CN114697067A - Internet of things system based on safety guide and group sharing - Google Patents

Internet of things system based on safety guide and group sharing Download PDF

Info

Publication number
CN114697067A
CN114697067A CN202111317680.6A CN202111317680A CN114697067A CN 114697067 A CN114697067 A CN 114697067A CN 202111317680 A CN202111317680 A CN 202111317680A CN 114697067 A CN114697067 A CN 114697067A
Authority
CN
China
Prior art keywords
user
internet
iot
resource device
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111317680.6A
Other languages
Chinese (zh)
Inventor
许贵富
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feirui Technology Co ltd
Original Assignee
Feirui Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feirui Technology Co ltd filed Critical Feirui Technology Co ltd
Publication of CN114697067A publication Critical patent/CN114697067A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y20/00Information sensed or collected by the things
    • G16Y20/40Information sensed or collected by the things relating to personal data, e.g. biometric data, records or preferences
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/10Detection; Monitoring
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y40/00IoT characterised by the purpose of the information processing
    • G16Y40/50Safety; Security of things, users, data or systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2575NAT traversal using address mapping retrieval, e.g. simple traversal of user datagram protocol through session traversal utilities for NAT [STUN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • H04N7/181Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast for receiving images from a plurality of remote sources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明提供一种物联网系统,包括云端账号服务器,配置以管理与多个使用者各自对应的多个使用者账号,其中该多个使用者包括第一使用者;多个物联网装置,各物联网装置分别与该云端账号服务器通信连接,其中多个物联网装置包括与该第一使用者对应的第一物联网装置,且该第一物联网装置配置以保存由第一使用者所设定的第一授权列表;以及多个周边装置,该多个周边装置包括与该第一物联网装置直接连接或通信连接的第一周边装置。第一物联网装置是基于第一授权列表以判定其他使用者是否具有存取该第一周边装置的第一权限。

Figure 202111317680

The present invention provides an Internet of Things system, comprising a cloud account server configured to manage a plurality of user accounts corresponding to a plurality of users, wherein the plurality of users includes a first user; a plurality of Internet of Things devices, each The IoT devices are respectively connected in communication with the cloud account server, wherein the plurality of IoT devices include a first IoT device corresponding to the first user, and the first IoT device is configured to store settings set by the first user a predetermined first authorization list; and a plurality of peripheral devices, the plurality of peripheral devices including a first peripheral device directly connected or communicatively connected with the first Internet of Things device. The first Internet of Things device determines whether other users have the first permission to access the first peripheral device based on the first authorization list.

Figure 202111317680

Description

基于安全导向暨群组分享的物联网系统IoT system based on security orientation and group sharing

本申请要求申请日为2020年12月25日,申请号为109146142,发明创造名称为“基于安全导向暨群组分享之物联网系统”的优先权。This application claims that the filing date is December 25, 2020, the application number is 109146142, and the invention-creation title is "Internet of Things system based on security orientation and group sharing".

技术领域technical field

本发明是关于物联网系统。更具体而言,本发明是关于一种基于安全导向暨群组分享的物联网系统。The present invention relates to the Internet of Things system. More specifically, the present invention relates to an IoT system based on security orientation and group sharing.

背景技术Background technique

在先前技术中,物联网联机技术为点对点(P2P)的网络联机机制。当任一物联网装置与另一物联网装置连接时,被授权物联网装置必须先建立授权账号与对应密码,此组账号与密码会在联机时用以确认身份。因此,每个物联网装置需要对每个请求存取物联网装置资源的网络联机建立专属账号与密码,使得物联网装置管理者需要在建立各联机账号时间的层面上耗费大量时间。In the prior art, the IoT connection technology is a peer-to-peer (P2P) network connection mechanism. When any IoT device is connected to another IoT device, the authorized IoT device must first establish an authorization account and a corresponding password, and this set of accounts and passwords will be used to confirm the identity during connection. Therefore, each IoT device needs to establish a dedicated account and password for each network connection requesting access to the IoT device resources, so that the IoT device administrator needs to spend a lot of time in establishing each connection account.

此外,当P2P的网络联机无法穿墙建立联机时,会采用中继服务器(Relay Server)机制进行网络联机,此中继服务器会先暂存联机交换资料,然后再传给目的地的物联网装置。采用此机制会产生以下缺点:(1)信息保存中继服务器有信息泄露安全疑虑;(2)资料经过中继服务器增加网络延迟时间;以及(3)使用中继服务器会增加云端服务器网络使用带宽等缺点。In addition, when the P2P network connection cannot be established through the wall, a relay server (Relay Server) mechanism will be used for network connection. The relay server will temporarily store the connection exchange data, and then transmit it to the destination IoT device. . Using this mechanism will have the following disadvantages: (1) the information storage relay server has security concerns about information leakage; (2) the data passes through the relay server to increase the network delay time; and (3) the use of the relay server will increase the network bandwidth of the cloud server. and other shortcomings.

另外,已知物联网关于存取储存、监控、屏幕播放等资源的账号信息是个别建立与存放于各物联网装置内,并无透过云端服务器整合账号资源,且不存在便利共同授权架构而能使用一致性协议来授权与存取各自资源。因此,当各物联网装置欲分享储存、监控、屏幕播放等资源时,必需在各物联网装置上建立专属的账号与密码,管理费时外,尚需整合不同资源授权协议会产生以下缺点:(1)物联网装置间透过不同资源授权协议接口连接执行效率较一致性资源授权协议差;(2)开发系统需整合不同资源授权协议接口耗费大量时间。In addition, it is known that the account information for accessing storage, monitoring, screen playback and other resources in the Internet of Things is individually established and stored in each Internet of Things device, and account resources are not integrated through a cloud server, and there is no convenient common authorization structure. A consensus protocol can be used to authorize and access the respective resources. Therefore, when each IoT device wants to share resources such as storage, monitoring, screen playback, etc., it is necessary to create a dedicated account and password on each IoT device. In addition to time-consuming management, it is necessary to integrate different resource authorization protocols, resulting in the following disadvantages: ( 1) The connection between IoT devices through different resource authorization protocol interfaces is less efficient than the consistent resource authorization protocol; (2) The development system needs to integrate different resource authorization protocol interfaces, which takes a lot of time.

因此,目前业界正寻求一种基于安全导向暨群组分享的物联网系统,能够建立便捷的授权分配机制且加强物联网系统的数据安全性。Therefore, the industry is currently seeking an IoT system based on security orientation and group sharing, which can establish a convenient authorization distribution mechanism and enhance the data security of the IoT system.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明提供一种物联网系统,用以改善前述提供便捷的授权分配机制且加强物联网系统的数据安全性。In view of this, the present invention provides an IoT system for improving the aforementioned convenient authorization distribution mechanism and enhancing the data security of the IoT system.

在一些实施例中,该物联网系统包括一云端账号服务器,配置以管理与多个使用者各自对应的多个使用者账号,其中该多个使用者包括第一使用者;多个物联网装置,各物联网装置分别与该云端账号服务器通信连接,其中所述多个物联网装置包括与该第一使用者对应的第一物联网装置,且该第一物联网装置是配置以保存由该第一使用者所设定的第一授权列表;以及多个周边装置,所述多个周边装置包括与该第一物联网装置直接连接或通信连接的第一周边装置。在一些实施例中,该第一物联网装置是基于该第一授权列表以判定其他使用者是否具有存取该第一周边装置的第一权限。各使用者能向云端服务器申请使用者账号。In some embodiments, the IoT system includes a cloud account server configured to manage a plurality of user accounts corresponding to a plurality of users, wherein the plurality of users include a first user; a plurality of IoT devices , each IoT device is respectively connected to the cloud account server in communication, wherein the plurality of IoT devices include a first IoT device corresponding to the first user, and the first IoT device is configured to save the a first authorization list set by a first user; and a plurality of peripheral devices, the plurality of peripheral devices including a first peripheral device directly or communicatively connected to the first Internet of Things device. In some embodiments, the first Internet of Things device determines whether other users have the first permission to access the first peripheral device based on the first authorization list. Each user can apply for a user account to the cloud server.

在一些实施例中,该第一周边装置包括第一储存资源装置、第一监控资源装置、或第一显示资源装置的至少之一。In some embodiments, the first peripheral device includes at least one of a first storage resource device, a first monitoring resource device, or a first display resource device.

在另一实施例中,该复多个物联网装置还包括与第二使用者对应的第二物联网装置,且该第二物联网装置配置以保存由该第二使用者所设定的第二授权列表;该多个周边装置更包括与该第二物联网装置直接连接或通信连接的第二周边装置,其中,该第二物联网装置是基于该第二授权列表加以判定其他使用者是否具有存取该第二周边装置的第二权限,且该第二周边装置包括第二储存资源装置、第二监控资源装置、或第二显示资源装置的至少一者;该多个物联网装置还包括与第三使用者对应的第三物联网装置,且该第三物联网装置配置以保存由该第三使用者所设定的第三授权列表;以及该复多个周边装置还包括与该第三物联网装置直接连接或通信连接的第三周边装置,其中,该第三物联网装置是基于该第三授权列表加以判定其他使用者是否具有存取该第三周边装置的第三权限,且该第三周边装置包括第三储存资源装置、第三监控资源装置、或第三显示资源装置的至少之一。In another embodiment, the plurality of IoT devices further include a second IoT device corresponding to the second user, and the second IoT device is configured to store the first IoT device set by the second user. Two authorization lists; the plurality of peripheral devices further include a second peripheral device directly connected or communicatively connected to the second IoT device, wherein the second IoT device determines whether other users are based on the second authorization list having a second authority to access the second peripheral device, and the second peripheral device includes at least one of a second storage resource device, a second monitoring resource device, or a second display resource device; the plurality of IoT devices also Including a third Internet of Things device corresponding to a third user, and the third Internet of Things device is configured to store a third authorization list set by the third user; and the plurality of peripheral devices also include and the A third peripheral device directly connected or communicatively connected by the third IoT device, wherein the third IoT device determines whether other users have the third permission to access the third peripheral device based on the third authorization list, And the third peripheral device includes at least one of a third storage resource device, a third monitoring resource device, or a third display resource device.

