CN112672344A

CN112672344A - Data communication method and device between terminals

Info

Publication number: CN112672344A
Application number: CN201910945607.XA
Authority: CN
Inventors: 曾嵘; 姚耀; 刘洪峰
Original assignee: Cainiao Smart Logistics Holding Ltd
Current assignee: Cainiao Smart Logistics Holding Ltd
Priority date: 2019-09-30
Filing date: 2019-09-30
Publication date: 2021-04-16
Anticipated expiration: 2039-09-30
Also published as: CN112672344B

Abstract

The invention discloses a method and a device for data communication between terminals. Wherein, the method comprises the following steps: acquiring verification information from the second terminal, wherein the verification information comprises a user identifier of the second terminal and user system time; analyzing the verification information by using the key information; judging whether the analyzed verification information meets the operation authority opening condition or not; if the judgment result is yes, opening the operation authority; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification. The invention solves the technical problem that the mutual connection can be realized only when the data communication between the existing terminals is on line.

Description

Data communication method and device between terminals

Technical Field

The invention relates to the field of computers, in particular to a method and a device for data communication between terminals.

Background

With the continuous development of the internet of things, the technology in each field has intelligent and diversified progress. The internet of things is the internet connected with objects. Currently, mainstream internet of things schemes are interconnected through the internet, and no matter in wifi, 2g, 3g, 4g or 5g network environments, they all have the possibility of being offline, and once offline devices cannot be communicated and cannot be identified, the availability of the devices is reduced. The prior art scheme has an important disadvantage that an identification party is required to be online (networked), so that the whole system cannot be separated from the internet and can not be in a double-end closed-loop offline mode.

For example, in the current scenario that a courier operates an express self-service cabinet, the courier needs to perform identity authentication to perform operations such as express delivery and delivery on the self-service cabinet, but sometimes a base station cannot withstand the situation that a certain cabinet machine is suddenly disconnected from a network in a local network environment, so that the identity of the courier cannot be identified by the express self-service cabinet under the situation of offline from the network, the delivery of an express package is influenced, and the availability of the self-service cabinet is greatly reduced.

In view of the above problems, no effective solution has been proposed.

Disclosure of Invention

The embodiment of the invention provides a method and a device for data communication between terminals, which at least solve the technical problem that the mutual connection can be realized only when the data communication between the conventional terminals is online.

According to an aspect of the embodiments of the present invention, there is provided a method for data communication between terminals, which is applied to a first terminal, and includes: acquiring verification information from a second terminal, wherein the verification information comprises a user identifier of the second terminal and user system time; analyzing the verification information by using the key information; judging whether the analyzed verification information meets the operation authority opening condition or not; if the judgment result is yes, opening the operation authority; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

Optionally, the preset operation time range is a user operation time range corresponding to the user identifier and acquired by the first terminal.

Optionally, the operation permission starting condition further includes: the user system time is matched to the current time of the first terminal.

Optionally, the verification information includes information generated by performing an encryption operation on the user identifier and the user system time using the key information.

Optionally, the key information is stored in a secure storage area of the first terminal.

Optionally, analyzing the verification information by using the key information includes: analyzing the verification information by using a plurality of candidate key information respectively; the first terminal stores a plurality of candidate key information and corresponding pre-stored identifications.

Optionally, the step of analyzing the verification information by using the key information includes: analyzing the verification information by using the public key; searching corresponding key information by using the user identification in the analyzed verification information; and analyzing the verification information by using the searched key information.

Optionally, the opening operation authority includes: displaying a user interface allowing operation; and/or display information that allows the connection.

According to another aspect of the embodiments of the present invention, there is also provided a method for data communication between terminals, which is applied to a second terminal, and includes: generating verification information by using the key information, the user identification and the user system time, wherein the verification information comprises the user identification of the second terminal and the user system time, and sending the verification information; the verification information is used for the first terminal to perform analysis and used for the first terminal to judge whether the analyzed verification information meets the operation authority opening condition; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

Optionally, the key information is a key shared by the first terminal and the second terminal.

Optionally, the first terminal includes multiple candidate key information, and each candidate key information is associated with one pre-stored identifier.

According to another aspect of the embodiments of the present invention, there is also provided a data communication method applied to a logistics object management device, including: acquiring verification information from the handheld terminal, wherein the verification information comprises a user identifier of the handheld terminal and user system time; analyzing the verification information by using the key information of the logistics object management equipment; judging whether the analyzed verification information meets the operation authority opening condition or not; if the judgment result is yes, opening the operation authority; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

According to another aspect of the embodiments of the present invention, there is also provided an inter-IoT device data communication method, applied to a first IoT device, including: obtaining authentication information from the second IoT device, wherein the authentication information comprises a user identifier and a user system time of the second IoT device; parsing the authentication information using the key information of the first IoT device; judging whether the analyzed verification information meets the operation authority opening condition or not; if the judgment result is yes, opening the operation authority; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

According to another aspect of the embodiments of the present invention, there is also provided a data communication method between terminals, applied to a donated item management device, including: acquiring verification information from the handheld terminal, wherein the verification information comprises a user identifier of the handheld terminal and user system time; analyzing the verification information by using the key information; judging whether the analyzed verification information meets the operation authority opening condition or not; if the judgment result is yes, opening the operation authority; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; the system time of the user is in a preset operation time range corresponding to the user identification; the preset operation time range is a user operation time range which is acquired by the donation item management device from the server and corresponds to the user identifier, and the user operation in the user operation time range comprises delivery of donation items.

According to another aspect of the embodiments of the present invention, there is also provided a method for data communication between terminals, which is applied to a first terminal, and includes: acquiring verification information from the second terminal, wherein the verification information comprises a user identifier of the second terminal; analyzing the verification information by using the key information; judging whether the analyzed verification information meets the operation authority opening condition or not; if the judgment result is yes, opening the operation authority; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; wherein the key information is stored in a secure storage area of the first terminal.

Optionally, the analyzed verification information includes a system time of the user of the second terminal, and the operation permission starting condition further includes: the user system time is matched to the current time of the first terminal.

According to another aspect of the embodiments of the present invention, there is also provided a data communication apparatus between terminals, including: the acquisition module is used for acquiring verification information from the second terminal, wherein the verification information comprises a user identifier of the second terminal and user system time; the analysis module is used for analyzing the verification information by using the key information; the judging module is used for judging whether the analyzed verification information meets the operation authority opening condition or not; the execution module is used for opening the operation authority if the judgment result is yes; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

According to another aspect of the embodiments of the present invention, there is also provided a non-volatile storage medium, including a stored program, where the program controls, when running, an apparatus in which the non-volatile storage medium is located to execute the method

According to another aspect of the embodiments of the present invention, there is also provided a computing device, including: a memory having a computer readable program stored therein; a processor for executing the computer readable program, wherein the computer readable program when executed performs the method.

