CN107770152B - Security method and device, electric appliance, server and storage medium - Google Patents

Abstract

The invention discloses a security method and a security device of an electric appliance, the security method and the security device of the electric appliance and a server, the server and a storage medium, wherein the security method of the electric appliance comprises the following steps: receiving an instruction for controlling the electric appliance; determining whether the command conforms to a communication protocol according to the communication protocol of the communication module of the electric appliance; and when the instruction does not accord with the communication protocol, processing the instruction so as to realize security treatment on the electric appliance. The scheme of the invention can overcome the defects of poor safety, low reliability, poor user experience and the like in the prior art, and has the beneficial effects of good safety, high reliability and good user experience.

Description

Security method and device, electric appliance, server and storage medium

Technical Field

The invention belongs to the technical field of communication, and particularly relates to an electric appliance security method and device, an electric appliance, a server security method and device, a server and a storage medium, in particular to an electric appliance side control method, a server side control method, a device corresponding to a corresponding method, an electric appliance or a server with a corresponding device or capable of executing a corresponding method instruction and a storage medium storing a corresponding method instruction of a firewall technology of an embedded WIFI module.

Background

The WIFI module is also named as a serial port WIFI module, belongs to an internet of things transmission layer, and has the function of converting a serial port or TTL level into an embedded module which accords with a WIFI wireless network communication standard, and a wireless network protocol IEEE802.11b.g.n protocol stack and a TCP/IP protocol stack are arranged in the embedded module. Traditional hardware equipment embedding WIFI module can directly utilize WIFI to join in the internet, is the important component that realizes internet of things applications such as wireless intelligent house, M2M.

The intelligent WIFI module is widely applied to intelligent home. The intelligent home appliance devices involved are connected to the internet and therefore these home appliances will face network security.

In the prior art, the method has the defects of poor safety, low reliability, poor user experience and the like.

Disclosure of Invention

The invention aims to provide a security method and device for an electric appliance, a security method and device for the electric appliance and a server, the server and a storage medium aiming at the defects, so as to solve the problem of poor security caused by network security hidden trouble when intelligent household electrical appliance equipment is connected to the internet in the prior art and achieve the effect of good security.

The invention provides a security method of an electric appliance, which comprises the following steps: receiving an instruction for controlling the electric appliance; determining whether the command conforms to a communication protocol according to the communication protocol of the communication module of the electric appliance; and when the instruction does not accord with the communication protocol, processing the instruction so as to realize security treatment on the electric appliance.

Optionally, determining whether the instruction conforms to the communication protocol includes: when more than one instruction is continuously received, acquiring the interval time between two adjacent instructions; determining whether the interval time is less than or equal to a first set time specified by the communication protocol; when the interval time is less than or equal to the first set time, checking more than one continuously received instruction to determine whether more than one instruction conforms to the communication protocol; and/or, processing the instruction, including: discarding or deleting instructions that do not conform to the communication protocol; and/or not responding to instructions that do not conform to the communication protocol.

Optionally, verifying more than one instruction received consecutively includes: acquiring a current check value of a current instruction and a previous check value of a previous instruction in more than one continuously received instructions; determining whether the current check value is the same as the previous check value; when the current check value is the same as the previous check value, determining that the current instruction and/or the previous instruction do not conform to the communication protocol; and/or acquiring a single random value of each instruction in more than one continuously received instructions; determining whether one or more single random values corresponding to one or more instructions have the same single random value; when there is the same one-time random value in more than one-time random value, determining that several instructions corresponding to the same several one-time random values do not conform to the communication protocol.

Optionally, the checking one or more continuously received instructions further includes: when the current check value is different from the previous check value, determining whether the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length specified by the communication protocol; when the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length, determining that the current instruction and/or the previous instruction do not conform to the communication protocol; and/or when the current check value is different from the previous check value, determining whether response actions corresponding to more than one continuously received instruction belong to continuous actions specified by the communication protocol; when response actions corresponding to more than one continuously received instruction belong to the continuous actions, determining that the more than one continuously received instruction does not conform to the communication protocol; and/or when the current check value is different from the previous check value, determining whether the continuous sending time corresponding to more than one continuously received instruction exceeds a second set time specified by the communication protocol; when the continuous sending time corresponding to more than one continuously received instruction exceeds the second set time, determining that the more than one continuously received instruction does not conform to the communication protocol; and/or, for different one-time random values in more than one-time random value, determining whether the current sending sequence number of any one-time random value is increased relative to the previous sending sequence number of the previous one-time random value; when the current sending sequence number is increased relative to the previous sending sequence number, determining whether the current amplitude of the current sending sequence number increased relative to the previous sending sequence number exceeds the set amplitude specified by the communication protocol; and when the current amplitude exceeds the set amplitude, determining that the instruction corresponding to the current sending sequence number and/or the previous sending sequence number does not conform to the communication protocol.

Optionally, wherein the communication module includes: at least one of a WIFI module, a Bluetooth module and a GPRS module; and/or, in the communication protocol, a judgment rule of a check value and/or a judgment rule of a random value are also specified; and/or, the check value comprises: at least one of a CRC check value, a MD5 check value; and/or, the continuous action comprises: at least one of continuous mode switching operation, continuous on and off, continuous upgrading operation on the communication module and continuous inquiry of electric appliance data.

Optionally, the method further comprises: receiving an instruction with a sending sequence number of 0 of a random value; clearing the sending sequence number of the random value in the communication protocol of the communication module; and/or acquiring the IP address of the sending end which does not conform to the instruction of the communication protocol; reporting the IP address to a server; and/or receiving an IP filtering instruction issued by the server, and filtering the IP address of the sending end which does not conform to the instruction of the communication protocol; and/or receiving a safety precaution command issued by the server; after the self communication module is offline for a third set time, the self communication module is automatically online and is reconnected with the server; and/or receiving a private key transformation instruction issued by the server; according to at least one of a set algorithm, a set algorithm serial number and a set algorithm aging carried by the private key transformation instruction, transforming the private key of the current encrypted data per se; and/or sharing the communication state of the server; and/or connecting to a server to upgrade the firewall program of the communication module of the server.

Matching with the security method of the electrical appliance, the invention provides a security device of the electrical appliance, which comprises the following steps: the first receiving and sending unit is used for receiving an instruction for controlling the electric appliance; the first determining unit is used for determining whether the command conforms to the communication protocol according to the communication protocol of the communication module of the electric appliance; and the execution unit is used for processing the instruction when the instruction does not accord with the communication protocol so as to realize security treatment on the electric appliance.

Optionally, the determining, by the first determining unit, whether the instruction conforms to the communication protocol specifically includes: when more than one instruction is continuously received, acquiring the interval time between two adjacent instructions; determining whether the interval time is less than or equal to a first set time specified by the communication protocol; when the interval time is less than or equal to the first set time, checking more than one continuously received instruction to determine whether more than one instruction conforms to the communication protocol; and/or, the execution unit processes the instruction, specifically including: discarding or deleting instructions that do not conform to the communication protocol; and/or not responding to instructions that do not conform to the communication protocol.

Optionally, the checking, by the first determining unit, the one or more continuously received instructions specifically includes: acquiring a current check value of a current instruction and a previous check value of a previous instruction in more than one continuously received instructions; determining whether the current check value is the same as the previous check value; when the current check value is the same as the previous check value, determining that the current instruction and/or the previous instruction do not conform to the communication protocol; and/or acquiring a single random value of each instruction in more than one continuously received instructions; determining whether one or more single random values corresponding to one or more instructions have the same single random value; when there is the same one-time random value in more than one-time random value, determining that several instructions corresponding to the same several one-time random values do not conform to the communication protocol.

Optionally, the first determining unit verifies the one or more continuously received instructions, and specifically includes: when the current check value is different from the previous check value, determining whether the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length specified by the communication protocol; when the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length, determining that the current instruction and/or the previous instruction do not conform to the communication protocol; and/or when the current check value is different from the previous check value, determining whether response actions corresponding to more than one continuously received instruction belong to continuous actions specified by the communication protocol; when response actions corresponding to more than one continuously received instruction belong to the continuous actions, determining that the more than one continuously received instruction does not conform to the communication protocol; and/or when the current check value is different from the previous check value, determining whether the continuous sending time corresponding to more than one continuously received instruction exceeds a second set time specified by the communication protocol; when the continuous sending time corresponding to more than one continuously received instruction exceeds the second set time, determining that the more than one continuously received instruction does not conform to the communication protocol; and/or, for different one-time random values in more than one-time random value, determining whether the current sending sequence number of any one-time random value is increased relative to the previous sending sequence number of the previous one-time random value; when the current sending sequence number is increased relative to the previous sending sequence number, determining whether the current amplitude of the current sending sequence number increased relative to the previous sending sequence number exceeds the set amplitude specified by the communication protocol; and when the current amplitude exceeds the set amplitude, determining that the instruction corresponding to the current sending sequence number and/or the previous sending sequence number does not conform to the communication protocol.

Optionally, wherein the communication module includes: at least one of a WIFI module, a Bluetooth module and a GPRS module; and/or, in the communication protocol, a judgment rule of a check value and/or a judgment rule of a random value are also specified; and/or, the check value comprises: at least one of a CRC check value, a MD5 check value; and/or, the continuous action comprises: at least one of continuous mode switching operation, continuous on and off, continuous upgrading operation on the communication module and continuous inquiry of electric appliance data.