在另一实施例中,该云端账号服务器还包括云端账号服务器私钥、以及与该云端账号服务器私钥对应的云端账号服务器公钥;该云端机器服务器更包括云端机器服务器私钥、以及与该云端机器服务器私钥对应的云端机器服务器公钥;该STUN云端服务器还包括STUN云端服务器私钥、以及与该STUN云端服务器私钥对应的STUN云端服务器公钥;该P2P信息交换云端服务器更包括P2P信息交换云端服务器私钥、以及与该P2P信息交换云端服务器私钥对应的P2P信息交换云端服务器公钥;该多个使用者各自更具有对应的输出与输入设备,其中该第一使用者具有第一输出及输入装置,该第一输出及输入装置包括第一输出及输入装置私钥、以及与所述第一输出及输入装置私钥对应的第一输出及输入装置公钥;该多个物联网装置更包括与第二使用者对应的第二物联网装置,其中该第一物联网装置包括第一物联网装置私钥、以及与该第一物联网装置私钥对应的第一物联网装置公钥,且该第二物联网装置包括第二物联网装置私钥、以及与该第二物联网装置私钥对应的第二物联网装置公钥;以及该第一周边装置更包括第一周边装置私钥、以及与该第一周边装置私钥对应的第一周边装置公钥。In another embodiment, the cloud account server further includes a cloud account server private key and a cloud account server public key corresponding to the cloud account server private key; the cloud machine server further includes a cloud machine server private key, and a cloud account server The cloud machine server public key corresponding to the cloud machine server private key; the STUN cloud server also includes the STUN cloud server private key and the STUN cloud server public key corresponding to the STUN cloud server private key; the P2P information exchange cloud server further includes P2P Information exchange cloud server private key, and P2P information exchange cloud server public key corresponding to the P2P information exchange cloud server private key; each of the plurality of users further has corresponding output and input devices, wherein the first user has the first user an output and input device, the first output and input device includes a first output and input device private key, and a first output and input device public key corresponding to the first output and input device private key; the plurality of things The networking device further includes a second IoT device corresponding to the second user, wherein the first IoT device includes a private key of the first IoT device, and the first IoT device corresponding to the private key of the first IoT device a public key, and the second IoT device includes a second IoT device private key and a second IoT device public key corresponding to the second IoT device private key; and the first peripheral device further includes a first peripheral A device private key, and a first peripheral device public key corresponding to the first peripheral device private key.

本发明的其他实施方式以及优点,可由以下用以显示本发明原理范例的详细说明并结合随附图式而更显明白。此外,本说明书中将不再赘述为人所熟知的组件与原理,以免对本发明造成不必要的混淆。Other embodiments and advantages of the present invention will become apparent from the following detailed description showing an example of the principles of the invention, taken in conjunction with the accompanying drawings. In addition, well-known components and principles will not be repeated in this specification, so as not to unnecessarily obscure the present invention.

附图说明Description of drawings

在本发明的图式中,相同的参考符号是代表相同或类似的组件。此外,由于该多个图式仅为示例,故其并非按照实际比例绘制。In the drawings of the present invention, the same reference signs refer to the same or similar components. Furthermore, since the various figures are only examples, they are not drawn to actual scale.

图1是根据本发明的实施例而显示物联网系统的示意图。FIG. 1 is a schematic diagram showing an IoT system according to an embodiment of the present invention.

图2A是根据本发明的一实施例而显示第一授权列表的示意性表格。FIG. 2A is a schematic table showing a first authorization list according to an embodiment of the present invention.

图2B是根据本发明的另一实施例而显示第一授权列表的另一方式。FIG. 2B is another way of displaying the first authorization list according to another embodiment of the present invention.

附图标记说明:Description of reference numbers:

100:物联网系统;101:云端;102:云端机器服务器;103:云端账号服务器;104:STUN云端服务器;105:P2P信息交换云端服务器;110:第一使用者;111:第一物联网装置;112:第一储存资源装置;113:第一监控资源装置;114:第一显示资源装置;120:第二使用者;121:第二物联网装置;122:第二储存资源装置;123:第二监控资源装置;124:第二显示资源装置;130:第三使用者;131:第三物联网装置;132:第三储存资源装置;133:第三监控资源装置;134:第三显示资源装置;200:第一授权列表;201:第一授权列表的另一态样;210:第一使用者账号;211:第一朋友授权清单;212:第一群组授权清单;212a:第一群组清单;212b:第二群组清单;213:第一其他授权清单;220:第二使用者账号;230:第三使用者账号;270:箭头。100: IoT system; 101: Cloud; 102: Cloud machine server; 103: Cloud account server; 104: STUN cloud server; 105: P2P information exchange cloud server; 110: First user; 111: First IoT device ; 112: first storage resource device; 113: first monitoring resource device; 114: first display resource device; 120: second user; 121: second IoT device; 122: second storage resource device; 123: 124: second display resource device; 130: third user; 131: third IoT device; 132: third storage resource device; 133: third monitoring resource device; 134: third display resource device; 200: the first authorization list; 201: another aspect of the first authorization list; 210: the first user account; 211: the first friend authorization list; 212: the first group authorization list; 212a: the first 212b: second group list; 213: first other authorization list; 220: second user account; 230: third user account; 270: arrow.

具体实施方式Detailed ways

现在将参照数个如随附图式中所描述的较佳实施例来详细说明本发明。在以下叙述中,提出许多特定细节以提供本发明的通盘了解。然而,在本技术领域中具有基本常识的人应当理解,在缺少若干或全部这些特定细节的情况下仍可实施本发明。The invention will now be described in detail with reference to several preferred embodiments as depicted in the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a general understanding of the present invention. However, one having basic knowledge in the art will understand that the present invention may be practiced in the absence of some or all of these specific details.

图1是根据本发明的实施例而显示物联网系统100的示意图。如图1中所显示,云端101包括用于管理物联网装置的云端机器服务器102、用于管理使用者账号的云端账号服务器103、P2P穿墙联机的STUN云端服务器104、以及P2P穿墙联机的P2P信息交换云端服务器105。举例来说,第一使用者110与第二使用者120可分别向云端账号服务器103注册对应的第一使用者账号与第二使用者账号。云端账号服务器103可管理所有使用者的使用者账号、使用者密码、账号是否允许公开让他人搜寻选项、Email、手机号码等使用者信息。应当理解,虽然此处举例两位使用者,但本发明并不限于此。根据实际使用状况,本物联网系统可包括更多(例如,3位以上)、或更少(例如,1位以下)使用者。FIG. 1 is a schematic diagram showing an IoT system 100 according to an embodiment of the present invention. As shown in FIG. 1 , the cloud 101 includes a cloud machine server 102 for managing IoT devices, a cloud account server 103 for managing user accounts, a STUN cloud server 104 for P2P through-wall connection, and a P2P through-wall connection P2P information exchange cloud server 105 . For example, the first user 110 and the second user 120 can respectively register the corresponding first user account and the second user account with the cloud account server 103 . The cloud account server 103 can manage all users' user accounts, user passwords, whether the accounts are allowed to be disclosed for others to search for options, emails, mobile phone numbers and other user information. It should be understood that although two users are illustrated here, the present invention is not limited thereto. According to actual usage conditions, the IoT system may include more (eg, more than 3) or fewer (eg, less than 1) users.

如图1的实施例中所显示,第一使用者110所拥有的第一物联网装置111可与云端101(包括云端机器服务器102、云端账号服务器103、STUN云端服务器104、P2P信息交换云端服务器105)通信连接,例如通过局域网络、因特网、有线网络、无线网络等通信连接方法。类似地,第二使用者120所拥有的第二物联网装置121可与云端101通信连接。应当理解,虽然此处列举两个物联网装置,但本发明并不限于此。根据需求,本物联网系统可包括更多(例如,3个以上)、或更少(例如,1个)物联网装置。另外,一位使用者并不受限于拥有一个物联网装置,而是可依据需求而拥有更少(例如,0个)或更多(例如,2个以上)物联网装置。As shown in the embodiment of FIG. 1 , the first IoT device 111 owned by the first user 110 can exchange information with the cloud 101 (including the cloud machine server 102 , the cloud account server 103 , the STUN cloud server 104 , and the P2P information exchange cloud server). 105) Communication connection, for example, through a communication connection method such as a local area network, the Internet, a wired network, and a wireless network. Similarly, the second IoT device 121 owned by the second user 120 can communicate with the cloud 101 . It should be understood that although two IoT devices are listed here, the present invention is not limited thereto. The present IoT system may include more (eg, more than 3), or fewer (eg, 1) IoT devices, as required. In addition, a user is not limited to owning one IoT device, but may own fewer (eg, 0) or more (eg, more than 2) IoT devices according to needs.

第一物联网装置111可对应于(例如,绑定)第一使用者110,而第二物联网装置121可对应于第二使用者120。更具体而言,第一物联网装置111是经由与第一使用者账号210对应而绑定于第一使用者110;第二物联网装置121是经由与第二使用者账号220对应而绑定于第二使用者120。云端机器服务器102可管理各物联网装置(例如,第一物联网装置111及第二物联网装置121)的绑定信息(例如,与各物联网装置对应的使用者账号)、机器装置标识符(ID)、及其他装置信息。各物联网装置的机器装置ID及其他装置信息可储存于信息条形码中。The first IoT device 111 may correspond to (eg, bind) the first user 110 , and the second IoT device 121 may correspond to the second user 120 . More specifically, the first IoT device 111 is bound to the first user 110 by corresponding to the first user account 210 ; the second IoT device 121 is bound by corresponding to the second user account 220 to the second user 120 . The cloud machine server 102 can manage the binding information (for example, the user account corresponding to each IoT device) and machine device identifiers of each IoT device (eg, the first IoT device 111 and the second IoT device 121 ) (ID), and other device information. The machine device ID and other device information of each IoT device can be stored in the information barcode.

在一实施例中,使用者可例如通过行动装置登入云端账号服务器103进行身分验证,接着将对应的使用者账号与欲绑定的机器装置ID上传至云端机器服务器102,即可完成物联网装置与使用者的绑定。此外,使用者亦可变更物联网装置的绑定状态。举例来说,使用者可例如通过行动装置与云端机器服务器102通信连接,并输入欲绑定的物联网装置信息(例如,通过扫描信息条形码、或是直接输入机器装置ID)。接着,云端机器服务器102判断该物联网装置是否已被其他使用者绑定。若该物联网装置已被另一使用者绑定,则需要输入该另一使用者的使用者账号及密码进行解除装置绑定,方可续行前述的物联网装置绑定操作。应当注意,虽然此处是以行动装置进行说明,但此仅是使用以辅助说明,本发明并不受限于行动装置,而是可依据实际操作状况使用个人计算机、笔记本电脑、PAD等装置进行操作。In one embodiment, the user can log in to the cloud account server 103 through a mobile device for identity verification, and then upload the corresponding user account and the device ID to be bound to the cloud server 102 to complete the IoT device. Binding to the user. In addition, the user can also change the binding state of the IoT device. For example, the user can communicate with the cloud machine server 102 through a mobile device, and input the information of the IoT device to be bound (for example, by scanning the barcode of the information, or directly inputting the machine device ID). Next, the cloud machine server 102 determines whether the IoT device has been bound by other users. If the IoT device has been bound by another user, it is necessary to input the user account and password of the other user to unbind the device, and then the aforementioned IoT device binding operation can be continued. It should be noted that although a mobile device is used for description here, this is only used for auxiliary description. The present invention is not limited to a mobile device, but can be performed by using a personal computer, a notebook computer, a PAD and other devices according to the actual operating conditions. operate.