In the embodiment of the invention, the operation authority is opened by adopting the means of matching whether the user identifier in the verification information is consistent with the prestored identifier associated with the key information or not and judging whether the time information in the verification information is matched or not, so that the aim of identifying the identity in an off-line state is fulfilled, the technical effect of identifying the identity when equipment is off-line is realized, and the technical problem that the mutual connection can be realized only when the data communication between the conventional terminals is on line is solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

FIG. 1 is a schematic diagram of offline reverse scanning interaction between different terminals according to an embodiment of the present invention;

fig. 2 is a schematic diagram of offline authentication between IoT devices in accordance with an embodiment of the present invention;

fig. 3 is a flowchart of a method for data communication between terminals applied to a first terminal according to an embodiment of the present invention;

fig. 4 is a flowchart of a method of data communication between terminals applied to a second terminal according to an embodiment of the present invention;

fig. 5 is a flowchart of a data communication method applied to a logistics object management apparatus according to an embodiment of the present invention;

fig. 6 is a flowchart of a data communication method between IoT devices applied to a first IoT device according to an embodiment of the present invention;

fig. 7 is a flowchart of a data communication method between terminals applied to a donated goods management apparatus according to an embodiment of the present invention;

fig. 8 is a flowchart of another method for data communication between terminals applied to a first terminal according to an embodiment of the present invention;

fig. 9 is a block diagram of a data communication apparatus between terminals according to an embodiment of the present invention;

fig. 10 schematically shows a block diagram of a terminal device for performing the method according to the invention;

fig. 11 schematically shows a storage unit for holding or carrying program code implementing the method according to the invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

In accordance with an embodiment of the present invention, there is provided an embodiment of a method for data communication between terminals, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that herein.

Fig. 1 is a schematic diagram of an optional offline reverse scanning interaction between different terminals according to an embodiment of the present invention, as shown in fig. 1, for example, in a package delivery scenario, a user (e.g., a courier) scans a two-dimensional code of a mobile phone end 14 of the user by using a gun 12 (also referred to as a scanning gun, a bargun, or the like, which is a handheld scanning device of the courier or a scanning device integrated with a self-service container 10), and returns two-dimensional code information collected by the gun 12 to the self-service container 10 storing the package.

Specifically, the two-dimensional code verification information displayed on the interface of the mobile phone end 14 of the user is scanned and collected by the gun 12 and sent to the processing system of the self-service cabinet 10, and the self-service cabinet 10 judges whether to start the operation authority of the self-service cabinet 10 according to the two-dimensional code verification information, so that the user of the mobile phone end 14 generating the verification information can operate various functions of the self-service cabinet.

In some embodiments of the present invention, when the verification information is generated by the mobile phone end 14 of the user, the two-dimensional code verification information may be generated by using the shared key and the user name of the user according to an OTP or TOTP algorithm, and when the self-service cabinet 10 parses the verification information, the user information is obtained by using an OTP or TOTP reverse parsing method, so as to verify whether the user is a user with an operation right.

Fig. 2 is a schematic diagram of offline authentication between IoT devices according to an embodiment of the present invention. Specifically, the verification method provided by the embodiment of the invention can also be applied to the field of IoT devices, and in an IoT device scenario, as shown in fig. 2, the first IoT device is, for example, a sweeping robot, the second IoT device is, for example, an intelligent air conditioner, when the intelligent air conditioner sends verification information to the sweeping robot, the sweeping robot receives the verification information and reversely parses the verification information according to a TOTP algorithm, and after verification, an operation authority is turned on to the intelligent air conditioner, and the intelligent air conditioner can control the work of the sweeping robot according to the requirements of a user.

The following is a description of several examples.

First embodiment

Fig. 3 is a data communication method between terminals according to an embodiment of the present invention, and as shown in fig. 3, the data communication method between terminals is applied to a first terminal, and the method may include the following steps:

step S302, obtaining the verification information from the second terminal, wherein the verification information comprises the user identification and the user system time of the second terminal.

Specifically, the second terminal may be a mobile terminal of the user, such as a mobile phone, a tablet computer, and a smart watch, or may be a terminal with a computing function, such as a PC terminal, an IoT device, and the like. The second terminal generates a verification message for identifying the second terminal identity through an intelligent processing function, the verification message is composed of user system time and user identification information through encryption of key information, wherein the key information can be a shared key in a TOTP algorithm, namely the shared key information which is commonly used for an authentication terminal and an authenticated terminal.

OTP, known as One-Time-Password, also called dynamic Password, generates an unpredictable random number combination at regular intervals (e.g., 60 seconds) according to a special algorithm. The TOTP (Time-based One-Time-Password) is an algorithm for calculating a One-Time Password from a shared key and a current Time by adding Time information on the basis of an OTP algorithm, and is based on a hashed message authentication code, and combines the shared key and a current Time stamp using a cryptographic hash function to produce the One-Time Password.

In addition, the verification information from the second terminal contains a user identifier and user system time, the user identifier can be a user ID, the user ID in the verification information of the second terminal is matched with a pre-stored user ID locally associated with the key information of the first terminal, whether the two user IDs are consistent or not is judged, and if the two user IDs are consistent, the subsequent operation steps are continued. The user system time is the real-time system time of the second terminal, and when the second terminal generates the verification information, the verification information includes the user ID and the time of the current user system, so as to facilitate the execution of the subsequent verification and analysis steps.

Specifically, the authentication information may be obtained by encrypting the user name ID of the user and timestamp information of a system in which a current program (e.g., software, APP) used by the user with key information. When the user registers user information in the first terminal, the first terminal generates a user identifier special for identifying the user according to the user information; the time stamp information is a parameter generated from time information in the first terminal and the second terminal. For example, when the second terminal is a mobile terminal of a mobile phone, the mobile phone processor encrypts the two parameters, i.e., the user ID of the user currently needing authentication and the time of the current region (the timestamp information on the first terminal/the second terminal), by using the shared key in the TOTP algorithm, so as to generate a dynamic two-dimensional code. The specific process is that when a user operates an 'authentication' button in a mobile phone screen, the mobile phone generates a dynamic two-dimensional code through calculation of a shared key with a shared key of '45 @ 6' according to the current time, for example, 3 pm (3:40pm) and user ID10001 at 3 pm, and displays the two-dimensional code on the mobile phone screen so as to be authenticated by a first terminal, so that the two-dimensional code is encrypted by the shared key of '45 @ 6' through the key of 3:40pm and 10001, and a character string is generated and converted into the two-dimensional code for display.

The TOTP algorithm is generally used in information encryption and decryption, and is an algorithm for calculating a one-time password from a shared key and a current time, and is based on a hashed message authentication code, and combines the shared key and a current time stamp using a cryptographic hash function to produce the one-time password.

The verification information generated by the second terminal may also be a barcode or an encrypted character string, or may be in other forms, for example, a password signal is converted into a signal in other forms to be sent out, that is, as long as the information used for identification and authentication can be generated in an encrypted manner, the information is covered within the scope of the embodiment of the present invention.

In some embodiments, information may be communicated directly between the first terminal and the second terminal. In other embodiments, the first terminal and the second terminal may communicate information indirectly through a third terminal. For example, in a scenario where a courier operates a self-service cabinet, the courier may use a special scanning device (e.g., the aforementioned gun) to read a two-dimensional code generated by a current mobile phone and send the two-dimensional code to the self-service cabinet.