Optionally, the method further comprises: the first transceiving unit is further configured to receive an instruction that a sending sequence number of the random value is 0; the execution unit is also used for clearing the sending sequence number of the random value in the communication protocol of the communication module; and/or the first transceiving unit is further configured to acquire an IP address of a transmitting end that does not conform to the instruction of the communication protocol; the first transceiver unit is further configured to report the IP address to a server; and/or the execution unit is also used for receiving an IP filtering instruction issued by the server and filtering the IP address of the sending end which does not conform to the instruction of the communication protocol; and/or, the first transceiver unit is also used for receiving a security instruction issued by the server; the execution unit is also used for enabling the communication module to be automatically on line after being off-line for a third set time and reconnecting the server; and/or, the first transceiver unit is also used for receiving a private key transformation instruction issued by the server; the execution unit is also used for transforming the private key of the current encrypted data according to at least one of a set algorithm, a set algorithm serial number and a set algorithm aging carried by the private key transformation instruction; and/or the first transceiver unit is further configured to share a communication state of the first transceiver unit with a server; and/or the first transceiver unit is also used for connecting to a server to upgrade the firewall program of the communication module of the first transceiver unit.

In another aspect, the present invention provides an electrical apparatus, including: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; the plurality of instructions are stored by the memory, and are loaded by the processor and used for executing the security method of the electric appliance; or, the security device of the electrical appliance.

Matching with the security method of the electrical appliance, the invention provides a security method of a server on the other hand, which comprises the following steps: receiving the IP address of a sending end which is reported by the electric appliance and does not conform to the instruction of the communication protocol; acquiring the area and the actual number of the electric appliances reporting the IP address; determining whether the actual number exceeds a first set number specified by the communication protocol; and when the actual number exceeds the first set number, issuing an IP filtering instruction to the electric appliances in the region.

Optionally, the method further comprises: receiving the communication state shared by each electric appliance in any region; determining whether the current number of the communication states of the electric appliances in any area, which do not accord with the normal state specified by the communication protocol, exceeds a second set number; when the current number exceeds the second set number, issuing a safety precaution command to a communication module of each electric appliance in the region; and/or, determining whether a set dangerous situation occurs in the communication process of the electric appliance; when the dangerous situation occurs in the communication process of the electric appliances, a private key transformation instruction is sent to the communication module of each on-line electric appliance; and/or upgrading a firewall program of an electric appliance connected to the electric appliance.

Optionally, wherein the dangerous situation comprises at least one of: the system bugs exceeding the set degree, the data keys are leaked, and the abnormal attacks according with the set attack mode are carried out; and/or the private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

In another aspect, the present invention provides a security device for a server, including: the second transceiving unit is used for receiving the IP address of the sending end which is reported by the electric appliance and does not conform to the instruction of the communication protocol; the second determining unit is used for acquiring the region and the actual number of the electric appliances reporting the IP addresses; the second determining unit is further configured to determine whether the actual number exceeds a first set number specified by the communication protocol; and the second transceiving unit is also used for issuing an IP filtering instruction to the electric appliances in the region when the actual quantity exceeds the first set quantity.

Optionally, the method further comprises: the second transceiver unit is also used for receiving the own communication state shared by all the electric appliances in any region; the second determining unit is further configured to determine whether the current number of the communication states of the electrical appliances in any region that do not conform to the normal state specified by the communication protocol exceeds a second set number; the second transceiver unit is further configured to issue a safety precaution instruction to the communication module of each electrical appliance in the area when the current number exceeds the second set number; and/or the second determination unit is further used for determining whether a set dangerous situation occurs in the communication process of the electric appliance; the second transceiving unit is further configured to send a private key transformation instruction to the communication modules of the on-line electrical appliances when the dangerous situation occurs in the communication process of the electrical appliances; and/or the second determination unit is also used for upgrading the firewall program of the electric appliance connected to the second determination unit.

Optionally, wherein the dangerous situation comprises at least one of: the system bugs exceeding the set degree, the data keys are leaked, and the abnormal attacks according with the set attack mode are carried out; and/or the private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

In another aspect, the present invention provides a server, which is matched with the security method of the server or the security device of the server, and includes: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; the plurality of instructions are used for being stored by the memory, and being loaded and executed by the processor, the security method of the server is provided; or, the security device of the server.

In accordance with the security method of the electrical appliance or the security method of the server, a further aspect of the present invention provides a storage medium, including: the storage medium has stored therein a plurality of instructions; the plurality of instructions are used for loading and executing the security method of the electric appliance by the processor or the security method of the server by the processor.

According to the scheme, the embedded WIFI module network security can be improved and the adverse attack can be prevented by monitoring the control instruction of the household appliance.

Furthermore, the scheme of the invention ensures the safe operation of the intelligent household appliance by screening the received control instruction.

Further, according to the scheme of the invention, the unfavorable intention is predicted and precaution is carried out in advance by monitoring the communication process of the household appliance.

Furthermore, the firewall strategy is updated continuously by periodically upgrading the firewall program of the embedded WIFI module.

Further, according to the scheme of the invention, the household appliance is connected with the server to perform state sharing, so that immune transfer (vaccination) of the intelligent equipment in the whole network is performed.

Further, according to the scheme of the invention, the intelligent household electrical appliance is provided with an active safety strategy, so that the prevention of basic abnormal instructions is realized.

Further, the scheme of the invention realizes the reliable and safe operation of the intelligent household appliance by combining the active protection and the passive safety protection.

Therefore, according to the scheme of the invention, the received control instruction is screened, and the repeated data is deleted and the invalid data is discarded according to the screening result, so that the safe operation of the household appliance is ensured; the problem of among the prior art intelligent household electrical appliances are connected to the internet and face the network security hidden danger and lead to the security poor is solved to, overcome among the prior art security poor, the reliability is low and user experience is poor defect, realize that the security is good, the reliability is high and user experience is good beneficial effect.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.

The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.

Drawings

FIG. 1 is a schematic flow chart diagram illustrating an embodiment of a security method for an electrical appliance according to the present invention;

FIG. 2 is a flowchart illustrating an embodiment of determining whether the command conforms to the communication protocol in the method of the present invention;

FIG. 3 is a flowchart illustrating an embodiment of a first process for checking more than one instruction received consecutively in the method of the present invention;

FIG. 4 is a flowchart illustrating an embodiment of a second process for checking more than one instruction received consecutively in the method of the present invention;

FIG. 5 is a flowchart illustrating an embodiment of a third process for checking more than one instruction received consecutively in the method of the present invention;

FIG. 6 is a flowchart illustrating an embodiment of a fourth process for checking more than one instruction received consecutively in the method of the present invention;

FIG. 7 is a flowchart illustrating an embodiment of a fifth process for checking more than one instruction received consecutively in the method of the present invention;

FIG. 8 is a flowchart illustrating an embodiment of a sixth process for checking more than one instruction received consecutively in the method of the present invention;

FIG. 9 is a flowchart illustrating an embodiment of clearing a sending sequence number of a random value according to the method of the present invention;

FIG. 10 is a flowchart illustrating one embodiment of the method for filtering the IP address of the sender of the instruction that does not conform to the communication protocol;

FIG. 11 is a flowchart illustrating an embodiment of a reboot performed according to a security instruction in the method of the present invention;

FIG. 12 is a flowchart illustrating one embodiment of transforming a private key according to private key transformation instructions in the method of the present invention;

FIG. 13 is a schematic structural diagram of an embodiment of a security device of an electrical appliance according to the present invention;

FIG. 14 is a flowchart illustrating an embodiment of a security method of a server according to the present invention;

FIG. 15 is a flowchart illustrating an embodiment of sending a security instruction according to the present invention;

FIG. 16 is a flowchart illustrating an embodiment of sending a private key transformation instruction in the method of the present invention;

fig. 17 is a schematic structural diagram of an embodiment of a security device of a server according to the present invention.

The reference numbers in the embodiments of the present invention are as follows, in combination with the accompanying drawings:

102-a first transceiving unit; 104-a first determination unit; 106-an execution unit; 202-a second transceiving unit; 204-second determining unit.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

According to an embodiment of the present invention, a security method for an electrical appliance is provided, as shown in fig. 1, which is a schematic flow diagram of an embodiment of the security method for an electrical appliance. The security protection method of the electric appliance can comprise the following steps:

at step S110, an instruction is received that can be used to control the appliance itself.

For example: and receiving a command for controlling the electric appliance through a communication module of the electric appliance.

At step S120, it is determined whether the command conforms to the communication protocol according to the communication protocol of the communication module of the appliance itself.

For example: the instructions are screened (e.g., by its own communication module) to monitor whether the instructions conform to the communication protocol.

For example: and screening the received control command to ensure the safe operation of the intelligent household appliance.

For example: this embedded WIFI module's hot wall technology can include: and screening the received control instructions.

Optionally, the communication module may include: at least one of WIFI module, bluetooth module, GPRS module.

Therefore, convenience and flexibility of household appliance communication can be improved through the communication modules in various forms.

In an alternative example, the specific process of determining whether the instruction conforms to the communication protocol in step S120 may be further described with reference to the flowchart of fig. 2 illustrating an embodiment of the method of determining whether the instruction conforms to the communication protocol.

Step S210, when more than one instruction is received continuously, the interval time between two adjacent instructions is obtained. Wherein the number of the instructions is more than one.

For example: and analyzing the receiving interval time of the received instruction.

Step S220 is performed to determine whether the interval time is equal to or less than a first set time specified by the communication protocol.

Step S230, when the interval time is less than or equal to the first set time, checking at least one continuously received instruction to determine whether the at least one instruction conforms to the communication protocol.

Therefore, by judging the receiving time interval of two adjacent instructions, the instructions with the interval smaller than the corresponding set time can be determined so as to further judge whether the instructions are legal or not, the processing mode is simple and convenient, and the accuracy of the processing result is good.

Optionally, the first process of checking the continuously received one or more instructions in step S230 may be further described with reference to a flowchart of an embodiment of the first process of checking the continuously received one or more instructions in the method of the present invention shown in fig. 3.

Step S310, obtaining a current check value of a current instruction and a previous check value of a previous instruction in the more than one continuously received instructions.