在一实施例中,各物联网装置可连接、或通信连接至一或更多周边装置。如图1中所显示,第一物联网装置111可任选地与第一周边装置直接连接、或通信连接。该第一周边装置包括第一储存资源装置112、第一监控资源装置113、或第一显示资源装置114。各物联网装置可保存由其对应使用者所设定的授权列表。例如,在第一物联网装置111内可保存由第一使用者110所设定的第一授权列表,该第一授权列表记载与该第一物联网装置111连接的第一周边装置,并用以判断使用者(例如,第二使用者120)是否具有存取第一周边装置的第一权限。应当理解,各使用者可具有与其分别对应的物联网装置、以及与各物联网装置连接的周边装置的全部管理权限。In one embodiment, each IoT device may be connected, or communicatively connected, to one or more peripheral devices. As shown in FIG. 1, the first IoT device 111 may optionally be directly connected, or communicatively connected, with the first peripheral device. The first peripheral device includes a first storage resource device 112 , a first monitoring resource device 113 , or a first display resource device 114 . Each IoT device can save an authorization list set by its corresponding user. For example, a first authorization list set by the first user 110 may be stored in the first IoT device 111 , and the first authorization list records the first peripheral devices connected to the first IoT device 111 and is used for It is determined whether the user (eg, the second user 120 ) has the first authority to access the first peripheral device. It should be understood that each user may have all the management rights of the corresponding IoT device and peripheral devices connected to each IoT device.

应当理解,虽然上方说明是具体指出第一使用者、第一物联网装置、及第一周边装置,但本发明并不限于此,上述内容亦适用于其他使用者(例如,第二使用者120)、其对应的物联网装置(例如,第二物联网装置121)、及相关的周边装置。It should be understood that although the above description specifically refers to the first user, the first IoT device, and the first peripheral device, the present invention is not limited thereto, and the above-mentioned content is also applicable to other users (for example, the second user 120 ). ), its corresponding IoT device (eg, the second IoT device 121 ), and related peripheral devices.

在一实施例中,各使用者可分别从所有使用者账号中进行选择,以建立其专属的朋友清单。举例来说,第一使用者可建立第一使用者朋友清单,该第一使用者朋友清单中可例如包括0个使用者账号,即代表尚未与任何使用者互相为朋友关系;或是可例如包括10个使用者账号,即代表第一使用者与该10个使用者账号对应的使用者互相为朋友关系。In one embodiment, each user can individually select from all user accounts to create their own friend list. For example, the first user may create a first user friend list, and the first user friend list may include, for example, 0 user accounts, which means that he has not yet become friends with any user; or may, for example, Including 10 user accounts means that the first user and the users corresponding to the 10 user accounts are friends with each other.

承上所述,使用者(例如,第一使用者)还可在授权列表(例如,第一授权列表)中建立朋友授权清单(例如,第一朋友授权清单),以从朋友清单中选择欲授权(例如,第一权限)的对象。以上述示例说明,第一使用者可从该10个使用者账号中例如选择其中5个使用者账号,使与该5个使用者账号对应的使用者具有存取第一周边装置的第一权限。As mentioned above, the user (eg, the first user) may also create a friend authorization list (eg, the first friend authorization list) in the authorization list (eg, the first authorization list) to select the desired friend from the friend list. An object of authorization (eg, first permission). Taking the above example to illustrate, the first user can select, for example, 5 user accounts from the 10 user accounts, so that the users corresponding to the 5 user accounts have the first permission to access the first peripheral device .

在一实施例中,各使用者还可分别从所有使用者账号中进行选择,以建立其专属的群组清单。举例来说,第一使用者可建立第一使用者群组清单,该第一使用者群组清单中可包括一或更多群组,以单一群组为例,该群组可例如包括0个使用者账号,即代表此群组中尚未加入任何使用者;或是可例如包括10个使用者账号,即代表此群组中目前具有与该10个使用者账号对应的使用者。应当理解,群组清单(例如,第一使用者群组清单)可不限于单一群组,而是可依各使用者的实际使用情况以具有不限数量的群组。另外,若在具有两个以上群组的情况下,各使用者可将同一使用者账号加入两个以上的群组,亦即该等群组中的使用者账号是可彼此重复的。In one embodiment, each user can also select from all user accounts to create their own group list. For example, the first user may create a first user group list, and the first user group list may include one or more groups. Taking a single group as an example, the group may include, for example, 0 A user account means that no user has been added to the group; or it can include, for example, 10 user accounts, which means that there are currently users corresponding to the 10 user accounts in the group. It should be understood that the group list (eg, the first user group list) may not be limited to a single group, but may have an unlimited number of groups according to the actual usage of each user. In addition, if there are more than two groups, each user can add the same user account to two or more groups, that is, the user accounts in these groups can be duplicated with each other.

承上所述,使用者(例如,第一使用者)还可在授权列表(例如,第一授权列表)中建立群组授权清单(例如,第一群组授权清单),以从群组清单中选择欲授权的对象。以上述示例说明,第一使用者可从第一使用者群组清单中选择至少一群组,使与该至少一群组中的使用者账号对应的使用者具有存取第一周边装置的第一权限。As mentioned above, the user (eg, the first user) may also create a group authorization list (eg, the first group authorization list) in the authorization list (eg, the first authorization list) to obtain the Select the object you want to authorize. Taking the above example to illustrate, the first user can select at least one group from the first user group list, so that the user corresponding to the user account in the at least one group has the first access to the first peripheral device. a permission.

在一实施例中,使用者(例如,第一使用者)还可在授权列表(例如,第一授权列表)中建立其他授权清单(例如,第一其他授权清单),以保存由云端账号服务器所管理的所有使用者账号,并将权限(例如,第一权限)授权给全部的使用者。In one embodiment, the user (eg, the first user) may also create other authorization lists (eg, the first other authorization list) in the authorization list (eg, the first authorization list), so as to be saved by the cloud account server All user accounts that are managed, and permissions (eg, first permissions) are authorized to all users.

举例来说,请参照图2A,图2A是根据本发明的一实施例而显示第一授权列表200的示意性表格。该第一授权列表200中记载与第一物联网装置111连接的第一周边装置(例如,图2A中为第一储存资源装置112、第一监控资源装置113、及第一显示资源装置114)、以及使用者授权名单。第一使用者110可分别设定能够存取第一储存资源装置112、第一监控资源装置113、或第一显示资源装置114的使用者账号,使得与该使用者账号(例如,第三使用者账号230)对应的使用者(例如,第三使用者130)能够存取和/或使用第一储存资源装置112、第一监控资源装置113、或第一显示资源装置114。此外,由于第一物联网装置111是与第一使用者110绑定,该第一使用者110本质上即具有存取第一周边装置的该第一权限,因此在使用者授权名单中即记载与第一使用者110对应的第一使用者账号210拥有所有周边装置权限(例如第一储存资源装置112、第一监控资源装置113、或第一显示资源装置114)。For example, please refer to FIG. 2A , which is a schematic table showing the first authorization list 200 according to an embodiment of the present invention. The first authorization list 200 records the first peripheral devices connected to the first IoT device 111 (for example, the first storage resource device 112 , the first monitoring resource device 113 , and the first display resource device 114 in FIG. 2A ) , and a list of user authorizations. The first user 110 can respectively set a user account that can access the first storage resource device 112, the first monitoring resource device 113, or the first display resource device 114, so that the user account (for example, the third user account) The user (eg, the third user 130 ) corresponding to the user account 230 ) can access and/or use the first storage resource device 112 , the first monitoring resource device 113 , or the first display resource device 114 . In addition, since the first IoT device 111 is bound to the first user 110, the first user 110 essentially has the first permission to access the first peripheral device, so it is recorded in the user authorization list The first user account 210 corresponding to the first user 110 has permissions for all peripheral devices (eg, the first storage resource device 112 , the first monitoring resource device 113 , or the first display resource device 114 ).

因此,如图2A中的实施例所示,由于第一储存资源装置112的使用者授权名单中仅记载第一使用者账号210与第三使用者账号230,故只有第一使用者110与第三使用者130具有存取第一储存资源装置112的第一权限;在第一监控资源装置113的授权名单中记载第一使用者账号210、第二使用者账号220和第三使用者账号230,故第一使用者110、第二使用者120和第三使用者130均具有存取第一监控资源装置113的第一权限。Therefore, as shown in the embodiment in FIG. 2A , since only the first user account 210 and the third user account 230 are recorded in the user authorization list of the first storage resource device 112 , only the first user 110 and the third user account are recorded. The third user 130 has the first authority to access the first storage resource device 112 ; the first user account 210 , the second user account 220 and the third user account 230 are recorded in the authorization list of the first monitoring resource device 113 , so the first user 110 , the second user 120 and the third user 130 all have the first authority to access the first monitoring resource device 113 .

此外,如图2A的箭头270所显示,第一使用者110还可将该使用者授权名单中的字段设定为“*”,表示该第一周边装置的第一权限是开放给云端账号服务器103中的所有使用者账号,使得与所有使用者账号各自对应的使用者均能够存取该第一周边装置。当使用者经由输入与输出装置(例如,行动装置、个人计算机、笔记本电脑、PAD等)与云端机器服务器102通信连接时,云端机器服务器102可显示所有设定为“*”的物联网装置与其对应周边装置,以向所有使用者表示该周边装置目前开放权限。因此,在图2A的实施例中,第一使用者110和第三使用者130可存取第一储存资源装置112;第一使用者110、第二使用者120和第三使用者130可存取第一监控资源装置113;而在云端账号服务器103中注册使用者账号的所有使用者均可存取第一显示资源装置114。In addition, as shown by the arrow 270 in FIG. 2A , the first user 110 can also set the field in the user authorization list to "*", indicating that the first authorization of the first peripheral device is open to the cloud account server All the user accounts in 103, so that the users corresponding to all the user accounts can access the first peripheral device. When the user communicates with the cloud machine server 102 via input and output devices (eg, mobile devices, personal computers, laptops, PADs, etc.), the cloud machine server 102 can display all IoT devices set as "*" and their Corresponding to the peripheral device to indicate to all users that the peripheral device currently has open permissions. Therefore, in the embodiment of FIG. 2A, the first user 110 and the third user 130 can access the first storage resource device 112; the first user 110, the second user 120 and the third user 130 can store The first monitoring resource device 113 is taken; and all users who have registered user accounts in the cloud account server 103 can access the first display resource device 114 .