Specifically, as shown in fig. 1, the two-dimensional code verification information displayed on the APP interface of the mobile phone end 14 of the courier is acquired by scanning the gun scanning device 12, and the verification information is sent to the self-service cabinet 10, and the self-service cabinet 10 determines whether to open the operation authority of the self-service cabinet 10 according to the verification information generated by the mobile phone end 14 of the courier, so that the mobile phone end user generating the verification information operates each function of the self-service cabinet.

The third terminal may also be a signal receiving device of another form, which is not limited herein.

Specifically, in other embodiments, as shown in fig. 2, the first and second terminals may also be IoT devices, for example, in an offline state, the intelligent air conditioner sends an identity authentication request to the sweeping robot through the signal transmitter, the sweeping robot performs offline determination according to the request sent by the intelligent air conditioner to determine whether the intelligent air conditioner can be authenticated as a device authorized to operate, and when the authentication is passed, the air conditioner may issue a work instruction to the sweeping robot.

In step S304, the authentication information is parsed using the key information.

Specifically, when parsing is performed according to the verification information obtained in step S302, the first terminal parses the verification information one by using a plurality of pieces of key information with pre-stored identifiers stored in the local storage area of the first terminal, and performs analysis and processing in subsequent steps until parsing is completed.

A plurality of pieces of key information stored locally by the first terminal may be stored in the local MySQL database system, for example, the key information a is associated with the user ID10001, then the user ID10001 is stored in an element column in the MySQL database structure table as a pre-stored identifier of the key information a, when the verification information is sent by the user ID10001, the first terminal may call all the key information in the database to perform one-to-one analysis according to the obtained verification information, and in this case, when the verification information of the user ID10001 meets the key information a stored locally by the first terminal, the analysis is successful.

It should be further noted that the pre-stored identifier may be user ID information, or may be other user data associated with the second end user APP, that is, only one-to-one analysis of the key information is matched through the pre-stored identifier.

Specifically, when the public key is used for analyzing the verification information generated by the second terminal, the user identifier in the verification information can be analyzed, then the obtained user identifier is used for searching the user identifier key in the local database of the first terminal, so as to obtain the key information associated with the user identifier, and finally the key information associated with the user identifier is used for analyzing the verification information.

The public key is a kind of common key information corresponding to the key information with the pre-stored identification, and the public key can be used for analyzing the verification information sent by the second terminal of any user, and the user identification in the verification information can be simply analyzed from the verification information for subsequent processing.

The key information associated with the user identifier parsed by the public key is a plurality of key information stored locally by the first terminal, and the information may be stored in a local MySQL database system, for example, the key information a is associated with the user ID10001, then the user ID10001 is stored in an element column in a MySQL database structure table as a pre-stored identifier of the key information a, when the verification information is sent by the user ID10001, the first terminal parses the verification information according to the public key and obtains the user ID10001, and then performs subsequent parsing steps according to the key information corresponding to the user ID10001 in the database.

Step S306, judging whether the analyzed verification information meets the operation authority opening condition;

the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

According to the embodiment of the present invention, the user system time in step S306 is the time information when the second terminal user system generates the verification information, for example, when the user and the 14 o 'clock in 3/12/2018 system form the verification information, the user system time information is the 14 o' clock in 12/3/2018, that is, the operation permission enabling condition is whether the user system time information belongs to the time information which is specified in the first terminal system and in which the user can enable the permission operation, which is a matching relationship of a time range and is used for specifying the verification work of the second terminal of the user within the time range in which the first terminal allows the verification work, so as to improve the communication security of the first terminal.

Specifically, the first terminal may obtain an operation time range sent by the user to the first terminal corresponding to the user identifier, where the time range may be a certain time period, for example, between 14 to 15 points, the user will operate the first terminal, and at this time, the first terminal will check whether the authentication information matches the time period for the user system time, so as to further determine the authenticity of the user.

It should be noted that, the user corresponding to the user identifier may set the preset operation time range to several time periods in one day, but is not limited to a certain time period, for example, the user corresponding to the user identifier sets the preset operation time range in the first terminal to 9 to 10 points and 14 to 15 points, that is, when the user performs the first terminal authentication in these two time periods, the first terminal may allow the user to perform the relevant operation after the authentication passes.

Specifically, matching the user system time with the current time of the first terminal refers to comparing the system time information of the second terminal of the user with the current system time information in the first terminal to ensure time consistency between the first terminal and the user system.

It should be noted that, the matching between the system time of the user and the current time of the first terminal may be performed by comparing two time information and determining a matching result according to whether the two time information are consistent, or may be performed by matching two times and determining a matching result according to whether a difference between the two times is within a preset error.

For example, when the current time of the first terminal is 14: 55 minutes, the system time of the user is 14: 52 minutes, and the preset error can be 5 minutes faster or slower than the two times, then the two times meet the setting of the error of 5 minutes, and a result of successful matching is generated. For another example, the error may not be limited to 5 minutes, or may be 1 hour, and one or both of the times may be blurred, for example, the 14 th point 55 and the 14 th point 52 may be blurred to between 14 th point 50 and 15 th point 00, so as to generate a result of successful matching.

Specifically, a storage area of the first terminal may be configured by using a TEE (secure storage area) technology, the secure storage area is used to encrypt the key information in a hardware encryption manner, the key information storage area is a secure storage area, and is physically isolated from a system storage area, and the secure storage area is used for hardware encryption, so that the hardware encryption cannot be cracked. When the first terminal (for example, an express delivery cabinet) is in a long-term unattended state, if nobody finds the first terminal after being stolen and robbed, the key may be cracked, and the first terminal and the articles therein are lost. However, if the key information adopts a hardware encryption method, the possibility of being cracked does not exist, so that the probability of loss caused by stealing the first terminal is reduced.

In addition, for step S306, since the verification information of the second terminal includes the user identifier and the timestamp information, where the timestamp information may be current time information, for example, time of a current region displayed in the second terminal and the first terminal, after the first terminal analyzes the verification information, the first terminal compares the current time information in the verification information obtained after the analysis with local time information of the first terminal, and performs the next analysis and processing according to whether the current time information is consistent with the local time information of the first terminal.

For example, when the time for producing the verification information by the user's mobile phone is 3:40pm, the time information contained in the authentication information is 3:40pm, when the second terminal analyzes the verification information, 3: and 40pm is time information of the verification information, and meanwhile, the time information is compared with local time information of the second terminal to generate a matching result.

In the above embodiment of the present invention, the matching result may return "matching success" or "matching failure", or may be fed back according to the matching degree of the key information. When the complexity of the first key information is high, the matching degree value can be obtained by analyzing the matching result by using the processor in order to eliminate the possibility of errors, and whether the matching is successful or not is judged according to a preset threshold value. And when the matching degree value exceeds a preset threshold value, the matching is considered to be successful.

In step S308, if the determination result is yes, the operation authority is turned on.

Specifically, according to the matching result obtained in S306, when the first terminal determines that the matching is successful, the authentication of the current authenticated user is passed, and the operation right for the first terminal is opened for the user.