Step S320, determining whether the current check value is the same as the previous check value.

Step S330, when the current check value is the same as the previous check value, determining that the current instruction and/or the previous instruction do not conform to the communication protocol.

For example: a data CRC (Cyclic Redundancy Check) Check or an MD5(Message Digest Algorithm) Check.

Wherein, the check value may include: at least one of a CRC check value, a MD5 check value.

Therefore, through the check values in various forms, the flexibility and the universality of checking based on the check values are improved.

For example: and the WIFI module receives uninterrupted data, and the time interval is less than a set value t (firewall rule), starting CRC or MD5 verification of the received data, and immediately discarding the data if the verified value is the same as the last packet of data.

Therefore, the instruction which is not in accordance with the communication protocol is determined by judging whether the check values are consistent, and the processing mode is reliable and safe.

Optionally, the second process of checking the continuously received one or more instructions in step S230 may be further described with reference to a flowchart of an embodiment of a second process of checking the continuously received one or more instructions in the method of the present invention shown in fig. 4.

Step S410, obtaining a single random value of each of the at least one instruction received continuously.

Step S420, determining whether there is the same one-time random value in the one-time random values corresponding to the one or more instructions.

Step S430, when there is the same one-time random value in more than one-time random value, determining that several instructions corresponding to the same several one-time random values do not conform to the communication protocol.

For example: or a check of a single random value.

Wherein, the communication protocol also stipulates a judgment rule of a check value and/or a judgment rule of a random value.

For example: the communication protocol (i.e. communication protocol) stipulates that random codes are added in each packet of data, the random codes are required to be constant of continuous accumulation cycle, when the data with the same random codes are continuously received, the data are indicated to be repeated data, and the data are lost.

Therefore, the random value is used for checking, and the checking reliability is high and the accuracy is good.

Optionally, the third process of checking the continuously received one or more instructions in step S230 may be further described with reference to a flowchart of an embodiment of a third process of checking the continuously received one or more instructions in the method of the present invention shown in fig. 5.

Step S510, when the current check value is different from the previous check value, determining whether a single packet data length corresponding to the current instruction and/or the previous instruction exceeds a set length specified by the communication protocol.

Step S520, when the length of the single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length, determining that the current instruction and/or the previous instruction do not conform to the communication protocol.

For example: and if the check values are different, analyzing and checking the length of the single packet data.

For example: the length of single-packet data is limited not to exceed 2Kbytes, and the influence of large quantities of invalid data sent by other network terminals to ports commonly used by the WIFI module on the normal work of the equipment is prevented.

Therefore, the check is carried out through the single-packet data length of the instruction, the check mode is flexible, and the check reliability is high.

Optionally, the fourth process of checking the continuously received one or more instructions in step S230 may be further described with reference to a flowchart of an embodiment of a fourth process of checking the continuously received one or more instructions in the method of the present invention shown in fig. 6.

Step S610, when the current check value is different from the previous check value, determining whether a response action corresponding to one or more continuously received instructions belongs to a continuous action specified by the communication protocol.

Step S620, when the response action corresponding to the one or more continuously received instructions belongs to the continuous action, determining that the one or more continuously received instructions do not conform to the communication protocol.

For example: and if the check values are different, analyzing and checking the data of the continuous action instruction.

Wherein the continuous action may include: at least one of continuous mode switching operation, continuous on/off (for example, continuous on/off air conditioner), continuous upgrading operation of the communication module, and continuous query of appliance data (for example, continuous query of air conditioner data).

Therefore, through continuous action in various forms, the flexibility and convenience of continuous action judgment are improved.

For example: and analyzing the data of the received instruction. And continuous mode switching operation (continuous mode switching) is forbidden, continuous air conditioner switching is forbidden, continuous upgrading operation on the WIFI module is forbidden, and continuous query of air conditioner data is forbidden.

Therefore, the verification is performed through continuous actions, the verification flexibility is good, and the universality is high.

Optionally, the fifth process of checking the continuously received one or more instructions in step S230 may be further described with reference to the flowchart of fig. 7, which is an embodiment of a fifth process of checking the continuously received one or more instructions in the method of the present invention.

Step S710, when the current check value is different from the previous check value, determining whether a continuous sending time corresponding to one or more continuously received instructions exceeds a second set time specified by the communication protocol.

Step S720, when the continuous sending time corresponding to the continuously received one or more instructions exceeds the second set time, determining that the continuously received one or more instructions do not conform to the communication protocol.

For example: and sending a large amount of invalid data to a common communication port of the WIFI module, wherein the continuous data sending time exceeds 10 minutes.

For example: the repeated continuous transmission time exceeds 10 minutes.

For example: and continuously sending instructions for changing WIFI functions such as power on and power off, and continuously controlling the time to exceed 3 minutes.

Therefore, the verification is carried out through the continuous sending time, and the verification mode is simple, convenient and reliable.

Optionally, the sixth process of checking the continuously received one or more instructions in step S230 may be further described with reference to a flowchart of an embodiment of a sixth process of checking the continuously received one or more instructions in the method of the present invention shown in fig. 8.

Step S810, for different one-time random values in the one or more one-time random values, determining whether the current sending sequence number of any one-time random value is incremented relative to the previous sending sequence number of the previous one-time random value.

Step S820, when the current transmission sequence number is incremented relative to the previous transmission sequence number, determining whether a current amplitude of the current transmission sequence number incremented relative to the previous transmission sequence number exceeds a set amplitude specified by the communication protocol.

Step S830, when the current amplitude exceeds the set amplitude, determining that the instruction corresponding to the current sending sequence number and/or the previous sending sequence number does not conform to the communication protocol.

For example: and judging that the sequence number of the random code is required to be increased in an increasing way, the increasing amplitude cannot exceed 5, and the data which is not in the rule is regarded as invalid data and is discarded.

Therefore, the verification is carried out through the serial number of the random value, the verification mode is simple and convenient, and the reliability of the verification result is high.

At step S130, when the instruction does not conform to the communication protocol, the instruction is processed to implement security processing on the electrical appliance.

Therefore, by screening the received control instruction, the protocol vulnerability is actively monitored, and the safe operation of the intelligent household appliance is ensured, so that the problem of data replay attack in a network attack means is solved.

In an optional example, the processing of the instruction in step S130 may include: instructions that do not conform to the communication protocol are discarded or deleted.

In an optional example, the processing the instruction in step S130 may further include: not responding to instructions that do not conform to the communication protocol.

For example: and the data which has CRC check or MD5 check value of the data received for multiple times continuously or has single random value is directly deleted and is not responded.

Therefore, through various processing modes, the flexibility and convenience of processing the instructions which are not in line with the communication protocol can be improved.

In an alternative embodiment, the method may further include: and clearing the sending sequence number of the random value.

Optionally, a specific process of clearing the transmission sequence number of the random value may be further described with reference to a flowchart of an embodiment of clearing the transmission sequence number of the random value in the method of the present invention shown in fig. 9.

In step S910, an instruction with a random value transmission sequence number of 0 is received.

Step S920, clearing the sending sequence number of the random value in the communication protocol of the communication module itself.

For example: in order to prevent the data random code from being mistaken for the data violation due to the last change value under the factors of restarting the server and the like, the WIFI module is required to receive the data packet of which the sequence number (for example, the sending sequence number) of the random code (namely, the random value) is 0, and clear the random code in the data rule.

Therefore, the instruction with the random value sending sequence number of 0 is received, and the sending sequence number of the random value is cleared when the instruction is received, so that the accuracy and the reliability of subsequent security control are improved.

In an alternative embodiment, the method may further include: and filtering the IP address of the sender of the instruction which does not conform to the communication protocol.

Optionally, a specific process of filtering the IP address of the sender of the instruction that does not conform to the communication protocol may be further described with reference to a flowchart of an embodiment of filtering the IP address of the sender of the instruction that does not conform to the communication protocol in the method of the present invention shown in fig. 10.

Step S1010, acquiring an IP address of the sender that does not conform to the instruction of the communication protocol.

For example: an IP address with the following abnormal behavior is detected, assumed to be a suspicious IP:

(1) and sending a large amount of invalid data to a common communication port of the WIFI module, wherein the continuous data sending time exceeds 10 minutes, and the continuous data packet length exceeds 2 Kbytes.

(2) The same data packet is repeatedly transmitted for a continuous transmission time exceeding 10 minutes.

(3) And continuously sending instructions for changing WIFI functions such as power on and power off, wherein the continuous control time exceeds 3 minutes, and the interval time of the continuous control instructions is less than 5S.

And step S1020, reporting the IP address to a server.

For example: and when the suspicious IP is detected, directly uploading the suspicious IP to a server.

Step S1030, receiving an IP filtering instruction issued by the server, and filtering an IP address of a sender that does not conform to the instruction of the communication protocol.

For example: and the server reports the IP address according to the electric appliance. And determining the region and the actual number of the electric appliances reporting the IP addresses. It is determined whether the actual number exceeds a first set number specified by the communication protocol. And when the actual number exceeds the first set number, issuing an IP filtering instruction to the electric appliances in the region.

For example: the server integrates the regions and the number of the suspicious IP, and when a large number of devices (for example, whether the devices are large or not is determined according to a set firewall rule or whether the devices are large or not is determined according to a set fixed value) are detected to be possibly attacked, the server issues an abnormal IP filtering instruction to the region module, so that the WIFI module can commonly prevent the suspicious IP. The prevention mode needs interaction between the server and the WIFI module and data analysis of the server, and is called immune alarm for short.

For example: the intelligent household electrical appliance is provided with an active safety strategy, and the prevention of basic abnormal instructions is realized.

Therefore, by filtering the IP address of the sending end which does not conform to the instruction of the communication protocol, the influence of the malicious IP address on the normal operation and the safety performance of the electric appliance caused by continuously sending invalid data can be avoided, the operation safety of the electric appliance is high, and the energy consumption increased by the processing of the subsequent invalid data is saved.