接着,请参照图2B,图2B是根据本发明的另一实施例而显示第一授权列表的另一方式201。该第一授权列表的另一态样201中记载第一朋友授权清单211、第一群组授权清单212、第一其他授权清单213、及其各自的资源授权名单,其中第一群组授权清单212包括第一群组清单212a及第二群组清单212b,且该资源授权名单中记载各列表所授权的资源装置。Next, please refer to FIG. 2B , which is another manner 201 for displaying the first authorization list according to another embodiment of the present invention. Another aspect 201 of the first authorization list records a first friend authorization list 211, a first group authorization list 212, a first other authorization list 213, and their respective resource authorization lists, wherein the first group authorization list 212 includes a first group list 212a and a second group list 212b, and the resource authorization list records the resource devices authorized by each list.

如图2B中的实施例所示,第一朋友授权清单211的资源授权名单中记载第一储存资源装置112,故与第一朋友授权清单211中的使用者账号对应的使用者具有存取第一储存资源装置112的第一权限;第一群组清单212a的资源授权名单中记载第一储存资源装置112,故与第一群组清单212a中的使用者账号对应的使用者具有存取第一储存资源装置112的第一权限;第二群组清单212b的资源授权名单中记载第一储存资源装置112、第一监控资源装置113、及第一显示资源装置114,故与第二群组清单212b中的使用者账号对应的使用者具有存取第一储存资源装置112、第一监控资源装置113、及第一显示资源装置114的第一权限;第一其他授权清单213的资源授权名单中记载第一显示资源装置114,故已在云端账号服务器103中注册使用者账号的所有使用者均可存取第一显示资源装置114。As shown in the embodiment in FIG. 2B , the resource authorization list of the first friend authorization list 211 records the first storage resource device 112 , so the user corresponding to the user account in the first friend authorization list 211 has access to the first storage resource device 112 . A first authority of the storage resource device 112; the first storage resource device 112 is recorded in the resource authorization list of the first group list 212a, so the user corresponding to the user account in the first group list 212a has access to the first storage resource device 112. A first authority of the storage resource device 112; the resource authorization list of the second group list 212b records the first storage resource device 112, the first monitoring resource device 113, and the first display resource device 114, so it is different from the second group The user corresponding to the user account in the list 212b has the first authority to access the first storage resource device 112, the first monitoring resource device 113, and the first display resource device 114; the resource authorization list of the first other authorization list 213 The first display resource device 114 is described in , so all users who have registered user accounts in the cloud account server 103 can access the first display resource device 114 .

对于第一储存资源装置112,例如为传统硬盘(HDD)、固态硬盘(SSD)等储存装置,第一使用者110所开放的第一权限可包括但不限于档案夹设定权限、档案读取权限、档案写入权限、或其组合。在一些实施例中,该档案夹设定权限可还包括设定只读(Read)权限、设定可读写(Write)权限、或其组合。For the first storage resource device 112, such as a conventional hard disk (HDD), a solid-state disk (SSD) and other storage devices, the first permission opened by the first user 110 may include but not limited to folder setting permission, file reading permissions, file write permissions, or a combination thereof. In some embodiments, the folder setting permission may further include setting a read-only (Read) permission, setting a read-write (Write) permission, or a combination thereof.

对于第一监控资源装置113,例如为网络摄影机、监视录像机等,第一使用者110所开放的第一权限可包括但不限于实时监看(Liveview)权限、录像权限、回播(Playback)权限、系统参数设定、或其组合。For the first monitoring resource device 113, such as a network camera, a monitoring video recorder, etc., the first permission opened by the first user 110 may include, but is not limited to, the Liveview permission, the recording permission, and the Playback permission. , system parameter settings, or a combination thereof.

对于第一显示资源装置114,例如为屏幕显示设备等,第一使用者110所开放的第一权限可包括但不限于允许接收推播多媒体权限、允许被同步播放远程物联网装置播放内容权限、或其组合。For the first display resource device 114, such as a screen display device, etc., the first permission opened by the first user 110 may include, but is not limited to, permission to receive push multimedia, permission to be synchronously played by remote IoT devices, permission to play content, or a combination thereof.

应当理解,虽然上方说明是具体指出第一使用者、第一物联网装置、及第一周边装置,但本发明并不限于此,上述内容亦适用于其他使用者(例如,第二使用者120)、其对应的物联网装置(例如,第二物联网装置121)、及相关的周边装置。It should be understood that although the above description specifically refers to the first user, the first IoT device, and the first peripheral device, the present invention is not limited thereto, and the above-mentioned content is also applicable to other users (for example, the second user 120 ). ), its corresponding IoT device (eg, the second IoT device 121 ), and related peripheral devices.

另外,当物联网装置与云端101通信连接时,可从云端101下载并储存各授权列表(例如,朋友授权列表、群组授权列表、或其他授权列表)所列授权使用者的对应使用者账号信息。当物联网装置与云端101断线(即,未通信连接)时,物联网装置可由先前下载并储存的授权使用者账号信息,使当前授权使用者账号信息版本的经授权使用者能够取得周边装置的访问权限。In addition, when the IoT device is communicatively connected to the cloud 101, the cloud 101 can download and store the corresponding user accounts of authorized users listed in each authorization list (eg, friend authorization list, group authorization list, or other authorization list) information. When the IoT device is disconnected from the cloud 101 (ie, not connected in communication), the IoT device can use the previously downloaded and stored authorized user account information, so that the authorized user of the current version of the authorized user account information can obtain peripheral devices access rights.

承上所述,在物联网装置与云端101断线(即,未通信连接)期间,若各授权列表的使用者账号信息有进行更动,则在物联网装置与云端101重新通信连接即会同步(例如,再次下载)更新的使用者账号信息,使更新授权用户账号信息版本的经授权使用者能够取得周边装置的存取权限。As mentioned above, during the disconnection between the IoT device and the cloud 101 (ie, no communication connection), if the user account information of each authorization list is changed, the IoT device and the cloud 101 will be reconnected to communicate with each other. Synchronizing (eg, re-downloading) the updated user account information enables authorized users who update the version of the authorized user account information to gain access rights to peripheral devices.

如图1所显示,由于第一使用者110具有第一物联网装置及其连接的资源装置的所有操作权限(即,第一权限),故该第一使用者110可进行下列动作:存取该第一储存资源装置112中的内容或利用该第一显示资源装置114播放该第一储存资源装置112中的内容、以输入与输出装置(例如,行动装置、个人计算机、笔记本电脑、PAD等)或第一显示资源装置114实时播放该第一监控资源装置113的实时影像内容、将该第一监控资源装置113所录制的内容储存至该第一储存资源装置112、以及回播储存在该第一储存资源装置112中的该第一监控资源装置113所录制的该内容。As shown in FIG. 1 , since the first user 110 has all the operation rights (ie, the first rights) of the first IoT device and its connected resource devices, the first user 110 can perform the following actions: access The content in the first storage resource device 112 or the first display resource device 114 is used to play the content in the first storage resource device 112 to input and output devices (eg, mobile devices, personal computers, notebook computers, PADs, etc. ) or the first display resource device 114 plays the real-time video content of the first monitoring resource device 113 in real time, stores the content recorded by the first monitoring resource device 113 in the first storage resource device 112, and replays the content stored in the first monitoring resource device 112. The content recorded by the first monitoring resource device 113 in the first storage resource device 112 is stored.

在一实施例中,第一使用者110可例如利用上述的第一授权列表、朋友授权清单、群组授权清单、或其他授权清单将第一权限授权给第二使用者120。在此实施例中,由于第二使用者120具有第一权限,故可进行下列动作:以输入与输出装置或第一显示资源装置114实时播放该第一监控资源装置113的实时影像内容、以输入与输出装置或第一显示资源装置114回播储存在该第一储存资源装置112中的该第一监控资源装置113所录制的内容、或是存取第一储存资源装置112中的内容。In one embodiment, the first user 110 may, for example, use the above-mentioned first authorization list, friend authorization list, group authorization list, or other authorization list to authorize the first permission to the second user 120 . In this embodiment, since the second user 120 has the first authority, the following actions can be performed: the input and output device or the first display resource device 114 is used to play the real-time image content of the first monitoring resource device 113 in real time; The input and output device or the first display resource device 114 plays back the content recorded by the first monitoring resource device 113 stored in the first storage resource device 112 , or accesses the content in the first storage resource device 112 .

在另一实施例中,如图1的实施例中所显示,物联网系统可还包括第三使用者130、第三物联网装置131、第三储存资源装置132、第三监控资源装置133、或第三显示资源装置134,其各自相对关系如上方所述,故不再此赘述。在此实施例中,当第二使用者120取得第一权限时,可进行下列动作:利用第一显示资源装置114播放第一储存资源装置112中的内容、利用第二显示资源装置124播放第一储存资源装置112中的内容、以及利用第二显示资源装置124以播放该第一监控资源装置113的实时影像内容。In another embodiment, as shown in the embodiment of FIG. 1 , the IoT system may further include a third user 130 , a third IoT device 131 , a third storage resource device 132 , a third monitoring resource device 133 , Or the third display resource device 134, the relative relationship of which is as described above, so it will not be repeated here. In this embodiment, when the second user 120 obtains the first permission, the following actions can be performed: using the first display resource device 114 to play the content in the first storage resource device 112 , and using the second display resource device 124 to play the content in the first storage resource device 112 . A content in the resource device 112 is stored, and the real-time video content of the first monitoring resource device 113 is played by using the second display resource device 124 .

在进一步实施例中,第一使用者110及第三使用者130分别将周边装置权限授权给第二使用者120。换言之,第二使用者120取得第一权限和第三权限,此时第二使用者120可进行下列动作:利用第一显示资源装置114、第二显示资源装置124、和/或第三显示资源装置134同步播放第一显示资源装置114和/或第三显示资源装置134的相同内容;将第一储存资源装置112、第二储存资源装置122、和/或第三储存资源装置132中的内容播放至该第一显示资源装置114和/或第三显示资源装置134。In a further embodiment, the first user 110 and the third user 130 respectively authorize the peripheral device authority to the second user 120 . In other words, when the second user 120 obtains the first permission and the third permission, the second user 120 can perform the following actions: use the first display resource device 114, the second display resource device 124, and/or the third display resource The device 134 plays the same content of the first display resource device 114 and/or the third display resource device 134 synchronously; Play to the first display resource device 114 and/or the third display resource device 134 .