For example, the first terminal performs matching authentication on a two-dimensional code (verification information) generated by a mobile phone terminal with the user ID10001, displays "the user ID10001 is authenticated through" on the screen of the first terminal, and enters a second terminal operation main interface according to the operation of the user. The first terminal can be a package self-service cabinet, the user can be a courier needing to put in packages, and after the self-service cabinet passes through identity authentication of the courier, an operation main interface appears, and all relevant operations of putting in the packages can be provided for the courier.

According to an embodiment of the present invention, it should be further noted that the method may further include: and judging whether the first terminal is in a network connection state, and executing the steps shown in fig. 3 when the first terminal is judged not to be in the network connection state. The determining whether the first terminal is in the network connection state may be sending a detection response signal to the server terminal through a fixed frequency, and determining that the network connection state of the first terminal is not in the network connection state after the detection response signal of the server is not received for a certain time.

Through the steps of the embodiment of the invention, the technical effect that the user can still be identified when the equipment (such as a self-service cabinet) is offline can be realized.

Second embodiment

According to another aspect of the embodiments of the present invention, as shown in fig. 4, there is also provided a method for data communication between terminals, applied to a second terminal, including:

step S402, generating verification information by using the key information, the user identification and the user system time, wherein the verification information comprises the user identification of the second terminal and the user system time;

the second terminal may be a mobile terminal held by a user, such as a mobile phone, a tablet computer, a smart watch, or the like, or may be another type of smart terminal with a computing function, such as a PC terminal, an IoT device, or the like. The second terminal generates a verification message for identifying the second terminal identity through an intelligent processing function, the verification message is composed of user system time and user identification information through encryption of key information, wherein the key information can be a shared key in a TOTP algorithm, namely the shared key information which is commonly used for an authentication terminal and an authenticated terminal.

Step S404, sending verification information;

the verification information is used for the first terminal to perform analysis and used for the first terminal to judge whether the analyzed verification information meets the operation authority opening condition;

Specifically, the second terminal may send the verification information to the first terminal through a remote communication protocol, or may scan and collect the verification information generated by the second terminal through a third terminal, for example, a scanning device such as a gun.

Specifically, the authentication information may be a user name ID of the user and time stamp information of the system that are encrypted by using key information to obtain a final encryption result, which is the authentication information. When the user registers user information in the first terminal, the first terminal generates a user identifier special for identifying the user according to the user information; the timestamp information of the current APP system is a parameter generated from time information in the first terminal and the second terminal. For example, when the second terminal is a mobile terminal of a mobile phone, the mobile phone processor encrypts the two parameters, i.e., the user ID of the user currently needing authentication and the time of the current region (the timestamp information on the first terminal and the second terminal), by using the shared key in the TOTP algorithm, so as to generate a dynamic two-dimensional code. The specific process is that when a user operates an authentication button in a mobile phone screen, the mobile phone generates a dynamic two-dimensional code by calculating a shared key of 45@6 according to current time at 3 pm 40(3:40pm) and user ID10001, and displays the two-dimensional code on the mobile phone screen so as to be authenticated by a first terminal, so that the two-dimensional code is encrypted by 3:40pm and 10001 through 45@6, and a character string is generated and converted into the two-dimensional code for display.

Optionally, the first terminal includes a plurality of candidate key information, and each candidate key information is associated with one of the pre-stored identifiers.

Specifically, the first terminal analyzes the verification information one by using a plurality of pieces of key information which are stored in a local storage area of the first terminal and are associated with pre-stored identifications, and the subsequent steps are analyzed and processed until the analysis is finished.

It should be noted that a plurality of pieces of key information stored locally by the first terminal may be stored in the local MySQL database system, for example, the key information a is associated with the user ID10001, and then the user ID10001 is stored in an element column in the MySQL database structure table as a pre-stored identifier of the key information a, when the verification information is sent by the user ID10001, the first terminal may call all the key information in the database to perform one-to-one analysis according to the obtained verification information, and in this case, when the verification information of the user ID10001 meets the key information a stored locally by the first terminal, the analysis is successful.

Third embodiment

According to another aspect of the embodiments of the present invention, as shown in fig. 5, there is also provided a data communication method applied to a logistics object management apparatus, including:

step S502, obtaining verification information from the handheld terminal, wherein the verification information comprises a user identification and a user system time of the handheld terminal;

in particular, the handheld terminal may be a mobile terminal of a user, such as a mobile phone, a tablet computer, a smart watch, and the like. The hand-held terminal generates verification information for identifying the identity of the hand-held terminal through an intelligent processing function, the verification information is composed of user system time and user identification information through encryption of key information, wherein the key information can be a shared key in a TOTP algorithm, namely common key information which is commonly used for an authentication end and an authenticated end.

In addition, the verification information from the handheld terminal contains a user identification and user system time, wherein the user identification can be a user ID, the user ID in the verification information from the handheld terminal is matched with a pre-stored user ID associated with the key information locally of the logistics object management equipment, whether the two user IDs are consistent or not is judged, and if the two user IDs are consistent, the subsequent operation steps are continued. The user system time is the real-time system time of the handheld terminal, and when the handheld terminal generates the verification information, the verification information includes the user ID and the time of the current user system, so as to facilitate the execution of the subsequent verification and analysis steps.

According to an embodiment of the present invention, the authentication information includes information generated by performing an encryption operation on the user identification and the user system time using the key information.

Specifically, the authentication information may be obtained by encrypting a user name ID of the user and timestamp information of the system by using key information. When the user registers user information in the logistics object management equipment, the logistics object management equipment generates a user identifier special for identifying the user according to the user information; the timestamp information of the system is a parameter generated by the time information in the logistics object management equipment and the handheld terminal. For example, when the handheld terminal is a mobile terminal of a mobile phone, the mobile phone processor encrypts the two parameters, i.e., the user ID of the user currently needing authentication and the time of the current area (the timestamp information on the first terminal and the second terminal), by using the shared key in the TOTP algorithm, so as to generate a dynamic two-dimensional code. The specific process is that when a user operates an 'authentication' button in a mobile phone screen, the mobile phone generates a dynamic two-dimensional code through calculation of a shared key with a shared key of '45 @ 6' according to the current time, for example, 3 pm (3:40pm) and user ID10001 at 3 pm, and displays the two-dimensional code on the mobile phone screen so as to be authenticated by a first terminal, so that the two-dimensional code is encrypted by the shared key of '45 @ 6' through the key of 3:40pm and 10001, and a character string is generated and converted into the two-dimensional code for display.

According to the embodiment of the invention, the TOTP algorithm is generally used for information encryption and decryption, is an algorithm for calculating a one-time password from a shared key and the current time, and is based on a hashed message authentication code, and the shared key and the current time stamp are combined together by using a cryptographic hash function to produce the one-time password.

The verification information generated by the handheld terminal may also be a barcode or an encrypted character string, or may be in other forms, for example, a password signal is converted into a signal in other forms to be sent out, that is, as long as the information used for identification and authentication can be generated in an encrypted manner, the information is included in the scope of the embodiment of the present invention.

In some embodiments, information can be directly transferred between the logistics object management device and the handheld terminal. In other embodiments, the logistics object management device and the handheld terminal can indirectly communicate information by connecting the gun terminal. For example, in a scenario where a courier operates a self-service cabinet, the courier may use a special scanning device (e.g., a gun) to read a two-dimensional code generated by a current mobile phone and send the two-dimensional code to the self-service cabinet.

