscription topic in the second subscription message being the first random string. In an exemplary embodiment, before the MQTT theme management server sends the random theme to the control node, the MQTT theme management server further comprises recei