在其他进一步实施例中,第二使用者120取得第一权限和第三权限,此时第二使用者120可进行下列动作:存取第一储存资源装置112、和/或第三储存资源装置132中的内容;将第一监控资源装置113、第二监控资源装置123、和/或第三监控资源装置133所录制的影像内容储存至第一储存资源装置112和/或第三储存资源装置132。通过本实施方式,由于可将各监控资源装置所录制的影像内容储存至其他使用者的储存资源装置中,故例如第二使用者120的第二监控资源装置123遭窃贼破坏时,由第二监控资源装置123录制的内容可储存在第一储存资源装置112和/或第三储存资源装置132中,以保存犯罪证据而不会连带被窃贼损毁。In other further embodiments, when the second user 120 obtains the first permission and the third permission, the second user 120 can perform the following actions: accessing the first storage resource device 112 and/or the third storage resource device 132; store the video content recorded by the first monitoring resource device 113, the second monitoring resource device 123, and/or the third monitoring resource device 133 to the first storage resource device 112 and/or the third storage resource device 132. With this embodiment, since the video content recorded by each monitoring resource device can be stored in the storage resource device of other users, for example, when the second monitoring resource device 123 of the second user 120 is damaged by a thief, the second monitoring resource device 123 of the second user 120 can be The content recorded by the monitoring resource device 123 can be stored in the first storage resource device 112 and/or the third storage resource device 132 so as to preserve criminal evidence without being damaged by thieves.

本文所提及的术语“通信连接”均可经过加密函数提高数据安全性,以确保传送信息不被黑客所破解。下方段落将进一步叙述本文的物联网结构所应用的加密方法。The term "communication connection" mentioned in this article can improve data security through encryption function to ensure that the transmitted information cannot be cracked by hackers. The following paragraphs will further describe the encryption method applied to the IoT structure of this paper.

在一实施例中,云端101的云端账号服务器103或其他服务器(例如,云端机器服务器102、STUN云端服务器104、或P2P信息交换云端服务器105)各自可拥有一私钥、以及与此私钥对应的公钥。举例来说,云端账号服务器103可具有云端账号服务器私钥、以及与此私钥对应的云端账号服务器公钥。In one embodiment, the cloud account server 103 of the cloud 101 or other servers (for example, the cloud machine server 102, the STUN cloud server 104, or the P2P information exchange cloud server 105) can each have a private key and a private key corresponding to the private key. 's public key. For example, the cloud account server 103 may have a cloud account server private key and a cloud account server public key corresponding to the private key.

使用者各自可拥有输出及输入装置(例如,移动电话、个人计算机、笔记本电脑、PAD等),其中该输出及输入装置具有其专属的私钥、以及与此私钥对应的公钥。举例来说,第一使用者110可拥有第一输出及输入装置(例如,移动电话),该第一输出及输入装置具有其专属的第一输出及输入装置私钥、以及与此私钥对应的第一输出及输入装置公钥。另外,每一使用者可不仅拥有单一输出及输入装置,而是可拥有不限数量的输出及输入装置,且各输出及输入装置均具有其专属的私钥、以及与此私钥对应的公钥。Each user may have an output and input device (eg, mobile phone, personal computer, laptop, PAD, etc.), wherein the output and input device has its own private key, and a public key corresponding to this private key. For example, the first user 110 may have a first output and input device (eg, a mobile phone) that has its own first output and input device private key and corresponds to this private key The first output and input device public key. In addition, each user can have not only a single output and input device, but an unlimited number of output and input devices, and each output and input device has its own private key and a public key corresponding to the private key. key.

同样地,与各使用者对应的物联网装置亦可分别具有其专属的私钥、以及与此私钥对应的公钥。举例来说,第一物联网装置111可具有第一物联网装置私钥、以及与此私钥对应的第一物联网装置公钥。Similarly, the IoT device corresponding to each user may also have its own private key and a public key corresponding to the private key. For example, the first IoT device 111 may have a first IoT device private key and a first IoT device public key corresponding to the private key.

类似地,与各物联网装置通信连接的周边装置亦可分别具有其专属的私钥、以及与此私钥对应的公钥。举例来说,第一监控资源装置113可具有第一监控资源装置私钥、以及与此私钥对应的第一监控资源装置公钥。Similarly, peripheral devices communicatively connected to each IoT device may also have their own private keys and public keys corresponding to the private keys. For example, the first monitoring resource device 113 may have a first monitoring resource device private key and a first monitoring resource device public key corresponding to the private key.

在此实施例中,当第一使用者110以第一输出及输入装置与第一物联网装置111通信连接时,第一输出及输入装置与第一物联网装置111将会使用彼此拥有的私钥与公钥(即,第一输出及输入装置私钥、第一输出及输入装置公钥、第一物联网装置私钥、与第一物联网装置公钥),运用信息安全领域中惯用的密码学算法建立双方加密通信信道来传递资料,所有明文资料传送前,皆先加密再传递,以确保中间传递资料的其他服务器无法得知传递资料内容,只有通信双方能解密得到明文。应当理解,虽然上述是以第一输出及输入装置与第一物联网装置111作为示例进行说明,但本发明并不限于此,第一输出及输入装置亦可与第二物联网装置121、或其他物联网装置通信连接,而仍适用上述的加密步骤。In this embodiment, when the first user 110 uses the first output and input device to communicate with the first Internet of Things device 111, the first output and input device and the first Internet of Things device 111 will use the private data owned by each other. key and public key (i.e., the first output and input device private key, the first output and input device public key, the first IoT device private key, and the first IoT device public key), using the commonly used in the field of information security The cryptographic algorithm establishes an encrypted communication channel between the two parties to transmit data. All plaintext data are encrypted and then transmitted before transmission, so as to ensure that other servers that transmit the data in the middle cannot know the content of the transmitted data, and only the two communicating parties can decrypt the plaintext. It should be understood that although the above description takes the first output and input device and the first IoT device 111 as an example, the present invention is not limited to this, and the first output and input device can also be connected with the second IoT device 121, or For other IoT devices to communicate with each other, the above encryption steps still apply.

在此实施例中,上述加密步骤还可应用于各物联网装置之间的通信连接、云端101(包括各云端服务器)与各物联网装置之间、云端101各服务器之间、各物联网装置与其连接周边装置之间的通信连接、以及第一输出及输入装置与各云端服务器之间的通信连接。此外,在上述加密步骤的密码学算法中可加入时间戳(timestamp)、随机数或伪随机数(nonce)的其中之一,来避免双方之间传递数据时被重送攻击。In this embodiment, the above encryption step can also be applied to the communication connection between various IoT devices, between the cloud 101 (including each cloud server) and each IoT device, between each server in the cloud 101, and each IoT device Communication connection between peripheral devices connected thereto, and communication connection between the first output and input device and each cloud server. In addition, one of a timestamp, a random number or a pseudo-random number (nonce) can be added to the cryptographic algorithm of the above encryption step to avoid retransmission attacks when data is transmitted between the two parties.

另外,当物联网装置所连接的周边装置发生异常时,物联网装置可通过系统事先设定的异常信息接收人员名单,自动将周边装置的异常信息推播给异常信息接收人员,使该异常信息接收人员可进行异常排除处理或更换异常装置。In addition, when the peripheral device connected to the IoT device is abnormal, the IoT device can automatically push the abnormal information of the peripheral device to the abnormal information receiver through the list of abnormal information receivers set in advance by the system, so that the abnormal information Receiving personnel can carry out abnormal removal processing or replace abnormal devices.

应当理解的是,在本文中所使用的术语“对应”、“拥有”、“绑定”是具有类似涵义,故可在本文中交换使用。It should be understood that the terms "corresponding," "owning," and "binding" as used herein have similar meanings and may be used interchangeably herein.

本发明所揭露的物联网系统是以云端账号服务器中的使用者账号作为判断授权的依据,故当执行授权行为时,物联网装置拥有者不需建立被授权人账户,而因此节省大量时间。另外,使用者可使用单一对应使用者账号,即能管理或存取经授权的多个物联网装置及其连接的多个周边装置,可达到节省步骤、省去账号管理的优点。本发明亦提出群组授权架构,方便物联网装置管理者依相同授权权限分别建立不同群组,管理者可以针对不同群组授权给予周边装置对应权限,节省逐一对每一个相同权限使用者分别进行授权动作,节省管理时间。此外,在本发明所揭露的物联网系统中。云端账号服务器仅用于管理验证授权所使用的使用者账号,在各物联网装置所连接的周边装置之中的资料、数据并不会经过云端,仅会在经授权的物联网装置之间传递,并利用上述加密步骤增加通信连接的安全性,故能够建立以安全为导向暨群组分享的物联网系统。The IoT system disclosed in the present invention uses the user account in the cloud account server as the basis for judging authorization, so when performing the authorization behavior, the IoT device owner does not need to establish an authorized person account, thus saving a lot of time. In addition, the user can use a single corresponding user account, that is, can manage or access authorized multiple IoT devices and multiple connected peripheral devices, which can save steps and save account management. The present invention also proposes a group authorization structure, which is convenient for IoT device administrators to create different groups according to the same authorization authority. Authorize actions to save management time. In addition, in the Internet of Things system disclosed in the present invention. The cloud account server is only used to manage the user accounts used for authentication and authorization. The data and data in the peripheral devices connected to each IoT device will not pass through the cloud, but will only be transmitted between authorized IoT devices , and use the above encryption steps to increase the security of the communication connection, so a security-oriented and group sharing IoT system can be established.

虽然本发明已参考较佳实施例及图式详加说明,但其仅为举例性者而非用以限定本发明。本发明所属技术领域中具有基本常识的人,在不脱离本发明的精神与范畴的情况下,可进行各种修改、变化以及等效替代。故本发明的保护范围当以随附的申请专利范围所界定者为准。Although the present invention has been described in detail with reference to the preferred embodiments and drawings, they are only illustrative and not intended to limit the present invention. Those with basic common sense in the technical field to which the present invention pertains can make various modifications, changes and equivalent substitutions without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention should be defined by the appended patent application scope.