Specifically, as shown in fig. 1, fig. 14 is an APP interface at the mobile phone end of the courier, the two-dimensional code verification information displayed on the APP interface is acquired by scanning the gun scanning device 12, and the verification information is sent to the self-service cabinet 10, and the self-service cabinet 10 determines whether to open the operation authority of the self-service cabinet 10 according to the verification information generated by the mobile phone end 14 of the courier, so that the mobile phone end user generating the verification information operates each function of the self-service cabinet.

It should be noted that the gun terminal may also be a signal receiving device in another form, and is not limited herein.

Step S504, analyzing the verification information by using the key information of the logistics object management equipment;

in this step, the logistics object management apparatus, such as a self-service container, may store therein a plurality of candidate key information, and after receiving the verification information, the verification information may be parsed using the plurality of candidate key information, respectively.

The logistics object management equipment stores a plurality of candidate key information and corresponding pre-stored identifications. Each pre-stored identity may be associated with a candidate key information. When the verification information is analyzed by using the candidate key information, and the obtained analyzed verification information contains the pre-stored identification, or the content contained in the verification information is matched with the corresponding pre-stored identification, the verification information is considered to pass the verification.

Optionally, analyzing the verification information by using the key information includes: analyzing the verification information by using a plurality of candidate key information respectively; the logistics object management equipment stores a plurality of candidate key information and corresponding pre-stored identifications.

Specifically, when parsing is performed according to the verification information obtained in step S502, the logistics object management apparatus parses the verification information one by using a plurality of pieces of key information with pre-stored identifiers stored in the local storage area of the logistics object management apparatus, and performs analysis and processing in subsequent steps until the parsing is completed.

For example, the key information a is associated with the user ID10001, then the user ID10001 is stored as a pre-stored identifier of the key information a in an element column in a MySQL database structure table, when the verification information is sent by the user ID10001, the logistics object management device may call all the key information in the database to parse the key information one by one according to the obtained verification information, and in this case, when the verification information of the user ID10001 meets the key information a locally stored by the logistics object management device, the parsing is successful.

It should be further noted that the pre-stored identifier may be user ID information, or may be other user data associated with the handheld terminal user APP, that is, only one-to-one analysis of the key information through the pre-stored identifier is required to be matched.

Specifically, when the public key is used for analyzing the verification information generated by the handheld terminal, the user identifier in the verification information can be analyzed, then the obtained user identifier is used for searching a user identifier key in a local database of the logistics object management equipment to obtain key information associated with the user identifier, and finally the key information associated with the user identifier is used for analyzing the verification information.

The public key is a kind of common key information corresponding to the key information with the pre-stored identification, and the public key can be used for analyzing the verification information sent by any one user's handheld terminal, and simply analyzing the verification information to obtain the user identification in the verification information for subsequent processing.

The key information associated with the user identifier parsed by the public key is a plurality of key information stored locally by the logistics object management device, and the information may be stored in a local MySQL database system, for example, the key information a is associated with the user ID10001, then the user ID10001 is stored in an element column in a MySQL database structure table as a pre-stored identifier of the key information a, when the verification information is sent by the user ID10001, the first terminal parses the verification information according to the public key and obtains the user ID10001, and then performs subsequent parsing steps according to the key information corresponding to the user ID10001 in the database.

Step S506, determining whether the analyzed verification information meets an operation permission opening condition, where the operation permission opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

Specifically, the analyzed verification information obtained in S504 includes a user identifier, which may be a user ID, and the user ID is matched with a pre-stored user ID associated with the key information locally by the logistics object management device according to the user ID in the verification information of the handheld terminal, and whether the two user IDs are consistent is determined, and if so, the subsequent operation steps are continued.

According to the embodiment of the present invention, the user system time in step S506 is the time information when the handheld terminal user system generates the verification information, for example, when the user generates the verification information at 14 o 'clock 56 m 3/12/2018, the user system time information is 14 o' clock 56 m 3/12/2018, that is, the operation permission enabling condition is whether the user system time information belongs to the time information which is specified in the first terminal system and in which the user can enable the permission operation, which is a matching relationship of a time range, and is used for specifying the verification work of the user handheld terminal within the time range in which the logistics object management device allows the verification work, so as to improve the communication security of the whole first terminal.

According to the embodiment of the invention, the preset operation time range is the user operation time range which is acquired by the logistics object management equipment and corresponds to the user identification.

Specifically, the logistics object management device may obtain an operation time range sent by the user to the logistics object management device corresponding to the user identifier, where the time range may be a certain time period, for example, between 14 and 15, the user may operate the logistics object management device, and at this time, the logistics object management device may check, for the user system time, whether the authentication information matches the time period, so as to further determine the authenticity of the user.

It should be noted that, the user corresponding to the user identifier may set the preset operation time range to several time periods in one day, but is not limited to a certain time period, for example, the user corresponding to the user identifier sets the preset operation time range in the logistics object management apparatus to 9 to 10 points and 14 to 15 points, that is, when the user performs the verification of the logistics object management apparatus in the two time periods, the logistics object management apparatus allows the user to perform the relevant operation after the verification is passed.

Optionally, the operation permission starting condition further includes: the user system time is matched with the current time of the logistics object management equipment.

Specifically, matching the user system time with the current time of the logistics object management device refers to comparing the system time information of the user handheld terminal with the current system time information in the logistics object management device, so as to ensure time consistency between the logistics object management device and the user system.

For example, when the current time of the logistics object management device is 14: 55 points, the system time of the user is 14: 52 points, and the preset error can be 5 minutes faster or slower than the two times, so that the two times conform to the setting of the error of 5 minutes and generate the result of successful matching.

Optionally, the key information is stored in a secure storage area of the logistics object management apparatus.

Specifically, a storage area of the logistics object management equipment is configured by using a TEE (secure storage area) technology, a secure storage area encrypts key information in a hardware encryption mode, the key information storage area is a secure storage area which is physically isolated from a system storage area, the secure storage area adopts hardware encryption, and the hardware encryption cannot be cracked. However, if the key information adopts hardware encryption, the possibility of being cracked does not exist, so that the probability of loss caused by stealing the first terminal is reduced

In addition, in step S506, since the verification information of the handheld terminal includes the user identifier and the timestamp information, where the timestamp information, that is, the current time information, can be understood as the time of the current area displayed in the handheld terminal and the logistics object management apparatus, after the logistics object management apparatus analyzes the verification information, the current time information in the verification information obtained after the analysis is compared with the local time information of the logistics object management apparatus, and the next analysis and processing are performed according to whether the current time information is consistent with the local time information of the logistics object management apparatus.

For example, when the time for producing the verification information by the user's mobile phone is 3:40pm, the time information contained in the authentication information is 3:40pm, after the handheld terminal analyzes the verification information, obtaining 3: and 40pm is time information of the verification information, and meanwhile, the time information is compared with local time information of the handheld terminal to generate a matching result.

In step S508, if the determination result is yes, the operation authority is turned on.

Specifically, according to the matching result, when the logistics object management device judges that the matching is successful, the operation authority of the logistics object management device is opened for the user through the authentication of the current authentication user.