In an alternative embodiment, the method may further include: and restarting according to the safety precaution instruction.

Optionally, a specific process of restarting according to the security instruction may be further described with reference to a flowchart of an embodiment of restarting according to the security instruction in the method of the present invention shown in fig. 11.

Step S1110, receiving a security instruction issued by the server.

For example: and when the server detects that the communication conditions of the second set number of electric appliances in any region do not accord with the normal state specified by the communication protocol, issuing a safety precaution instruction to the communication module of each electric appliance in the region.

For example: the server and the WIFI modules share safety data, when the server detects that a large number of devices in a certain area are abnormal or a large number of online devices give an alarm, an emergency safety precaution level instruction is immediately issued to each online WIFI module device, and the WIFI modules are automatically off-line for 1 minute after receiving the emergency safety precaution instruction.

For example: and predicting the unfavorable intention and preventing in advance.

Step S1120, after the self communication module is offline for a third set time, the self communication module is automatically online and reconnects the server.

For example: and automatically connecting the network to the server again after 1 minute, and if the emergency precaution alarm of the server is received again, then connecting the network to the server again for 1 minute again, and circulating.

For example: the reliable and safe operation of the intelligent household appliance is realized by combining active protection and passive safety protection.

Therefore, the electric appliance is restarted according to the safety precaution instruction, so that active protection and passive protection of the electric appliance are achieved, and the electric appliance is high in reliability and good in safety.

In an alternative embodiment, the method may further include: and transforming the private key according to the private key transformation instruction.

Optionally, a specific process of transforming the private key according to the private key transformation instruction may be further described with reference to a flowchart of an embodiment of transforming the private key according to the private key transformation instruction in the method of the present invention shown in fig. 12.

Step S1210, receiving a private key transformation command issued by the server.

Step S1220, transforming the private key of the current encrypted data according to at least one of the setting algorithm, the setting algorithm serial number, and the setting algorithm aging carried by the private key transformation instruction (for example, in the setting algorithm aging carried by the private key transformation instruction, according to the setting algorithm carried by the private key transformation instruction and/or the setting algorithm corresponding to the setting algorithm serial number).

For example: and when detecting that any dangerous situation occurs in the communication of the electric appliance, the server sends a private key transformation instruction to a communication module of the online electric appliance. Wherein the dangerous situation may include: and (4) system bugs exceeding a set degree, data keys are leaked, and abnormal attacks conforming to a set attack mode are achieved. The private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

For example: if the server detects serious system loopholes or data key leakage or definite abnormal attack, the server starts the highest security level function, the server sends a private key transformation instruction to the online WIFI equipment at the moment, and the WIFI module transforms the private key of the encrypted data according to a set rule after receiving the highest security instruction of the server. Wherein the setting rule is defined as: the existing private key is changed into another private key according to a preset algorithm, and the APP can also calculate a new private key after the change by using the preset algorithm.

For example: the APP prompts the user to replace the private key of the intelligent household appliance according to the specified operation (in this point, a new private key is completely generated). The rule for transforming the private key of the encrypted data cannot be used in a conventional state, and can be started only under the serious security vulnerability of the system.

For example: the method for changing the private key is effective at one time, the server issues instructions to all online WIFI modules to change the private key and simultaneously tells the WIFI modules the algorithm with the serial number, and the algorithm is effective at one time.

Therefore, the communication safety and reliability can be further improved by transforming the private key according to the private key transformation instruction, and the humanization is good.

In an alternative embodiment, the method may further include: and sharing the communication state of the server.

For example: and the connection server carries out state sharing and immune transmission (vaccination) of the intelligent equipment in the whole network.

Therefore, the server monitors and assists in maintenance of the communication state of the server by sharing the communication state of the server, and the communication safety and reliability of the server are improved.

In an alternative embodiment, the method may further include: and connecting to the server to upgrade the firewall program of the communication module of the server.

For example: and periodically upgrading the firewall program of the embedded WIFI module so as to continuously update the firewall policy.

For example: the firewall program of the module is upgraded separately at regular intervals. The WIFI module is periodically connected with a server to upgrade programs of the firewall rule part, so that the safety and reliability of the equipment are guaranteed to the maximum extent under the condition that normal use is not influenced.

Therefore, the ability of defending against external intruders can be improved by upgrading the firewall program of the self, and the reliability and the safety of the operation of the self are improved.

Through a large amount of experimental verification, adopt the technical scheme of this embodiment, through the monitoring to domestic appliance's control command, can promote embedded WIFI module network security, take precautions against adverse attack.

According to the embodiment of the invention, the security device of the electric appliance corresponding to the security method of the electric appliance is also provided. Referring to fig. 13, a schematic structural diagram of an embodiment of a security device of an electrical appliance according to the present invention is shown. This security protection device of electrical apparatus can include: a first transceiving unit 102, a first determining unit 104 and an executing unit 106.

In an alternative example, the first transceiving unit 102 may be configured to receive instructions that may be used to control the appliance itself. The detailed function and processing of the first transceiver unit 102 are shown in step S110.

For example: and receiving a command for controlling the electric appliance through a communication module of the electric appliance.

In an optional example, the first determining unit 104 may be configured to determine whether the instruction conforms to a communication protocol of a communication module of the appliance itself according to the communication protocol. The specific function and processing of the first determination unit 104 are shown in step S120.

For example: the instructions are screened (e.g., by its own communication module) to monitor whether the instructions conform to the communication protocol.

For example: and screening the received control command to ensure the safe operation of the intelligent household appliance.

For example: this embedded WIFI module's hot wall technology can include: and screening the received control instructions.

Wherein, the communication module may include: at least one of WIFI module, bluetooth module, GPRS module.

Therefore, convenience and flexibility of household appliance communication can be improved through the communication modules in various forms.

Optionally, the determining, by the first determining unit 104, whether the instruction conforms to the communication protocol may specifically include: and when more than one instruction is received continuously, acquiring the interval time between two adjacent instructions. The specific function and processing of the first determination unit 104 are also referred to in step S210.

For example: and analyzing the receiving interval time of the received instruction.

Wherein the number of the instructions is more than one.

In an optional specific example, the determining, by the first determining unit 104, whether the instruction conforms to the communication protocol may further include: and determining whether the interval time is less than or equal to a first set time specified by the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S220.

In an optional specific example, the determining, by the first determining unit 104, whether the instruction conforms to the communication protocol may further include: when the interval time is less than or equal to the first set time, checking more than one continuously received instruction to determine whether more than one instruction conforms to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S230.

Therefore, by judging the receiving time interval of two adjacent instructions, the instructions with the interval smaller than the corresponding set time can be determined so as to further judge whether the instructions are legal or not, the processing mode is simple and convenient, and the accuracy of the processing result is good.

More optionally, the checking, by the first determining unit 104, of the one or more consecutively received instructions may specifically include: and acquiring a current check value of a current instruction and a previous check value of a previous instruction in more than one continuously received instructions. The specific function and processing of the first determination unit 104 are also referred to in step S310.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: determining whether the current check value is the same as the previous check value. The specific function and processing of the first determination unit 104 are also referred to in step S320.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: and when the current check value is the same as the previous check value, determining that the current instruction and/or the previous instruction do not conform to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S330.

For example: a data CRC (Cyclic Redundancy Check) Check or an MD5(Message Digest Algorithm) Check.

Wherein, the check value may include: at least one of a CRC check value, a MD5 check value.

Therefore, through the check values in various forms, the flexibility and the universality of checking based on the check values are improved.

For example: and the WIFI module receives uninterrupted data, and the time interval is less than a set value t (firewall rule), starting CRC or MD5 verification of the received data, and immediately discarding the data if the verified value is the same as the last packet of data.

Therefore, the instruction which is not in accordance with the communication protocol is determined by judging whether the check values are consistent, and the processing mode is reliable and safe.

More optionally, the checking, by the first determining unit 104, of the one or more consecutively received instructions may further include: and acquiring a single random value of each instruction in more than one continuously received instructions. The specific function and processing of the first determination unit 104 are also referred to in step S410.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: determining whether there is the same one-time random value in one or more one-time random values corresponding to one or more instructions. The specific function and processing of the first determination unit 104 are also referred to in step S420.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: when there is the same one-time random value in more than one-time random value, determining that several instructions corresponding to the same several one-time random values do not conform to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S430.

For example: or a check of a single random value.

Wherein, the communication protocol also stipulates a judgment rule of a check value and/or a judgment rule of a random value.

For example: the communication protocol (i.e. communication protocol) stipulates that random codes are added in each packet of data, the random codes are required to be constant of continuous accumulation cycle, when the data with the same random codes are continuously received, the data are indicated to be repeated data, and the data are lost.

Therefore, the random value is used for checking, and the checking reliability is high and the accuracy is good.

More optionally, the checking, by the first determining unit 104, of the one or more consecutively received instructions may further include: and when the current check value is different from the previous check value, determining whether the single-packet data length corresponding to the current instruction and/or the previous instruction exceeds the set length specified by the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S510.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: and when the length of the single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length, determining that the current instruction and/or the previous instruction do not conform to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S520.

For example: and if the check values are different, analyzing and checking the length of the single packet data.

For example: the length of single-packet data is limited not to exceed 2Kbytes, and the influence of large quantities of invalid data sent by other network terminals to ports commonly used by the WIFI module on the normal work of the equipment is prevented.

Therefore, the check is carried out through the single-packet data length of the instruction, the check mode is flexible, and the check reliability is high.

More optionally, the checking, by the first determining unit 104, of the one or more consecutively received instructions may further include: and when the current check value is different from the previous check value, determining whether response actions corresponding to more than one continuously received instruction belong to continuous actions specified by the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S610.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: and when the response action corresponding to the continuously received more than one instruction belongs to the continuous action, determining that the continuously received more than one instruction does not conform to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S620.