Claims (35)

1.一种物联网系统,其特征在于,包括:1. an internet of things system, is characterized in that, comprises: 一云端账号服务器,配置以管理与多个使用者各自对应的多个使用者账号,其中各使用者能向所述云端账号服务器申请各自的所述使用者账号,且所述多个使用者包括第一使用者;a cloud account server configured to manage multiple user accounts corresponding to multiple users, wherein each user can apply for the respective user account from the cloud account server, and the multiple users include the first user; 多个物联网装置,各物联网装置分别与所述云端账号服务器通信连接,其中所述多个物联网装置包括与所述第一使用者对应的第一物联网装置,且所述第一物联网装置配置以保存由所述第一使用者所设定的第一授权列表;以及A plurality of IoT devices, each IoT device is respectively connected to the cloud account server in communication, wherein the plurality of IoT devices includes a first IoT device corresponding to the first user, and the first IoT device a networked device configured to maintain a first authorization list set by the first user; and 多个周边装置,所述多个周边装置包括与所述第一物联网装置直接连接或通信连接的第一周边装置,a plurality of peripheral devices, the plurality of peripheral devices including a first peripheral device directly connected or communicatively connected to the first Internet of Things device, 其中,所述第一物联网装置是基于所述第一授权列表以判定其他使用者是否具有存取所述第一周边装置的第一权限。The first Internet of Things device determines whether other users have the first permission to access the first peripheral device based on the first authorization list. 2.根据权利要求1所述的物联网系统,其特征在于,所述第一周边装置包括第一储存资源装置、第一监控资源装置、或第一显示资源装置的至少之一。2 . The IoT system according to claim 1 , wherein the first peripheral device comprises at least one of a first storage resource device, a first monitoring resource device, or a first display resource device. 3 . 3.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一储存资源装置时,所述第一权限包括所述第一储存资源装置中的档案夹设定权限、档案读取权限、档案写入权限、或其组合。3 . The Internet of Things system according to claim 2 , wherein when the first peripheral device includes the first storage resource device, the first permission includes a file in the first storage resource device. 4 . Folder setting permissions, file read permissions, file write permissions, or a combination thereof. 4.根据权利要求3所述的物联网系统,其特征在于,所述档案夹设定权限包括设定只读权限、设定可读写权限、或其组合。4 . The Internet of Things system according to claim 3 , wherein the folder setting authority includes setting a read-only authority, setting a read-write authority, or a combination thereof. 5 . 5.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一监控资源装置时,所述第一权限包括实时监看权限、录像权限、回播权限、系统参数设定、或其组合。5 . The Internet of Things system according to claim 2 , wherein when the first peripheral device includes the first monitoring resource device, the first authority includes real-time monitoring authority, recording authority, playback authority, and playback authority. 6 . permissions, system parameter settings, or a combination thereof. 6.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一显示资源装置时,所述第一权限包括允许接收推播多媒体权限、允许被同步播放远程物联网装置播放内容权限、或其组合。6 . The Internet of Things system according to claim 2 , wherein when the first peripheral device includes the first display resource device, the first permission includes permission to receive push multimedia, permission to be synchronized Play content rights, or a combination thereof, from the remote IoT device. 7.根据权利要求1所述的物联网系统,其特征在于,所述第一使用者从所述多个使用者账号中进行选择以建立第一使用者朋友清单。7 . The Internet of Things system of claim 1 , wherein the first user selects from the plurality of user accounts to create a first user friend list. 8 . 8.根据权利要求7所述的物联网系统,其特征在于,所述第一授权列表中还包括:8. The Internet of Things system according to claim 7, wherein the first authorization list further comprises: 第一朋友授权清单,配置以保存由所述第一使用者从所述第一使用者朋友清单进一步选择的至少一使用者账号,以将所述第一权限授权给与所述至少一使用者账号对应的使用者。a first friend authorization list configured to hold at least one user account further selected by the first user from the first user friend list to authorize the first authorization to the at least one user User corresponding to the account. 9.根据权利要求1所述的物联网系统,其特征在于,所述第一使用者从所述多个使用者账号中进行选择以建立第一使用者群组清单。9 . The IoT system of claim 1 , wherein the first user selects from the plurality of user accounts to create a first user group list. 10 . 10.根据权利要求9所述的物联网系统,其特征在于,所述第一授权列表中还包括:10. The Internet of Things system according to claim 9, wherein the first authorization list further comprises: 第一群组授权清单,配置以保存由所述第一使用者从所述第一使用者群组清单进一步选择的至少一群组,以将所述第一权限授权给与所述至少一群组中的使用者账号对应的使用者。a first group authorization list configured to store at least one group further selected by the first user from the first user group list to authorize the first authorization to the at least one group The user corresponding to the user account in the group. 11.根据权利要求1所述的物联网系统,其特征在于,所述第一授权列表中还包括:11. The Internet of Things system according to claim 1, wherein the first authorization list further comprises: 第一其他授权清单,配置以保存由所述云端账号服务器所管理的所述多个使用者账号,以将所述第一权限授权给全部的所述多个使用者。The first other authorization list is configured to store the plurality of user accounts managed by the cloud account server, so as to authorize the first authority to all of the plurality of users. 12.根据权利要求1所述的物联网系统,其特征在于,还包括:12. The Internet of Things system according to claim 1, further comprising: 一云端机器服务器,配置以注册与所述多个物联网装置分别对应的多个标识符以及与所述多个标识符分别对应的多个使用者账号的信息。A cloud machine server configured to register a plurality of identifiers respectively corresponding to the plurality of IoT devices and information of a plurality of user accounts corresponding to the plurality of identifiers respectively. 13.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一储存资源装置时,所述第一使用者能够存取所述第一储存资源装置中的内容。13. The Internet of Things system according to claim 2, wherein when the first peripheral device includes the first storage resource device, the first user can access the first storage resource device content in . 14.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一储存资源装置与所述第一显示资源装置时,所述第一使用者能够利用所述第一显示资源装置播放所述第一储存资源装置中的内容。14. The Internet of Things system according to claim 2, wherein when the first peripheral device includes the first storage resource device and the first display resource device, the first user can use the The first display resource device plays the content in the first storage resource device. 15.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一监控资源装置与所述第一储存资源装置时,下列至少之一会被执行:15. The IoT system according to claim 2, wherein when the first peripheral device includes the first monitoring resource device and the first storage resource device, at least one of the following is executed: 所述第一使用者能够实时播放所述第一监控资源装置的实时影像内容;The first user can play the real-time image content of the first monitoring resource device in real time; 所述第一使用者能够将所述第一监控资源装置所录制的内容储存至所述第一储存资源装置;The first user can store the content recorded by the first monitoring resource device to the first storage resource device; 所述第一使用者能够回播储存在所述第一储存资源装置中的所述第一监控资源装置所录制的内容;The first user can play back the content recorded by the first monitoring resource device stored in the first storage resource device; 当第二使用者具有所述第一权限时,所述第二使用者能够实时播放所述第一监控资源装置的实时影像内容;或者When the second user has the first permission, the second user can play the real-time video content of the first monitoring resource device in real time; or 当所述第二使用者具有所述第一权限时,所述第二使用者能够回播储存在所述第一储存资源装置中的所述第一监控资源装置所录制的内容。When the second user has the first permission, the second user can play back the content recorded by the first monitoring resource device stored in the first storage resource device. 16.根据权利要求2所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一储存资源装置且当第二使用者具有所述第一权限时,第二使用者能够存取所述第一储存资源装置中的内容。16 . The Internet of Things system according to claim 2 , wherein when the first peripheral device includes the first storage resource device and the second user has the first authority, the second user Content in the first storage resource device can be accessed. 17.根据权利要求2所述的物联网系统,其特征在于,17. The Internet of Things system according to claim 2, characterized in that, 所述多个物联网装置还包括与第二使用者对应的第二物联网装置,且所述第二物联网装置配置以保存由所述第二使用者所设定的第二授权列表;The plurality of IoT devices further include a second IoT device corresponding to a second user, and the second IoT device is configured to store a second authorization list set by the second user; 所述多个周边装置还包括与所述第二物联网装置直接连接或通信连接的第二周边装置,The plurality of peripheral devices further include a second peripheral device directly or communicatively connected to the second IoT device, 其中,所述第二物联网装置是基于所述第二授权列表加以判定其他使用者是否具有存取所述第二周边装置的第二权限,且所述第二周边装置包括第二储存资源装置、第二监控资源装置、或第二显示资源装置的至少之一;Wherein, the second IoT device determines whether other users have the second permission to access the second peripheral device based on the second authorization list, and the second peripheral device includes a second storage resource device , at least one of a second monitoring resource device, or a second display resource device; 所述多个物联网装置还包括与第三使用者对应的第三物联网装置,且所述第三物联网装置配置以保存由所述第三使用者所设定的第三授权列表;以及The plurality of IoT devices further include a third IoT device corresponding to a third user, and the third IoT device is configured to store a third authorization list set by the third user; and 所述多个周边装置还包括与所述第三物联网装置直接连接或通信连接的第三周边装置,The plurality of peripheral devices further include a third peripheral device directly or communicatively connected to the third IoT device, 其中,所述第三物联网装置是基于所述第三授权列表加以判定其他使用者是否具有存取所述第三周边装置的第三权限,且所述第三周边装置包括第三储存资源装置、第三监控资源装置、或第三显示资源装置的至少之一。Wherein, the third IoT device determines whether other users have a third authority to access the third peripheral device based on the third authorization list, and the third peripheral device includes a third storage resource device , at least one of a third monitoring resource device, or a third display resource device. 18.根据权利要求17所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一储存资源装置、所述第一显示资源装置、及所述第一监控资源装置,所述第二周边装置包括所述第二显示资源装置,且所述第二使用者具有所述第一权限时,下列至少之一会被执行:18. The IoT system according to claim 17, wherein when the first peripheral device comprises the first storage resource device, the first display resource device, and the first monitoring resource device, When the second peripheral device includes the second display resource device, and the second user has the first permission, at least one of the following will be executed: 所述第二使用者能够利用所述第一显示资源装置播放所述第一储存资源装置中的内容;The second user can use the first display resource device to play the content in the first storage resource device; 所述第二使用者能够利用所述第二显示资源装置播放所述第一储存资源装置中的内容;The second user can use the second display resource device to play the content in the first storage resource device; 所述第二使用者能够利用所述第二显示资源装置以播放所述第一监控资源装置的实时影像内容;The second user can use the second display resource device to play the real-time image content of the first monitoring resource device; 所述第二使用者能够利用所述第二显示资源装置回播储存在所述第一储存资源装置中的所述第一监控资源装置所录制的内容。The second user can use the second display resource device to play back the content recorded by the first monitoring resource device stored in the first storage resource device. 19.根据权利要求17所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一显示资源装置,所述第二周边装置包括所述第二显示资源装置,所述第三周边装置包括所述第三显示资源装置,且所述第二使用者具有所述第一权限与所述第三权限时,下列至少之一会被执行:19 . The Internet of Things system according to claim 17 , wherein when the first peripheral device includes the first display resource device, and the second peripheral device includes the second display resource device, the When the third peripheral device includes the third display resource device, and the second user has the first permission and the third permission, at least one of the following will be executed: 所述第二使用者能够利用所述第二显示资源装置同步播放所述第一显示资源装置的相同内容;The second user can use the second display resource device to synchronously play the same content of the first display resource device; 所述第二使用者能够利用所述第二显示资源装置同步播放所述第三显示资源装置的相同内容;The second user can use the second display resource device to synchronously play the same content of the third display resource device; 所述第二使用者能够利用所述第三显示资源装置同步播放所述第一显示资源装置的相同内容;The second user can use the third display resource device to synchronously play the same content of the first display resource device; 所述第二使用者能够利用所述第一显示资源装置同步播放所述第三显示资源装置的相同内容。The second user can use the first display resource device to synchronously play the same content of the third display resource device. 20.根据权利要求17所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一显示资源装置及所述第一储存资源装置,所述第二周边装置包括所述第二显示资源装置及所述第二储存资源装置,第三周边装置包括所述第三显示资源装置及所述第三储存资源装置,且所述第二使用者具有所述第一权限与所述第三权限时,下列至少之一会被执行:20 . The Internet of Things system according to claim 17 , wherein when the first peripheral device includes the first display resource device and the first storage resource device, the second peripheral device includes the The second display resource device and the second storage resource device, the third peripheral device includes the third display resource device and the third storage resource device, and the second user has the first authority and all When the third authority is specified, at least one of the following will be executed: 所述第二使用者能够将所述第二储存资源装置中的内容播放至所述第一显示资源装置;The second user can play the content in the second storage resource device to the first display resource device; 所述第二使用者能够将所述第二储存资源装置中的所述内容播放至所述第三显示资源装置;The second user can play the content in the second storage resource device to the third display resource device; 所述第二使用者能够将所述第一储存资源装置中的内容播放至所述第三显示资源装置;The second user can play the content in the first storage resource device to the third display resource device; 所述第二使用者能够将所述第三储存资源装置中的内容播放至所述第一显示资源装置。