For example, the logistics object management device performs matching authentication on a two-dimensional code (verification information) generated by a mobile phone terminal with the user ID10001, displays "the user ID10001 passes authentication" on the screen of the logistics object management device, and enters a handheld terminal operation main interface according to the operation of the user. The logistics object management equipment can be a parcel self-picking cabinet, the user can be a courier needing to put in parcels, and after the self-picking cabinet passes the identity authentication of the courier, an operation main interface appears, so that all relevant operations of putting in parcels by the courier can be provided.

Through the steps of the embodiment of the invention, the technical effect of identifying the user when the equipment is off-line can be realized.

Fourth embodiment

According to another aspect of the embodiments of the present invention, as shown in fig. 6, there is also provided an inter-IoT device data communication method, applied to a first IoT device, including:

step S602, obtaining authentication information from the second IoT device, wherein the authentication information includes a user identifier and a user system time of the second IoT device;

in some embodiments, the first IoT device is, for example, a sweeping robot and the second IoT device is, for example, a smart air conditioner. Under the off-line state, the intelligent air conditioner sends an identity authentication request to the robot of sweeping the floor through signal transmitter, and the robot of sweeping the floor carries out the off-line according to the request that the intelligent air conditioner sent and judges whether can authorize this intelligent air conditioner for the equipment that has the authority to operate, passes through when the authentication, then the air conditioner can be to the robot of sweeping the floor and issue work order.

In addition, the authentication information from the second IoT device contains a user identifier and a user system time, the user identifier may be a user ID, and according to the user ID in the authentication information of the second IoT device, the user ID is matched with a pre-stored user ID locally associated with the key information of the first IoT device, and whether the two user IDs are consistent is determined, and if so, the subsequent operation steps are continued. The user system time is the real-time system time of the second IoT device, and when the second IoT device generates the authentication information, the authentication information includes the user ID and the current user system time, so that the subsequent authentication and parsing steps can be performed.

The second IoT device generates, through the intelligent processing function, verification information for identifying the identity of the second IoT device, where the verification information is composed of user system time and user identification information encrypted by key information, where the key information may be a shared key in a TOTP algorithm, that is, common key information that is commonly used for the authenticator and the authenticatee.

It should be noted that the TOTP algorithm is an algorithm for calculating a one-time password from a shared key (secret key) and a current time, and is based on a hashed message authentication code, and combines the shared key and a current time stamp by using an encrypted hash function to produce the one-time password.

Specifically, the authentication information may be obtained by encrypting a user name ID of the user and timestamp information of the current APP system by using key information. When the user registers user information in the first IoT device, the first IoT device generates a user identification special for identifying the user according to the user information; the timestamp information of the current APP system is a parameter generated from the time information in the first IoT device and the second IoT device. For example, when the second IoT device is a smart air conditioner, the processor of the air conditioner encrypts the two parameters, i.e., the user ID of the user currently needing authentication and the time of the current region (timestamp information on the first terminal and the second terminal), by using the shared key in the TOTP algorithm, and generates a dynamic two-dimensional code. Wherein the dynamic two-dimensional code is changed according to the time stamp information.

The verification information generated by the second IoT device may also be a barcode or an encrypted character string, or may be in other forms, for example, a password signal is converted into a signal in other forms to be sent out, that is, as long as the information used for generating the identification authentication in an encrypted manner can be achieved, the scope of the embodiments of the present invention is covered.

In some embodiments, information may be passed directly between the first IoT device and the second IoT device. In other embodiments, the first IoT device and the second IoT device may communicate information indirectly through the third terminal. The third terminal may also be a signal receiving device of another form, which is not limited herein.

Step S604, analyzing the verification information by using the key information of the first IoT device;

optionally, analyzing the verification information by using the key information includes: analyzing the verification information by using a plurality of candidate key information respectively; the first IoT device stores a plurality of candidate key information and corresponding pre-stored identifications.

Specifically, when parsing is performed according to the authentication information obtained in step S602, the first IoT device parses the authentication information one by using a plurality of pieces of key information with pre-stored identifiers stored in the local storage area of the first IoT device, and performs analysis and processing in subsequent steps until parsing is completed.

A plurality of pieces of key information locally stored by the first IoT device may be stored in the local MySQL database system, for example, the key information a is associated with the user ID10001, then the user ID10001 is stored in an element column in the MySQL database structure table as a pre-stored identifier of the key information a, when the verification information is sent from the user ID10001, the first IoT device may call all pieces of key information in the database to parse them one by one according to the obtained verification information, and in this case, when the verification information of the user ID10001 encounters the key information a locally stored by the first IoT device, the parsing is successful.

It should be further noted that the pre-stored identifier may be user ID information, or may be other user data associated with the second IoT device user APP, that is, only one-to-one resolution of the key information through the pre-stored identifier is matched.

Specifically, when the public key is used to parse the verification information generated by the second IoT device, the user identifier in the verification information may be parsed, then the obtained user identifier is used to perform a lookup operation on the user identifier key in the local database of the first IoT device, so as to obtain the key information associated with the user identifier, and finally, the key information associated with the user identifier is used to parse the verification information.

The public key is a kind of common key information corresponding to the key information with the pre-stored identifier, and the public key can be used to parse the authentication information sent by the second IoT device of any user, and simply parse the authentication information to obtain the user identifier in the authentication information for subsequent processing. The key information associated with the user identifier parsed from the public key is a plurality of key information stored locally by the first IoT device, and the information may be stored in the local MySQL database system, for example, the key information a is associated with the user ID10001, so the user ID10001 is stored as a pre-stored identifier of the key information a in an element column in the MySQL database structure table, when the verification information is sent by the user ID10001, the first IoT device parses the verification information according to the public key, obtains the user ID10001, and then performs subsequent parsing steps according to the key information corresponding to the user ID10001 in the database.

Step S606, judging whether the analyzed verification information accords with the operation authority opening condition, wherein the operation authority opening condition comprises the following steps: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

Specifically, according to the parsed authentication information obtained in S604, which contains the user identifier, the user identifier may be a user ID of the second IoT device (hereinafter referred to as the second IoT device), and according to the user ID in the authentication information of the second IoT device, the user identifier is matched with a pre-stored user ID locally associated with the key information of the first IoT device, and whether the two user IDs are consistent is determined, and when the two user IDs are consistent, the subsequent operation steps are continued.

According to the embodiment of the present invention, the second IoT device system time in step S606 is the time information when the second IoT device user system generates the verification information, for example, when the second IoT device generates the verification information at 14 o 'clock in 3/12/2018, the second IoT device system time information is 14 o' clock in 12/2018/month, that is, the operation permission enabling condition is whether the second IoT device system time information belongs to the time information that the second IoT device specified in the first terminal system can enable the permission operation, which is a matching relationship of a time range, and is used to specify the verification operation of the second IoT device within the time range that the first IoT device allows the verification operation, so as to improve the communication security of the entire first IoT device.

According to the embodiment of the invention, the preset operation time range is the second IoT device operation time range which is acquired by the first IoT device and corresponds to the second IoT device identification.