For example: and if the check values are different, analyzing and checking the data of the continuous action instruction.

Wherein the continuous action may include: at least one of continuous mode switching operation, continuous on/off (for example, continuous on/off air conditioner), continuous upgrading operation of the communication module, and continuous query of appliance data (for example, continuous query of air conditioner data).

Therefore, through continuous action in various forms, the flexibility and convenience of continuous action judgment are improved.

For example: and analyzing the data of the received instruction. And continuous mode switching operation (continuous mode switching) is forbidden, continuous air conditioner switching is forbidden, continuous upgrading operation on the WIFI module is forbidden, and continuous query of air conditioner data is forbidden.

Therefore, the verification is performed through continuous actions, the verification flexibility is good, and the universality is high.

More optionally, the checking, by the first determining unit 104, of the one or more consecutively received instructions may further include: and when the current check value is different from the previous check value, determining whether the continuous sending time corresponding to more than one continuously received instruction exceeds a second set time specified by the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S710.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: and when the continuous sending time corresponding to the continuously received more than one instruction exceeds the second set time, determining that the continuously received more than one instruction does not conform to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S720.

For example: and sending a large amount of invalid data to a common communication port of the WIFI module, wherein the continuous data sending time exceeds 10 minutes.

For example: the repeated continuous transmission time exceeds 10 minutes.

For example: and continuously sending instructions for changing WIFI functions such as power on and power off, and continuously controlling the time to exceed 3 minutes.

Therefore, the verification is carried out through the continuous sending time, and the verification mode is simple, convenient and reliable.

More optionally, the checking, by the first determining unit 104, of the one or more consecutively received instructions may further include: and for different one-time random values in more than one-time random value, determining whether the current sending sequence number of any one-time random value is increased relative to the previous sending sequence number of the previous one-time random value. The specific function and processing of the first determination unit 104 are also referred to in step S810.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: and when the current sending sequence number is increased relative to the previous sending sequence number, determining whether the current amplitude of the current sending sequence number increased relative to the previous sending sequence number exceeds the set amplitude specified by the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S820.

In a more optional specific example, the checking, by the first determining unit 104, the continuously received one or more instructions may specifically include: and when the current amplitude exceeds the set amplitude, determining that the instruction corresponding to the current sending sequence number and/or the previous sending sequence number does not conform to the communication protocol. The specific function and processing of the first determination unit 104 are also referred to in step S830.

For example: and judging that the sequence number of the random code is required to be increased in an increasing way, the increasing amplitude cannot exceed 5, and the data which is not in the rule is regarded as invalid data and is discarded.

Therefore, the verification is carried out through the serial number of the random value, the verification mode is simple and convenient, and the reliability of the verification result is high.

In an optional example, the execution unit 106 may be configured to process the instruction when the instruction does not conform to the communication protocol, so as to implement security processing on the electrical appliance. The specific function and processing of the execution unit 106 are shown in step S130.

Therefore, by screening the received control instruction, the protocol vulnerability is actively monitored, and the safe operation of the intelligent household appliance is ensured, so that the problem of data replay attack in a network attack means is solved.

Optionally, the processing, by the execution unit 106, of the instruction may specifically include: instructions that do not conform to the communication protocol are discarded or deleted.

Optionally, the processing, by the execution unit 106, of the instruction may further include: not responding to instructions that do not conform to the communication protocol.

For example: and the data which has CRC check or MD5 check value of the data received for multiple times continuously or has single random value is directly deleted and is not responded.

Therefore, through various processing modes, the flexibility and convenience of processing the instructions which are not in line with the communication protocol can be improved.

In an alternative embodiment, the method may further include: and clearing the sending sequence number of the random value.

In an optional example, the first transceiver unit 102 may be further configured to receive an instruction that a transmission sequence number of the random value is 0. The detailed functions and processes of the first transceiver unit 102 are also shown in step S910.

In an optional example, the execution unit 106 may be further configured to zero a sending sequence number of a random value in the communication protocol of its own communication module. The specific functions and processes of the execution unit 106 are also referred to in step S920.

For example: in order to prevent the data random code from being mistaken for the data violation due to the last change value under the factors of restarting the server and the like, the WIFI module is required to receive the data packet of which the sequence number (for example, the sending sequence number) of the random code (namely, the random value) is 0, and clear the random code in the data rule.

Therefore, the instruction with the random value sending sequence number of 0 is received, and the sending sequence number of the random value is cleared when the instruction is received, so that the accuracy and the reliability of subsequent security control are improved.

In an alternative embodiment, the method may further include: and filtering the IP address of the sender of the instruction which does not conform to the communication protocol.

In an optional example, the first transceiver unit 102 may be further configured to obtain an IP address of a sender that does not conform to the instruction of the communication protocol. The detailed functions and processes of the first transceiver unit 102 are also shown in step S1010.

For example: an IP address with the following abnormal behavior is detected, assumed to be a suspicious IP:

(1) and sending a large amount of invalid data to a common communication port of the WIFI module, wherein the continuous data sending time exceeds 10 minutes, and the continuous data packet length exceeds 2 Kbytes.

(2) The same data packet is repeatedly transmitted for a continuous transmission time exceeding 10 minutes.

(3) And continuously sending instructions for changing WIFI functions such as power on and power off, wherein the continuous control time exceeds 3 minutes, and the interval time of the continuous control instructions is less than 5S.

In an optional example, the first transceiver unit 102 may be further configured to report the IP address to a server. The detailed functions and processes of the first transceiver unit 102 are also shown in step S1020.

For example: and when the suspicious IP is detected, directly uploading the suspicious IP to a server.

In an optional example, the execution unit 106 may be further configured to receive an IP filtering instruction issued by the server, and filter an IP address of a sender that does not conform to the instruction of the communication protocol. The specific functions and processes of the execution unit 106 are also referred to in step S1030.

For example: and the server reports the IP address according to the electric appliance. And determining the region and the actual number of the electric appliances reporting the IP addresses. It is determined whether the actual number exceeds a first set number specified by the communication protocol. And when the actual number exceeds the first set number, issuing an IP filtering instruction to the electric appliances in the region.

For example: the server integrates the regions and the number of the suspicious IP, and when a large number of devices (for example, whether the devices are large or not is determined according to a set firewall rule or whether the devices are large or not is determined according to a set fixed value) are detected to be possibly attacked, the server issues an abnormal IP filtering instruction to the region module, so that the WIFI module can commonly prevent the suspicious IP. The prevention mode needs interaction between the server and the WIFI module and data analysis of the server, and is called immune alarm for short.

For example: the intelligent household electrical appliance is provided with an active safety strategy, and the prevention of basic abnormal instructions is realized.

Therefore, by filtering the IP address of the sending end which does not conform to the instruction of the communication protocol, the influence of the malicious IP address on the normal operation and the safety performance of the electric appliance caused by continuously sending invalid data can be avoided, the operation safety of the electric appliance is high, and the energy consumption increased by the processing of the subsequent invalid data is saved.

In an alternative embodiment, the method may further include: and restarting according to the safety precaution instruction.

In an optional example, the first transceiver unit 102 may be further configured to receive a security instruction issued by the server. The detailed functions and processes of the first transceiver unit 102 are also shown in step S1110.

For example: and when the server detects that the communication conditions of the second set number of electric appliances in any region do not accord with the normal state specified by the communication protocol, issuing a safety precaution instruction to the communication module of each electric appliance in the region.

For example: the server and the WIFI modules share safety data, when the server detects that a large number of devices in a certain area are abnormal or a large number of online devices give an alarm, an emergency safety precaution level instruction is immediately issued to each online WIFI module device, and the WIFI modules are automatically off-line for 1 minute after receiving the emergency safety precaution instruction.

For example: and predicting the unfavorable intention and preventing in advance.

In an optional example, the execution unit 106 may be further configured to enable the self communication module to go online automatically after going offline for a third set time, and reconnect to the server. The specific functions and processes of the execution unit 106 are also shown in step S1120.

For example: and automatically connecting the network to the server again after 1 minute, and if the emergency precaution alarm of the server is received again, then connecting the network to the server again for 1 minute again, and circulating.

For example: the reliable and safe operation of the intelligent household appliance is realized by combining active protection and passive safety protection.

Therefore, the electric appliance is restarted according to the safety precaution instruction, so that active protection and passive protection of the electric appliance are achieved, and the electric appliance is high in reliability and good in safety.

In an alternative embodiment, the method may further include: and transforming the private key according to the private key transformation instruction.

In an optional example, the first transceiver unit 102 may be further configured to receive a private key transformation instruction issued by a server. The detailed functions and processes of the first transceiver unit 102 are also shown in step S1210.

In an optional example, the execution unit 106 may be further configured to transform the private key of the current encrypted data according to at least one of a setting algorithm, a setting algorithm serial number, and a setting algorithm aging carried by the private key transformation instruction (for example, in the setting algorithm aging carried by the private key transformation instruction, according to the setting algorithm carried by the private key transformation instruction, and/or the setting algorithm corresponding to the setting algorithm serial number). The specific functions and processes of the execution unit 106 are also referred to in step S1220.

For example: and when detecting that any dangerous situation occurs in the communication of the electric appliance, the server sends a private key transformation instruction to a communication module of the online electric appliance. Wherein the dangerous situation may include: and (4) system bugs exceeding a set degree, data keys are leaked, and abnormal attacks conforming to a set attack mode are achieved. The private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

For example: if the server detects serious system loopholes or data key leakage or definite abnormal attack, the server starts the highest security level function, the server sends a private key transformation instruction to the online WIFI equipment at the moment, and the WIFI module transforms the private key of the encrypted data according to a set rule after receiving the highest security instruction of the server. Wherein the setting rule is defined as: the existing private key is changed into another private key according to a preset algorithm, and the APP can also calculate a new private key after the change by using the preset algorithm.