The second user can play the content in the third storage resource device to the first display resource device. 21.根据权利要求17所述的物联网系统,其特征在于,当所述第一周边装置包括所述第一监控资源装置及所述第一储存资源装置,所述第二周边装置包括所述第二监控资源装置及所述第二储存资源装置,第三周边装置包括所述第三监控资源装置及所述第三储存资源装置,且当所述第二使用者具有所述第一权限与所述第三权限时,下列至少之一会被执行:21 . The Internet of Things system according to claim 17 , wherein when the first peripheral device includes the first monitoring resource device and the first storage resource device, the second peripheral device includes the The second monitoring resource device and the second storage resource device, the third peripheral device includes the third monitoring resource device and the third storage resource device, and when the second user has the first permission and When the third authority is used, at least one of the following will be executed: 所述第二使用者能够存取所述第一储存资源装置中的内容;the second user can access the content in the first storage resource device; 所述第二使用者能够存取所述第三储存资源装置中的内容;the second user can access the content in the third storage resource device; 所述第二使用者能够将所述第一监控资源装置所录制的影像内容储存至所述第一储存资源装置中;The second user can store the video content recorded by the first monitoring resource device in the first storage resource device; 所述第二使用者能够将所述第二监控资源装置所录制的影像内容储存至所述第一储存资源装置中;The second user can store the video content recorded by the second monitoring resource device in the first storage resource device; 所述第二使用者能够将所述第三监控资源装置所录制的影像内容储存至所述第一储存资源装置中;The second user can store the video content recorded by the third monitoring resource device in the first storage resource device; 所述第二使用者能够将所述第一监控资源装置所录制的影像内容储存至所述第三储存资源装置中;The second user can store the video content recorded by the first monitoring resource device in the third storage resource device; 所述第二使用者能够将所述第二监控资源装置所录制的影像内容储存至所述第三储存资源装置中;The second user can store the video content recorded by the second monitoring resource device in the third storage resource device; 所述第二使用者能够将所述第三监控资源装置所录制的影像内容储存至所述第三储存资源装置中。The second user can store the video content recorded by the third monitoring resource device in the third storage resource device. 22.根据权利要求1所述的物联网系统,其特征在于,还包括:22. The Internet of Things system according to claim 1, further comprising: 一云端机器服务器;a cloud machine server; 一STUN云端服务器;及a STUN cloud server; and 一P2P信息交换云端服务器,其中A P2P information exchange cloud server, in which 所述云端账号服务器还包括云端账号服务器私钥、以及与所述云端账号服务器私钥对应的云端账号服务器公钥;所述云端机器服务器还包括云端机器服务器私钥、以及与所述云端机器服务器私钥对应的云端机器服务器公钥;所述STUN云端服务器还包括STUN云端机器服务器私钥、以及与所述STUN云端服务器私钥对应的STUN云端服务器公钥;所述P2P信息交换云端服务器还包括P2P信息交换云端服务器私钥、以及与所述P2P信息交换云端服务器私钥对应的P2P信息交换云端服务器公钥;The cloud account server further includes the cloud account server private key and the cloud account server public key corresponding to the cloud account server private key; the cloud machine server further includes the cloud machine server private key, and the cloud machine server the cloud server public key corresponding to the private key; the STUN cloud server further includes the STUN cloud server private key and the STUN cloud server public key corresponding to the STUN cloud server private key; the P2P information exchange cloud server also includes The P2P information exchange cloud server private key, and the P2P information exchange cloud server public key corresponding to the P2P information exchange cloud server private key; 所述多个使用者各自还具有对应的输出与输入设备,其中所述第一使用者具有第一输出及输入装置,所述第一输出及输入装置包括第一输出及输入装置私钥、以及与所述第一输出及输入装置私钥对应的第一输出及输入装置公钥;Each of the plurality of users also has a corresponding output and input device, wherein the first user has a first output and input device, the first output and input device includes a first output and input device private key, and a first output and input device public key corresponding to the first output and input device private key; 所述多个物联网装置还包括与第二使用者对应的第二物联网装置,其中所述第一物联网装置包括第一物联网装置私钥、以及与所述第一物联网装置私钥对应的第一物联网装置公钥,且所述第二物联网装置包括第二物联网装置私钥、以及与所述第二物联网装置私钥对应的第二物联网装置公钥;以及The plurality of IoT devices further include a second IoT device corresponding to a second user, wherein the first IoT device includes a private key of the first IoT device and a private key associated with the first IoT device a corresponding first IoT device public key, and the second IoT device includes a second IoT device private key and a second IoT device public key corresponding to the second IoT device private key; and 所述第一周边装置还包括第一周边装置私钥、以及与所述第一周边装置私钥对应的第一周边装置公钥。The first peripheral device further includes a first peripheral device private key and a first peripheral device public key corresponding to the first peripheral device private key. 23.根据权利要求22所述的物联网系统,其特征在于,当所述第一输出及输入装置与所述第一物联网装置通信连接时,利用所述第一输出及输入装置私钥、所述第一输出及输入装置公钥、所述第一物联网装置私钥、及所述第一物联网装置公钥,运用密码学算法以建立加密通信通道;以及与在所述第一输出及输入装置或所述第一物联网装置能解密加密信息。23. The Internet of Things system according to claim 22, wherein when the first output and input device is communicatively connected to the first Internet of Things device, the first output and input device private key, The first output and input device public key, the first Internet of Things device private key, and the first Internet of Things device public key, using a cryptographic algorithm to establish an encrypted communication channel; and with the first output And the input device or the first IoT device can decrypt the encrypted information. 24.根据权利要求22所述的物联网系统,其特征在于,当所述第一输出及输入装置与所述第二物联网装置通信连接时,利用所述第一输出及输入装置私钥、所述第一输出及输入装置公钥、所述第二物联网装置私钥、及所述第二物联网装置公钥,运用密码学算法以建立加密通信通道;以及与在所述第一输出及输入装置或所述第二物联网装置能解密加密信息。24. The IoT system according to claim 22, wherein when the first output and input device is communicatively connected to the second IoT device, the first output and input device private key, The first output and input device public key, the second IoT device private key, and the second IoT device public key, using a cryptographic algorithm to establish an encrypted communication channel; and with the first output And the input device or the second IoT device can decrypt the encrypted information. 25.根据权利要求22所述的物联网系统,其特征在于,当所述第一物联网装置与所述第二物联网装置通信连接时,利用所述第一物联网装置私钥、所述第一物联网装置公钥、所述第二物联网装置私钥、及所述第二物联网装置公钥,运用密码学算法以建立加密通信通道;以及与在所述第一物联网装置或所述第二物联网装置能解密加密信息。25. The Internet of Things system according to claim 22, wherein when the first Internet of Things device is communicatively connected to the second Internet of Things device, the private key of the first Internet of Things device, the The first IoT device public key, the second IoT device private key, and the second IoT device public key use a cryptographic algorithm to establish an encrypted communication channel; and communicate with the first IoT device or The second IoT device is capable of decrypting encrypted information. 26.根据权利要求22所述的物联网系统,其特征在于,当所述云端账号服务器与所述第一物联网装置通信连接时,利用所述云端账号服务器私钥、所述云端账号服务器公钥、所述第一物联网装置私钥、及所述第一物联网装置公钥,运用密码学算法以建立加密通信通道;以及与在所述云端账号服务器或所述第一物联网装置能解密加密信息。26. The Internet of Things system according to claim 22, wherein when the cloud account server is communicatively connected to the first Internet of Things device, the cloud account server private key and the cloud account server public key are used. key, the private key of the first Internet of Things device, and the public key of the first Internet of Things device, and use a cryptographic algorithm to establish an encrypted communication channel; and communicate with the cloud account server or the first Internet of Things device. Decrypt encrypted information. 27.根据权利要求22所述的物联网系统,其特征在于,当所述第一输出及输入装置与所述云端账号服务器通信连接时,利用所述第一输出及输入装置私钥、所述第一输出及输入装置公钥、所述云端账号服务器私钥、及所述云端账号服务器公钥,运用密码学算法以建立加密通信通道;以及与在所述第一输出及输入装置或所述云端账号服务器能解密加密信息。27. The Internet of Things system according to claim 22, wherein when the first output and input device is communicatively connected to the cloud account server, the private key of the first output and input device, the private key of the first output and input device, the The public key of the first output and input device, the private key of the cloud account server, and the public key of the cloud account server, using a cryptographic algorithm to establish an encrypted communication channel; The cloud account server can decrypt encrypted information. 28.根据权利要求22所述的物联网系统,其特征在于,当所述第一物联网装置与所述第一周边装置通信连接时,利用所述第一物联网装置私钥、所述第一物联网装置公钥、所述第一周边装置私钥、及第一周边装置公钥,运用密码学算法以建立加密通信通道;以及与在所述第一物联网装置或所述第一周边装置能解密加密信息。28. The Internet of Things system according to claim 22, wherein when the first Internet of Things device is communicatively connected to the first peripheral device, the first Internet of Things device private key, the first An IoT device public key, the first peripheral device private key, and the first peripheral device public key, using a cryptographic algorithm to establish an encrypted communication channel; and communicating with the first IoT device or the first peripheral The device can decrypt encrypted information. 29.根据权利要求26所述的物联网系统,其特征在于,当所述云端账号服务器更换成云端机器服务器、STUN云端服务器、或P2P信息交换云端服务器的其中之一,亦用相同逻辑与所述第一物联网装置通信连接时,利用各自私钥与公钥,运用密码学算法分别建立加密通信通道;以及与各自加密通信通道的两端能分别解密加密信息。29. The Internet of Things system according to claim 26, wherein when the cloud account server is replaced with one of a cloud machine server, a STUN cloud server, or a P2P information exchange cloud server, the same logic is used as the When the first Internet of Things device is communicatively connected, an encrypted communication channel is established by using the respective private key and public key, and a cryptographic algorithm is used; and the encrypted information can be decrypted with both ends of the respective encrypted communication channel. 30.根据权利要求27所述的物联网系统,其特征在于,当所述云端账号服务器更换成云端机器服务器、STUN云端服务器、或P2P信息交换云端服务器的其中之一,亦用相同逻辑与所述第一输出及输入装置通信连接时,利用各自私钥与公钥,运用密码学算法分别建立加密通信通道;以及与各自加密通信通道的两端能分别解密加密信息。30. The Internet of Things system according to claim 27, wherein when the cloud account server is replaced with one of a cloud machine server, a STUN cloud server, or a P2P information exchange cloud server, the same logic is also used with all of them. When the first output and input devices are communicatively connected, the respective private keys and public keys are used to establish encrypted communication channels using cryptographic algorithms; and the encrypted information can be decrypted with both ends of the respective encrypted communication channels. 31.根据权利要求23至30中任一项所述的物联网系统,其特征在于,在所述加密通信通道中进一步加入时间戳、随机数或伪随机数的其中之一。31. The Internet of Things system according to any one of claims 23 to 30, wherein one of timestamp, random number or pseudo-random number is further added to the encrypted communication channel. 32.根据权利要求8所述的物联网系统,其特征在于,所述第一物联网装置从所述云端账号服务器下载并储存所述第一朋友授权清单中所保存的所述至少一使用者账号的信息。32. The IoT system according to claim 8, wherein the first IoT device downloads and stores the at least one user saved in the first friend authorization list from the cloud account server account information. 33.根据权利要求10所述的物联网系统,其特征在于,所述第一物联网装置从所述云端账号服务器下载并储存所述第一群组授权清单中的至少一群组中的所述使用者账号的信息。33. The Internet of Things system according to claim 10, wherein the first Internet of Things device downloads and stores all the data in at least one group in the first group authorization list from the cloud account server. information about the user account. 34.根据权利要求32或33所述的物联网系统,其特征在于,当所述第一物联网装置与所述云端账号服务器中断通信连接、且重新通信连接时,所述第一物联网装置再次下载并储存更新后的使用者账号信息。34. The Internet of Things system according to claim 32 or 33, wherein when the first Internet of Things device and the cloud account server disconnect the communication connection and reconnect the communication connection, the first Internet of Things device Download and save the updated user account information again. 35.根据权利要求1所述的物联网系统,其特征在于,当所述第一周边装置发生异常时,依据异常信息接收人员名单将所述第一周边装置的异常信息自动推播至异常信息接收人员。35. The Internet of Things system according to claim 1, wherein when an abnormality occurs in the first peripheral device, the abnormal information of the first peripheral device is automatically pushed and broadcasted to the abnormal information according to the abnormal information receiving personnel list. receiving personnel.
CN202111317680.6A 2020-12-25 2021-11-09 Internet of things system based on safety guide and group sharing Pending CN114697067A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TW109146142A TWI750973B (en) 2020-12-25 2020-12-25 Internet of things system based on security orientation and group sharing
TW109146142 2020-12-25