Specifically, the first IoT device may obtain an operation time range in which the second IoT device user identifier is corresponding to the second IoT device to send to the first IoT device, where the time range may be a certain time period, for example, between 14 to 15 points, the first IoT device is operated, and at this time, the first IoT device verifies whether the authentication information conforms to the time period with respect to the user system time, so as to further determine the authenticity of the user.

It should be noted that, the user corresponding to the second IoT device user identifier may set the preset operation time range to several time periods in one day, but is not limited to a certain time period, for example, the user corresponding to the user identifier may set the preset operation time range in the first IoT device to 9 to 10 and 14 to 15, that is, when the user performs the first IoT device authentication in the two time periods, the first IoT device may allow the user to perform the relevant operation after the authentication passes.

Optionally, the operation permission starting condition further includes: the user system time matches a current time of the first IoT device.

Specifically, matching the user system time with the current time of the first IoT device refers to comparing the system time information of the second IoT device of the user with the current system time information in the first IoT device to ensure time consistency of the first IoT device and the user system.

For example, when the current time of the first IoT device is 14: 55 minutes, the system time of the second IoT device is 14: 52 minutes, and the preset error may be 5 minutes faster or slower than the two times, so the two times meet the setting of the error of 5 minutes and generate the result of successful matching.

Optionally, the key information is stored in a secure storage area of the first IoT device.

Specifically, a storage area of the first IoT device is configured by using a TEE (secure storage area) technology, the secure storage area encrypts key information in a hardware encryption manner, the key information storage area is a secure storage area which is physically isolated from a system storage area, and the secure storage area adopts hardware encryption, so that the hardware encryption cannot be broken. However, if the key information adopts hardware encryption, the possibility of being cracked does not exist, so that the probability of loss caused by stealing the first terminal is reduced

In addition, for step S606, since the verification information of the second IoT device includes the user identifier and the timestamp information, where the timestamp information, that is, the current time information, can be understood as the time of the current location displayed in the second IoT device and the first IoT device, after the first IoT device parses the verification information, the first IoT device compares the current time information in the verification information obtained after parsing with the local time information of the first IoT device, and performs the next analysis and processing according to whether the current time information is consistent with the local time information of the first IoT device.

For example, when the time for producing the verification information by the user's mobile phone is 3:40pm, the time information contained in the authentication information is 3:40pm, when the second IoT device parses the verification information, we get 3: and 40pm is time information of the verification information, and meanwhile, the time information is compared with local time information of the second IoT equipment to generate a matching result.

In step S608, if the determination result is yes, the operation authority is turned on.

Specifically, according to the matching result, when the first IoT device determines that the matching is successful, the second IoT device opens the operation right on the first IoT device through the authentication of the current authentication user.

For example, as shown in fig. 2, the first IoT device performs matching authentication on the two-dimensional code (verification information) generated by the second IoT device. The first IoT device may be a sweeping robot, the second IoT device may be an intelligent air conditioner, and after the sweeping robot passes the identity authentication of the intelligent air conditioner, the sweeping robot may provide the intelligent air conditioner with all rights to operate the sweeping robot.

Through the steps of the embodiment of the invention, the technical effect of identifying the IoT devices when the devices are offline can be achieved.

Fifth embodiment

According to another aspect of the embodiments of the present invention, as shown in fig. 7, there is also provided a data communication method applied to a donated item management device, including:

step S702, acquiring verification information from the handheld terminal, wherein the verification information comprises a user identifier of the handheld terminal and user system time;

In addition, the verification information from the handheld terminal contains a user identifier and user system time, the user identifier can be a user ID, the user ID in the verification information from the handheld terminal is matched with a prestored user ID associated with the key information locally by the donation item management device, whether the two user IDs are consistent or not is judged, and if the two user IDs are consistent, the subsequent operation steps are continued. The user system time is the real-time system time of the handheld terminal, and when the handheld terminal generates the verification information, the verification information includes the user ID and the time of the current user system, so as to facilitate the execution of the subsequent verification and analysis steps.

Specifically, the authentication information may be obtained by encrypting a user name ID of the user and timestamp information of the current APP system by using key information. When the user registers user information in the donation item management equipment, the donation item management equipment generates a user identifier special for user identification according to the user information; the timestamp information of the current APP system is a parameter generated by the time information in the donated item management device and the handheld terminal. For example, when the handheld terminal is a mobile terminal of a mobile phone, the mobile phone processor encrypts the two parameters, i.e., the user ID of the user currently needing authentication and the time of the current area (the timestamp information on the first terminal and the second terminal), by using the shared key in the TOTP algorithm, so as to generate a dynamic two-dimensional code. The specific process is that when a user operates an 'authentication' button in a mobile phone screen, the mobile phone generates a dynamic two-dimensional code through calculation of a shared key with a shared key of '45 @ 6' according to the current time, for example, 3 pm (3:40pm) and user ID10001 at 3 pm, and displays the two-dimensional code on the mobile phone screen so as to be authenticated by a first terminal, so that the two-dimensional code is encrypted by the shared key of '45 @ 6' through the key of 3:40pm and 10001, and a character string is generated and converted into the two-dimensional code for display.

In step S704, the authentication information is parsed using the key information of the donated item management device.

In this step, the donated item management device may store a plurality of candidate key information, and after receiving the authentication information, may parse the authentication information using the plurality of candidate key information, respectively.

The donated goods management device stores a plurality of candidate key information and corresponding pre-stored identifications. Each pre-stored identity may be associated with a candidate key information. When the verification information is analyzed by using the candidate key information, and the obtained analyzed verification information contains the pre-stored identification, or the content contained in the verification information is matched with the corresponding pre-stored identification, the verification information is considered to pass the verification.

Optionally, analyzing the verification information by using the key information includes: analyzing the verification information by using a plurality of candidate key information respectively; the donated goods management device stores a plurality of candidate key information and corresponding pre-stored identifications.

Specifically, when the donated goods management device analyzes the verification information according to the verification information obtained in step S702, the donated goods management device analyzes the verification information one by using a plurality of pieces of key information with pre-stored identifiers stored in the local storage area of the donated goods management device, and performs analysis and processing in the subsequent steps until the analysis is completed.

For example, the key information a is associated with the user ID10001, then the user ID10001 is stored in an element column in the MySQL database structure table as a pre-stored identifier of the key information a, when the verification information is sent by the user ID10001, the donation item management device may call all the key information in the database to parse the key information one by one according to the obtained verification information, and in this case, when the verification information of the user ID10001 meets the key information a locally stored by the donation item management device, the parsing is successful.

Specifically, when the public key is used for analyzing the verification information generated by the handheld terminal, the user identifier in the verification information can be analyzed, then the obtained user identifier is used for searching the user identifier key in the local database of the donation item management equipment, the key information associated with the user identifier is obtained, and finally the key information associated with the user identifier is used for analyzing the verification information.

The key information associated with the user ID parsed from the public key is a plurality of key information stored locally by the donation item management device, and the information may be stored in a local MySQL database system, for example, the key information a is associated with the user ID10001, so that the user ID10001 is stored as a pre-stored identifier of the key information a in an element column in a MySQL database structure table, when the verification information is sent from the user ID10001, the first terminal parses the verification information according to the public key, obtains the user ID10001, and then performs subsequent parsing steps according to the key information corresponding to the user ID10001 in the database.