For example: the APP prompts the user to replace the private key of the intelligent household appliance according to the specified operation (in this point, a new private key is completely generated). The rule for transforming the private key of the encrypted data cannot be used in a conventional state, and can be started only under the serious security vulnerability of the system.

For example: the method for changing the private key is effective at one time, the server issues instructions to all online WIFI modules to change the private key and simultaneously tells the WIFI modules the algorithm with the serial number, and the algorithm is effective at one time.

Therefore, the communication safety and reliability can be further improved by transforming the private key according to the private key transformation instruction, and the humanization is good.

In an optional embodiment, the first transceiver 102 may be further configured to share a communication status of itself with a server.

For example: and the connection server carries out state sharing and immune transmission (vaccination) of the intelligent equipment in the whole network.

Therefore, the server monitors and assists in maintenance of the communication state of the server by sharing the communication state of the server, and the communication safety and reliability of the server are improved.

In an optional embodiment, the first transceiver unit 102 may further be configured to connect to a server to upgrade a firewall program of its own communication module. The detailed function and processing of the transient protection module 1024 are shown in step S220.

For example: and periodically upgrading the firewall program of the embedded WIFI module so as to continuously update the firewall policy.

For example: the firewall program of the module is upgraded separately at regular intervals. The WIFI module is periodically connected with a server to upgrade programs of the firewall rule part, so that the safety and reliability of the equipment are guaranteed to the maximum extent under the condition that normal use is not influenced.

Therefore, the ability of defending against external intruders can be improved by upgrading the firewall program of the self, and the reliability and the safety of the operation of the self are improved.

Since the processing and functions of the security device of the electrical appliance of the present embodiment are basically corresponding to the embodiments, principles and examples of the security method of the electrical appliance shown in fig. 1 to 12, reference may be made to the related descriptions in the foregoing embodiments without being detailed in the description of the present embodiment.

Through a large number of tests, the technical scheme of the invention is adopted to ensure the safe operation of the intelligent household appliance by screening the received control instruction.

According to the embodiment of the invention, the electric appliance corresponding to the security method of the electric appliance or the security device of the electric appliance is also provided. The appliance may include: a processor operable to execute a plurality of instructions; a memory operable to store a plurality of instructions; the instructions can be used for being stored by the memory, and loaded and executed by the processor, so as to implement the security method of the electric appliance. Alternatively, the appliance may include: the security device of the electrical appliance.

In an optional example, the firewall technology of the embedded WIFI module may include: and screening the received control instruction, actively monitoring protocol loopholes, and ensuring the safe operation of the intelligent household appliance so as to solve the problem of data replay attack in a network attack means.

Optionally, screening the received control instruction and actively monitoring the protocol vulnerability may include:

(1) the received instruction is subjected to receiving interval time analysis, data CRC (Cyclic redundancy check) check or MD5(Message Digest Algorithm) check or check of single random value, and data which is the same as CRC check or MD5 check value or single random value of data received for multiple times continuously is directly deleted and does not respond any more.

For example: and the WIFI module receives uninterrupted data, and the time interval is less than a set value t (firewall rule), starting CRC or MD5 verification of the received data, and immediately discarding the data if the verified value is the same as the last packet of data. And (4) if the check values are different, entering the steps (2) and (3) to continue the data analysis and check.

The communication protocol may specify the communication logic of the server and the WIFI module. And the firewall rules can be defined as procedures for detecting abnormal behaviors and defending when the WIFI module detects the abnormal behaviors.

The communication protocol (i.e. communication protocol) stipulates that random codes are added in each packet of data, the random codes are required to be constant of continuous accumulation cycle, when the data with the same random codes are continuously received, the data are indicated to be repeated data, and the data are lost. And meanwhile, judging that the serial number of the random code must be increased in an increasing mode, the increasing amplitude cannot exceed 5, and discarding the data which are not in the rule as invalid data. In order to prevent the data random code from being mistaken for the data violation due to the last change value under the factors of restarting the server and the like, the WIFI module is required to receive the data packet of which the sequence number (for example, the sending sequence number) of the random code (namely, the random value) is 0, and clear the random code in the data rule.

(2) The length of single-packet data is limited not to exceed 2Kbytes, and the influence of large quantities of invalid data sent by other network terminals to ports commonly used by the WIFI module on the normal work of the equipment is prevented.

(3) And analyzing the data of the received instruction. And continuous mode switching operation (continuous mode switching) is forbidden, continuous air conditioner switching is forbidden, continuous upgrading operation on the WIFI module is forbidden, and continuous query of air conditioner data is forbidden.

In an optional example, the firewall technology of the embedded WIFI module may further include: an IP address with the following abnormal behavior is detected, assumed to be a suspicious IP:

(1) and sending a large amount of invalid data to a common communication port of the WIFI module, wherein the continuous data sending time exceeds 10 minutes, and the continuous data packet length exceeds 2 Kbytes.

(2) The same data packet is repeatedly transmitted for a continuous transmission time exceeding 10 minutes.

(3) And continuously sending instructions for changing WIFI functions such as power on and power off, wherein the continuous control time exceeds 3 minutes, and the interval time of the continuous control instructions is less than 5S.

The control time may be a duration of the handover control. For example: for the instruction of frequent switching control, the continuous control time may be more than three minutes.

Optionally, when the suspicious IP is detected, the suspicious IP is directly uploaded to the server. The server integrates the regions and the number of the suspicious IP, and when a large number of devices (for example, whether the devices are large or not is determined according to a set firewall rule or whether the devices are large or not is determined according to a set fixed value) are detected to be possibly attacked, the server issues an abnormal IP filtering instruction to the region module, so that the WIFI module can commonly prevent the suspicious IP. The prevention mode needs interaction between the server and the WIFI module and data analysis of the server, and is called immune alarm for short.

In an optional example, the firewall technology of the embedded WIFI module may further include: the server and the WIFI modules share safety data, when the server detects that a large number of devices in a certain area are abnormal or a large number of online devices give an alarm, an emergency safety precaution level instruction is immediately issued to each online WIFI module device, and the WIFI modules are automatically off-line for 1 minute after receiving the emergency safety precaution instruction. And automatically connecting the network to the server again after 1 minute, and if the emergency precaution alarm of the server is received again, then connecting the network to the server again for 1 minute again, and circulating.

In an optional example, the firewall technology of the embedded WIFI module may further include: if the server detects serious system loopholes or data key leakage or definite abnormal attack, the server starts the highest security level function, the server sends a private key transformation instruction to the online WIFI equipment at the moment, and the WIFI module transforms the private key of the encrypted data according to a set rule after receiving the highest security instruction of the server. Wherein the setting rule is defined as: the existing private key is changed into another private key according to a preset algorithm, and the APP can also calculate a new private key after the change by using the preset algorithm.

Meanwhile, the APP prompts the user to replace the private key of the intelligent household appliance according to the specified operation (in this point, a new private key is completely generated). The rule for transforming the private key of the encrypted data cannot be used in a conventional state, and can be started only under the serious security vulnerability of the system.

Meanwhile, the method for changing the private key is effective at one time, the server issues an instruction to all online WIFI modules to change the private key and simultaneously tells the WIFI modules which algorithm the serial numbers need to use, and the algorithm is effective at one time.

In an optional example, the firewall technology of the embedded WIFI module may further include: the firewall program of the module is upgraded separately at regular intervals. The WIFI module is periodically connected with a server to upgrade programs of the firewall rule part, so that the safety and reliability of the equipment are guaranteed to the maximum extent under the condition that normal use is not influenced.

Since the processing and functions of the electrical apparatus of this embodiment are basically corresponding to the embodiments, principles and examples of the security method of the electrical apparatus shown in fig. 1 to fig. 12 or the security device of the electrical apparatus shown in fig. 13, no details are given in the description of this embodiment, and reference may be made to the related descriptions in the foregoing embodiments, which are not repeated herein.

Through a large number of tests, the technical scheme of the invention predicts the unfavorable intention and prevents in advance by monitoring the communication process of the household appliance.

According to an embodiment of the present invention, a security method of a server matching with the security method of the electrical appliance is provided, as shown in fig. 14, which is a schematic flow diagram of an embodiment of the security method of the server according to the present invention. The security method of the server can comprise the following steps:

in step S1310, an IP address of a sender that is reported by the electrical appliance and does not conform to the instruction of the communication protocol is received.

In step S1320, the area and the actual number of the electrical appliances reporting the IP address are obtained.

At step S1330, it is determined whether the actual number exceeds a first set number specified by the communication protocol.

At step S1340, when the actual number exceeds the first set number, an IP filtering instruction is issued to the appliances of the area.

For example: and the server reports the IP address according to the electric appliance. And determining the region and the actual number of the electric appliances reporting the IP addresses. It is determined whether the actual number exceeds a first set number specified by the communication protocol. And when the actual number exceeds the first set number, issuing an IP filtering instruction to the electric appliances in the region.

For example: the server integrates the regions and the number of the suspicious IP, and when a large number of devices (for example, whether the devices are large or not is determined according to a set firewall rule or whether the devices are large or not is determined according to a set fixed value) are detected to be possibly attacked, the server issues an abnormal IP filtering instruction to the region module, so that the WIFI module can commonly prevent the suspicious IP. The prevention mode needs interaction between the server and the WIFI module and data analysis of the server, and is called immune alarm for short.

For example: the intelligent household electrical appliance is provided with an active safety strategy, and the prevention of basic abnormal instructions is realized.