Publications (1)

Publication Number Publication Date
CN114697067A true CN114697067A (en) 2022-07-01

Family

ID=80681398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111317680.6A Pending CN114697067A (en) 2020-12-25 2021-11-09 Internet of things system based on safety guide and group sharing

Country Status (4)

Country Link
JP (1) JP7233773B2 (en)
CN (1) CN114697067A (en)
DE (1) DE102021131731A1 (en)
TW (1) TWI750973B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140081433A1 (en) * 2012-09-20 2014-03-20 Lg Electronics Inc. System for managing home appliances and push service method thereof
US20160087933A1 (en) * 2006-09-25 2016-03-24 Weaved, Inc. Techniques for the deployment and management of network connected devices
US20160112429A1 (en) * 2014-10-15 2016-04-21 Ayla Networks, Inc. Role based access control for connected consumer devices
KR101688812B1 (en) * 2016-04-18 2016-12-22 (주)케이사인 Method and system of authorizing/managing iot device based on owner's authorization server
CN107079002A (en) * 2014-10-17 2017-08-18 三星电子株式会社 Terminal and its operating method for Internet of Things
CN109361638A (en) * 2017-12-27 2019-02-19 广州Tcl智能家居科技有限公司 Smart machine control authority shared method, system and storage medium
US20190158353A1 (en) * 2006-09-25 2019-05-23 Weaved, Inc. Managing network connected devices
CN111937351A (en) * 2018-05-15 2020-11-13 三星电子株式会社 Method for connecting a plurality of electronic devices to a server through a hub and electronic device
JP2020536304A (en) * 2017-10-06 2020-12-10 ゼイジ セキュリティ インコーポレイテッド Enable multi-tenant data access on a single industrial network
JP2020202505A (en) * 2019-06-11 2020-12-17 大日本印刷株式会社 Cryptographic communication system, secure element, device, server, computer program, and cryptographic communication method

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7120691B2 (en) 2002-03-15 2006-10-10 International Business Machines Corporation Secured and access controlled peer-to-peer resource sharing method and apparatus
KR100949808B1 (en) 2007-12-07 2010-03-30 한국전자통신연구원 P2P traffic management device and method
US12457127B2 (en) * 2011-10-04 2025-10-28 Ei Electronics Llc Internet of things (IoT) intelligent electronic devices, systems and methods
US20130339441A1 (en) 2012-05-11 2013-12-19 Samsung Electronics Co., Ltd. Network system with sharing mechanism and method of operation thereof
JP6120650B2 (en) 2013-04-05 2017-04-26 キヤノン株式会社 Content management apparatus, content management method and program
US9788039B2 (en) 2014-06-23 2017-10-10 Google Inc. Camera system API for third-party integrations
CN105100190B (en) 2015-05-21 2019-05-10 小米科技有限责任公司 The methods, devices and systems that the control planning of account and equipment is managed
US10044674B2 (en) 2016-01-04 2018-08-07 Afero, Inc. System and method for automatic wireless network authentication in an internet of things (IOT) system
US10791172B2 (en) 2016-07-22 2020-09-29 Tinker Pte. Ltd. Systems and methods for interacting with nearby people and devices
JP2018061211A (en) 2016-10-07 2018-04-12 パナソニックIpマネジメント株式会社 Surveillance video analysis system and surveillance video analysis method
KR102758953B1 (en) * 2019-01-17 2025-01-24 삼성전자주식회사 Electronic apparatus, system and thereof method for providing service based on internet of things
KR102624327B1 (en) * 2019-03-15 2024-01-15 삼성전자주식회사 Method for location inference of IoT device, server and electronic device supporting the same
CN113557552B (en) * 2019-03-19 2025-09-26 索尼集团公司 Information processing device and method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160087933A1 (en) * 2006-09-25 2016-03-24 Weaved, Inc. Techniques for the deployment and management of network connected devices
US20190158353A1 (en) * 2006-09-25 2019-05-23 Weaved, Inc. Managing network connected devices
US20140081433A1 (en) * 2012-09-20 2014-03-20 Lg Electronics Inc. System for managing home appliances and push service method thereof
US20160112429A1 (en) * 2014-10-15 2016-04-21 Ayla Networks, Inc. Role based access control for connected consumer devices
CN107079002A (en) * 2014-10-17 2017-08-18 三星电子株式会社 Terminal and its operating method for Internet of Things
KR101688812B1 (en) * 2016-04-18 2016-12-22 (주)케이사인 Method and system of authorizing/managing iot device based on owner's authorization server
JP2020536304A (en) * 2017-10-06 2020-12-10 ゼイジ セキュリティ インコーポレイテッド Enable multi-tenant data access on a single industrial network
CN109361638A (en) * 2017-12-27 2019-02-19 广州Tcl智能家居科技有限公司 Smart machine control authority shared method, system and storage medium
CN111937351A (en) * 2018-05-15 2020-11-13 三星电子株式会社 Method for connecting a plurality of electronic devices to a server through a hub and electronic device
JP2020202505A (en) * 2019-06-11 2020-12-17 大日本印刷株式会社 Cryptographic communication system, secure element, device, server, computer program, and cryptographic communication method

Also Published As

Publication number Publication date
JP2022103134A (en) 2022-07-07
DE102021131731A1 (en) 2022-06-30
TW202226785A (en) 2022-07-01
TWI750973B (en) 2021-12-21
JP7233773B2 (en) 2023-03-07

Similar Documents

Publication Publication Date Title
US10084790B2 (en) Peer to peer enterprise file sharing
US8914632B1 (en) Use of access control lists in the automated management of encryption keys
CN104137466B (en) Operate the method and computing device of computing device
US20100088364A1 (en) Social networking architecture in which profile data hosting is provided by the profile owner
CN104145446B (en) Operate method, computing device and the computer program of computing device
US20140181514A1 (en) Encryption key management program, data management system
KR101971225B1 (en) Data transmission security system of cloud service and a providing method thereof
CN102577454B (en) A method for communicating data between a secure element and a network access point and a corresponding secure element
KR20180002803A (en) Automatic Identification of Invalid Participants in the Security Synchronization System
KR20140037476A (en) System for preventing outflow of file and a method executing the system
AU2015343356A1 (en) Roaming content wipe actions across devices
WO2004081801A1 (en) Information processing device, information processing method, and computer program
US9584508B2 (en) Peer to peer enterprise file sharing
US12314409B2 (en) Remote ownership and content control of media files on untrusted systems
CN101611391A (en) Secure Cross-Platform Auditing
CN112673600A (en) Multi-security authentication system and method between mobile phone terminal and IoT (Internet of things) equipment based on block chain
CN103310169A (en) A method and protection system for protecting SD card data
US9571288B2 (en) Peer to peer enterprise file sharing
CN110443047B (en) Data exchange group system and method
KR102154292B1 (en) Method for processing Query between Clients connected to a Blockchain and Service Provider
US20050021469A1 (en) System and method for securing content copyright
JP2014150518A (en) User terminal, key generation management device, and program
US11310235B1 (en) Internet of things system based on security orientation and group sharing
JP2019071552A (en) Encryption communication method, encryption communication system, key issuing device, and program
TWI750973B (en) Internet of things system based on security orientation and group sharing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20220701

WD01 Invention patent application deemed withdrawn after publication