Therefore, by filtering the IP address of the sending end which does not conform to the instruction of the communication protocol, the influence of the malicious IP address on the normal operation and the safety performance of the electric appliance caused by continuously sending invalid data can be avoided, the operation safety of the electric appliance is high, and the energy consumption increased by the processing of the subsequent invalid data is saved.

In an alternative embodiment, the method may further include: and a process of transmitting the security instruction.

Optionally, a specific process of sending the security instruction may be further described with reference to a flowchart of an embodiment of sending the security instruction in the method of the present invention shown in fig. 15.

Step S1410 receives the own communication status shared by the electric appliances in any area.

Step S1420, determining whether the current number of the communication states of the electric appliances in any area that do not conform to the normal state defined by the communication protocol exceeds a second set number.

And step S1430, when the current number exceeds the second set number, issuing a safety precaution command to the communication module of each electric appliance in the region.

For example: the server and the WIFI modules share safety data, when the server detects that a large number of devices in a certain area are abnormal or a large number of online devices give an alarm, an emergency safety precaution level instruction is immediately issued to each online WIFI module device, and the WIFI modules are automatically off-line for 1 minute after receiving the emergency safety precaution instruction. And automatically connecting the network to the server again after 1 minute, and if the emergency precaution alarm of the server is received again, then connecting the network to the server again for 1 minute again, and circulating.

Therefore, the electric appliance is restarted according to the safety precaution instruction, so that active protection and passive protection of the electric appliance are achieved, and the electric appliance is high in reliability and good in safety.

In an alternative embodiment, the method may further include: and sending the private key transformation instruction.

Optionally, a specific process of sending the private key transformation instruction may be further described with reference to a flowchart of an embodiment of sending the private key transformation instruction in the method of the present invention shown in fig. 16.

Step S1510, determining whether a set dangerous situation occurs in the communication process of the electrical appliance.

Wherein the dangerous situation may include at least one of: and (4) system bugs exceeding a set degree, data keys are leaked, and abnormal attacks conforming to a set attack mode are achieved.

And step S1520, when the dangerous situation occurs in the communication process of the electric appliances, sending a private key transformation instruction to the communication modules of the electric appliances on line.

The private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

For example: and when detecting that any dangerous situation occurs in the communication of the electric appliance, the server sends a private key transformation instruction to a communication module of the online electric appliance. Wherein the dangerous situation may include: and (4) system bugs exceeding a set degree, data keys are leaked, and abnormal attacks conforming to a set attack mode are achieved. The private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

For example: if the server detects serious system loopholes or data key leakage or definite abnormal attack, the server starts the highest security level function, the server sends a private key transformation instruction to the online WIFI equipment at the moment, and the WIFI module transforms the private key of the encrypted data according to a set rule after receiving the highest security instruction of the server. Wherein the setting rule is defined as: the existing private key is changed into another private key according to a preset algorithm, and the APP can also calculate a new private key after the change by using the preset algorithm.

For example: the APP prompts the user to replace the private key of the intelligent household appliance according to the specified operation (in this point, a new private key is completely generated). The rule for transforming the private key of the encrypted data cannot be used in a conventional state, and can be started only under the serious security vulnerability of the system.

For example: the method for changing the private key is effective at one time, the server issues instructions to all online WIFI modules to change the private key and simultaneously tells the WIFI modules the algorithm with the serial number, and the algorithm is effective at one time.

Therefore, the communication safety and reliability can be further improved by transforming the private key according to the private key transformation instruction, and the humanization is good.

In an alternative embodiment, the method may further include: and upgrading the firewall program of the electric appliance connected to the electric appliance.

For example: and periodically upgrading the firewall program of the embedded WIFI module so as to continuously update the firewall policy.

For example: the firewall program of the module is upgraded separately at regular intervals. The WIFI module is periodically connected with a server to upgrade programs of the firewall rule part, so that the safety and reliability of the equipment are guaranteed to the maximum extent under the condition that normal use is not influenced.

The firewall program may be the firewall rule or a firewall protocol defined in the communication protocol.

Therefore, the ability of defending against external intruders can be improved by upgrading the firewall program of the self, and the reliability and the safety of the operation of the self are improved.

Since the processing and functions of the security method of the server in this embodiment are basically corresponding to the embodiments, principles and examples of the security method of the electrical appliance shown in fig. 14 to 16, reference may be made to the related descriptions in the foregoing embodiments for details in the description of this embodiment, which are not described herein again.

After a large number of tests, the technical scheme of the embodiment is adopted, and the firewall program of the embedded WIFI module is periodically upgraded so as to continuously update the firewall policy.

According to the embodiment of the invention, the security device of the server corresponding to the security method of the server is also provided. Fig. 17 is a schematic structural diagram of an embodiment of a security device of a server according to the present invention. The security protection device of this server can include: a second transceiving unit 202 and a second determining unit 204.

In an optional example, the second transceiver unit 202 may be configured to receive an IP address of a sender that is reported by the electrical appliance and does not conform to the instruction of the communication protocol. The detailed function and processing of the second transceiver unit 202 are shown in step S1310.

In an optional example, the second determining unit 204 may be configured to obtain a region and an actual number of the appliances reporting the IP address. The specific functions and processes of the second transceiver unit 202 are shown in step S1320.

In an optional example, the second determining unit 204 may be further configured to determine whether the actual number exceeds a first set number specified by the communication protocol. The specific function and processing of the second determination unit 204 are also referred to in step S1330.

In an optional example, the second transceiver unit 202 may be further configured to issue an IP filtering instruction to the appliances in the area when the actual number exceeds the first set number. The detailed functions and processes of the second transceiver unit 202 are also shown in step S1340.

In an alternative embodiment, the method may further include: and a process of transmitting the security instruction.

In an optional example, the second transceiver unit 202 may be further configured to receive a self communication status shared by the appliances in any area. The detailed functions and processes of the second transceiver unit 202 are also shown in step S1410.

In an optional example, the second determining unit 204 may be further configured to determine whether a current number of communication states of the electrical appliances in any area that do not conform to the normal state specified by the communication protocol exceeds a second set number. The specific function and processing of the second determination unit 204 are also referred to in step S1320.

In an optional example, the second transceiver unit 202 may be further configured to issue a safety precaution command to a communication module of each electrical appliance in the area when the current number exceeds the second set number. The detailed functions and processes of the second transceiver unit 202 are also shown in step S1430.

In an alternative embodiment, the method may further include: and sending the private key transformation instruction.

In an optional example, the second determining unit 204 may be further configured to determine whether a set dangerous situation occurs in the communication process of the electrical appliance. The specific function and processing of the second determination unit 204 are also referred to in step S1520.

Wherein the dangerous situation may include at least one of: and (4) system bugs exceeding a set degree, data keys are leaked, and abnormal attacks conforming to a set attack mode are achieved.

In an optional example, the second transceiver unit 202 may be further configured to send a private key transformation instruction to a communication module of each online appliance when the dangerous situation occurs in the communication process of the appliance. The specific functions and processes of the second transceiver unit 202 are also shown in step S1540.

The private key transformation instruction carries a setting algorithm required by each online electric appliance communication module, and/or a setting algorithm serial number corresponding to the setting algorithm, and/or a setting algorithm aging of the setting algorithm.

In an optional embodiment, the second determining unit 204 may be further configured to upgrade a firewall program of an appliance connected to the second determining unit.

Since the processing and functions of the security device of the server in this embodiment are basically corresponding to the embodiments, principles and examples of the security method of the server shown in fig. 14 to 16, reference may be made to the related descriptions in the foregoing embodiments for details which are not described in detail in the description of this embodiment, and thus are not described herein again.

Through a large number of tests, the technical scheme of the invention is adopted, and the household appliance is connected with the server to carry out state sharing, so that the immune transmission (vaccination) of the intelligent equipment in the whole network is carried out.

According to the embodiment of the invention, the invention further provides a server corresponding to the security method of the server or the security device of the server. The server may include: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; the instructions are stored in the memory, and loaded and executed by the processor. Alternatively, the server may include: the security device of server.

Since the processing and functions implemented by the server in this embodiment substantially correspond to the embodiments, principles, and examples of the security method of the server shown in fig. 14 to 16 or the security device of the server shown in fig. 17, details are not described in this embodiment, and reference may be made to the related description in the foregoing embodiments, which are not described herein again.

Through a large number of tests, the technical scheme of the invention is adopted, and the intelligent household electrical appliance is provided with an active safety strategy, so that the prevention of basic abnormal instructions is realized.

According to the embodiment of the invention, a storage medium corresponding to the security method of the electric appliance or the security method of the server is further provided. The storage medium may include: the storage medium has stored therein a plurality of instructions.

The plurality of instructions are used for loading and executing the security method of the electric appliance by the processor or the security method of the server by the processor.

Since the processing and functions implemented by the storage medium of this embodiment substantially correspond to the embodiments, principles, and examples of the security method of the electrical appliance shown in fig. 1 to 12 or the security method of the server shown in fig. 14 to 16, the description of this embodiment is not detailed, and reference may be made to the related description in the foregoing embodiments, which is not repeated herein.

Through a large number of tests, the technical scheme of the invention is adopted to realize the reliable and safe operation of the intelligent household appliance by combining the active protection and the passive safety protection.

In summary, it is readily understood by those skilled in the art that the advantageous modes described above can be freely combined and superimposed without conflict.

The above description is only an example of the present invention, and is not intended to limit the present invention, and it is obvious to those skilled in the art that various modifications and variations can be made in the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (14)

1. A security method of an electric appliance is characterized by comprising the following steps:

receiving an instruction for controlling the electric appliance;

determining whether the command conforms to the communication protocol according to the communication protocol of the communication module of the electric appliance, wherein the determining comprises the following steps: when more than one instruction is continuously received, acquiring the interval time between two adjacent instructions; determining whether the interval time is less than or equal to a first set time specified by the communication protocol; when the interval time is less than or equal to the first set time, checking more than one continuously received instruction to determine whether more than one instruction conforms to the communication protocol;

and when the instruction does not accord with the communication protocol, processing the instruction so as to realize security treatment on the electric appliance.

2. The method of claim 1,

processing the instruction, including:

discarding or deleting instructions that do not conform to the communication protocol; and/or the presence of a gas in the gas,

not responding to instructions that do not conform to the communication protocol.

3. The method of claim 2, wherein verifying more than one of the instructions received in succession comprises:

acquiring a current check value of a current instruction and a previous check value of a previous instruction in more than one continuously received instructions;

determining whether the current check value is the same as the previous check value;

when the current check value is the same as the previous check value, determining that the current instruction and/or the previous instruction do not conform to the communication protocol;

and/or the presence of a gas in the gas,

acquiring a single random value of each instruction in more than one continuously received instruction;

determining whether one or more single random values corresponding to one or more instructions have the same single random value;

when there is the same one-time random value in more than one-time random value, determining that several instructions corresponding to the same several one-time random values do not conform to the communication protocol.

4. The method of claim 3, wherein verifying more than one of the instructions received in succession further comprises:

when the current check value is different from the previous check value, determining whether the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length specified by the communication protocol;

when the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length, determining that the current instruction and/or the previous instruction do not conform to the communication protocol;

and/or the presence of a gas in the gas,

when the current check value is different from the previous check value, determining whether response actions corresponding to more than one continuously received instruction belong to continuous actions specified by the communication protocol;

when response actions corresponding to more than one continuously received instruction belong to the continuous actions, determining that the more than one continuously received instruction does not conform to the communication protocol;

and/or the presence of a gas in the gas,

when the current check value is different from the previous check value, determining whether the continuous sending time corresponding to more than one continuously received instruction exceeds a second set time specified by the communication protocol;

when the continuous sending time corresponding to more than one continuously received instruction exceeds the second set time, determining that the more than one continuously received instruction does not conform to the communication protocol;

and/or the presence of a gas in the gas,

for different one-time random values in more than one-time random value, determining whether the current sending sequence number of any one-time random value is increased relative to the previous sending sequence number of the previous one-time random value;

when the current sending sequence number is increased relative to the previous sending sequence number, determining whether the current amplitude of the current sending sequence number increased relative to the previous sending sequence number exceeds the set amplitude specified by the communication protocol;

and when the current amplitude exceeds the set amplitude, determining that the instruction corresponding to the current sending sequence number and/or the previous sending sequence number does not conform to the communication protocol.

5. The method of claim 4, wherein,

the communication module includes: at least one of a WIFI module, a Bluetooth module and a GPRS module;

and/or the presence of a gas in the gas,

in the communication protocol, a judgment rule of a check value and/or a judgment rule of a random value are/is further specified;

and/or the presence of a gas in the gas,

the check value includes: at least one of a CRC check value, a MD5 check value;

and/or the presence of a gas in the gas,

the continuous action comprises: at least one of continuous mode switching operation, continuous on and off, continuous upgrading operation on the communication module and continuous inquiry of electric appliance data.

6. The method of any one of claims 1-5, further comprising:

receiving an instruction with a sending sequence number of 0 of a random value;

clearing the sending sequence number of the random value in the communication protocol of the communication module;

and/or the presence of a gas in the gas,

acquiring an IP address of a sending end which does not conform to the instruction of the communication protocol;

reporting the IP address to a server; and/or the presence of a gas in the gas,

receiving an IP filtering instruction issued by the server, and filtering the IP address of the sending end which does not conform to the instruction of the communication protocol;

and/or the presence of a gas in the gas,

receiving a safety precaution instruction issued by a server;

after the self communication module is offline for a third set time, the self communication module is automatically online and is reconnected with the server;

and/or the presence of a gas in the gas,

receiving a private key transformation instruction issued by a server;

according to at least one of a set algorithm, a set algorithm serial number and a set algorithm aging carried by the private key transformation instruction, transforming the private key of the current encrypted data per se;

and/or the presence of a gas in the gas,

sharing the communication state of the server to the server; and/or the presence of a gas in the gas,

and connecting to the server to upgrade the firewall program of the communication module of the server.

7. The utility model provides a security protection device of electrical apparatus which characterized in that includes:

the first receiving and sending unit is used for receiving an instruction for controlling the electric appliance;

the first determining unit is used for determining whether the instruction conforms to the communication protocol according to the communication protocol of the communication module of the electric appliance and comprises the following steps: when more than one instruction is continuously received, acquiring the interval time between two adjacent instructions; determining whether the interval time is less than or equal to a first set time specified by the communication protocol; when the interval time is less than or equal to the first set time, checking more than one continuously received instruction to determine whether more than one instruction conforms to the communication protocol;

and the execution unit is used for processing the instruction when the instruction does not accord with the communication protocol so as to realize security treatment on the electric appliance.

8. The apparatus of claim 7,

the processing of the instruction by the execution unit specifically includes:

discarding or deleting instructions that do not conform to the communication protocol; and/or the presence of a gas in the gas,

not responding to instructions that do not conform to the communication protocol.

9. The apparatus according to claim 8, wherein the first determining unit verifies the one or more consecutively received instructions, specifically including:

acquiring a current check value of a current instruction and a previous check value of a previous instruction in more than one continuously received instructions;

determining whether the current check value is the same as the previous check value;

when the current check value is the same as the previous check value, determining that the current instruction and/or the previous instruction do not conform to the communication protocol;

and/or the presence of a gas in the gas,

acquiring a single random value of each instruction in more than one continuously received instruction;

determining whether one or more single random values corresponding to one or more instructions have the same single random value;

when there is the same one-time random value in more than one-time random value, determining that several instructions corresponding to the same several one-time random values do not conform to the communication protocol.

10. The apparatus according to claim 9, wherein the first determining unit verifies the one or more consecutively received instructions, and further includes:

when the current check value is different from the previous check value, determining whether the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length specified by the communication protocol;

when the length of single packet data corresponding to the current instruction and/or the previous instruction exceeds the set length, determining that the current instruction and/or the previous instruction do not conform to the communication protocol;

and/or the presence of a gas in the gas,

when the current check value is different from the previous check value, determining whether response actions corresponding to more than one continuously received instruction belong to continuous actions specified by the communication protocol;

when response actions corresponding to more than one continuously received instruction belong to the continuous actions, determining that the more than one continuously received instruction does not conform to the communication protocol;

and/or the presence of a gas in the gas,

when the current check value is different from the previous check value, determining whether the continuous sending time corresponding to more than one continuously received instruction exceeds a second set time specified by the communication protocol;

when the continuous sending time corresponding to more than one continuously received instruction exceeds the second set time, determining that the more than one continuously received instruction does not conform to the communication protocol;

and/or the presence of a gas in the gas,

for different one-time random values in more than one-time random value, determining whether the current sending sequence number of any one-time random value is increased relative to the previous sending sequence number of the previous one-time random value;

when the current sending sequence number is increased relative to the previous sending sequence number, determining whether the current amplitude of the current sending sequence number increased relative to the previous sending sequence number exceeds the set amplitude specified by the communication protocol;

and when the current amplitude exceeds the set amplitude, determining that the instruction corresponding to the current sending sequence number and/or the previous sending sequence number does not conform to the communication protocol.

11. The apparatus of claim 10, wherein,

the communication module includes: at least one of a WIFI module, a Bluetooth module and a GPRS module;

and/or the presence of a gas in the gas,

in the communication protocol, a judgment rule of a check value and/or a judgment rule of a random value are/is further specified;

and/or the presence of a gas in the gas,

the check value includes: at least one of a CRC check value, a MD5 check value;

and/or the presence of a gas in the gas,

the continuous action comprises: at least one of continuous mode switching operation, continuous on and off, continuous upgrading operation on the communication module and continuous inquiry of electric appliance data.

12. The apparatus of any of claims 7-11, further comprising:

the first transceiving unit is further configured to receive an instruction that a sending sequence number of the random value is 0;

the execution unit is also used for clearing the sending sequence number of the random value in the communication protocol of the communication module;

and/or the presence of a gas in the gas,

the first transceiving unit is further configured to acquire an IP address of a transmitting end that does not conform to the instruction of the communication protocol;

the first transceiver unit is further configured to report the IP address to a server; and/or the presence of a gas in the gas,

the execution unit is also used for receiving an IP filtering instruction issued by the server and filtering the IP address of the sending end which does not conform to the instruction of the communication protocol;

and/or the presence of a gas in the gas,

the first transceiving unit is also used for receiving a safety precaution command issued by the server;

the execution unit is also used for enabling the communication module to be automatically on line after being off-line for a third set time and reconnecting the server;

and/or the presence of a gas in the gas,

the first transceiving unit is also used for receiving a private key transformation instruction issued by the server;

the execution unit is also used for transforming the private key of the current encrypted data according to at least one of a set algorithm, a set algorithm serial number and a set algorithm aging carried by the private key transformation instruction;

and/or the presence of a gas in the gas,

the first transceiver unit is further configured to share a communication state of the first transceiver unit with the server; and/or the presence of a gas in the gas,

the first transceiver unit is also used for connecting to a server so as to upgrade the firewall program of the communication module of the first transceiver unit.

13. An electrical appliance, comprising:

a processor for executing a plurality of instructions;

a memory to store a plurality of instructions;

wherein the plurality of instructions are used for being stored by the memory and loaded and executed by the processor to perform the security method of the electric appliance according to any one of claims 1 to 6;

alternatively, the first and second electrodes may be,

the security device of an electric appliance according to any one of claims 7 to 12.

14. A storage medium, comprising: the storage medium has stored therein a plurality of instructions;

wherein the plurality of instructions are used for loading and executing the security method of the electric appliance according to any one of claims 1 to 6 by the processor.

Images