Step S706, judging whether the analyzed verification information meets the operation authority opening condition, wherein the operation authority opening condition comprises: the user identification is matched with a pre-stored identification associated with the key information; and the user system time is within a preset operation time range corresponding to the user identifier, the preset operation time range is the user operation time range corresponding to the user identifier, which is acquired by the donation item management device from the server, and the user operation within the user operation time range comprises the delivery of donation items.

Specifically, the analyzed verification information obtained in S704 includes a user identifier, which may be a user ID, and the user ID is matched with a pre-stored user ID associated with the key information locally by the donation item management device according to the user ID in the verification information of the handheld terminal, and whether the two user IDs are consistent is determined, and if so, the subsequent operation steps are continued.

According to the embodiment of the present invention, the user system time in step S706 is the time information when the handheld terminal user system generates the verification information, for example, when the user generates the verification information at 14 o 'clock 56 m 3/12/2018, the user system time information is 14 o' clock 56 m 3/12/2018, that is, the operation permission enabling condition is whether the user system time information belongs to the time information which is specified in the first terminal system and in which the user can enable the permission operation, which is a matching relationship of a time range, and is used for specifying the verification work of the user handheld terminal within the time range in which the donated item management device allows the verification work, so as to improve the communication security of the entire first terminal.

According to the embodiment of the present invention, the preset operation time range is a user operation time range corresponding to the user identifier acquired by the donation item management device.

Specifically, the donation item management device may obtain an operation time range that the user identifier corresponds to the user and sends the user identifier to the donation item management device, where the time range may be a certain time period, for example, between 14 to 15 points, the user may operate the donation item management device, and at that time, the donation item management device may verify, for the user system time, whether the verification information corresponds to the time period, so as to further determine the authenticity of the user.

It should be noted that, the user corresponding to the user identifier may set the preset operation time range to several time periods in one day, but is not limited to a certain time period, for example, the user corresponding to the user identifier may set the preset operation time range in the donation item management device to 9 to 10 and 14 to 15, that is, when the user performs the verification of the donation item management device in these two time periods, the donation item management device may allow the user to perform the relevant operation after the verification is passed.

Optionally, the operation permission starting condition further includes: the user system time matches the current time of the donated item management device.

Specifically, the matching of the user system time and the current time of the donation item management device refers to comparing the system time information of the user handheld terminal with the current system time information in the donation item management device, so as to ensure the time consistency between the donation item management device and the user system.

For example, when the donated goods management device currently time is 14 o 'clock 55 minutes, the user system time is 14 o' clock 52 minutes, and the preset error may be 5 minutes faster or slower than the two times, so that the two times meet the setting of the error of 5 minutes and generate the result of successful matching.

In step S708, if the determination result is yes, the operation authority is turned on.

Specifically, according to the matching result, when the donation item management device determines that the matching is successful, the operation authority of the donation item management device is opened for the user through the authentication of the current authentication user.

For example, the donation item management device performs matching authentication on a two-dimensional code (verification information) generated by the mobile phone terminal of the user ID10001, displays "user ID10001 authentication is passed" on the screen of the donation item management device, and enters the handheld terminal operation main interface according to the operation of the user. Wherein, donation article management equipment can be parcel self-service cabinet, and the user can be the courier that needs put in the parcel, and when self-service cabinet through the authentication back to the courier, the operation main interface appears, can provide the donor and put in all relevant operations of donation material.

Sixth embodiment

According to another aspect of the embodiments of the present invention, there is also provided a method for data communication between terminals, including:

step S802, obtaining the verification information from the second terminal, wherein the verification information includes the user identification of the second terminal.

In addition, the verification information from the second terminal contains a user identifier, wherein the user identifier can be a user ID, the user ID in the verification information of the second terminal is matched with a pre-stored user ID locally associated with the key information of the first terminal, whether the two user IDs are consistent or not is judged, and if the two user IDs are consistent, the subsequent operation steps are continued.

Step S804, the verification information is analyzed by using the key information.

Specifically, when the verification information is analyzed according to the verification information obtained in step S802, the first terminal analyzes the verification information one by using a plurality of pieces of key information with pre-stored identifiers stored in the local storage area of the first terminal, and performs analysis and processing in subsequent steps until the analysis is completed.

Step S806, judging whether the analyzed verification information meets the operation authority opening condition; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; wherein the key information is stored in a secure storage area of the first terminal.

Specifically, the analyzed verification information obtained in S804 includes a user identifier, which may be a user ID, and the user ID in the verification information of the second terminal is matched with a pre-stored user ID associated with the key information locally at the first terminal, and whether the two user IDs are consistent is determined, and if so, the subsequent operation steps are continued.

In addition, the storage area of the first terminal is configured by using a TEE (secure storage area) technology, the secure storage area encrypts the key information in a hardware encryption mode, the key information storage area is the secure storage area and is physically isolated from the system storage area, the secure storage area adopts hardware encryption, and the hardware encryption cannot be cracked. However, if the key information is encrypted by hardware, the possibility of being cracked does not exist, so that the probability of loss caused by stealing the first terminal is reduced.

Step S808, if the determination result is yes, opening the operation permission.

Since the related steps and methods in the first embodiment have been described in more detail, they are not repeated herein.

Seventh embodiment

According to another aspect of the embodiments of the present invention, there is also provided a data communication apparatus between terminals, as shown in fig. 9, the data communication apparatus includes: an obtaining module 90, configured to obtain authentication information from the second terminal, where the authentication information includes a user identifier of the second terminal and a user system time; the analysis module 92 is used for analyzing the verification information by using the key information; a judging module 94, configured to judge whether the analyzed verification information meets the operation permission opening condition; the execution module 96 is configured to, if the determination result is yes, start the operation permission; the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in the preset operation time range corresponding to the user identification.

In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

Fig. 10 is a schematic diagram of a hardware structure of a terminal device according to an embodiment of the present application. As shown in fig. 8, the terminal device may include an input device 90, a processor 91, an output device 92, a memory 93, and at least one communication bus 94. The communication bus 94 is used to enable communication connections between the elements. The memory 93 may comprise a high speed RAM memory, and may also include a non-volatile storage NVM, such as at least one disk memory, in which various programs may be stored in the memory 93 for performing various processing functions and implementing the method steps of the present embodiment.

Alternatively, the processor 91 may be implemented by, for example, a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a controller, a microcontroller, a microprocessor, or other electronic components, and the processor 91 is coupled to the input device 90 and the output device 92 through a wired or wireless connection.

Alternatively, the input device 90 may include a variety of input devices, such as at least one of a user-oriented user interface, a device-oriented device interface, a software-programmable interface, a camera, and a sensor. Optionally, the device interface facing the device may be a wired interface for data transmission between devices, or may be a hardware plug-in interface (e.g., a USB interface, a serial port, etc.) for data transmission between devices; optionally, the user-facing user interface may be, for example, a user-facing control key, a voice input device for receiving voice input, and a touch sensing device (e.g., a touch screen with a touch sensing function, a touch pad, etc.) for receiving user touch input; optionally, the programmable interface of the software may be, for example, an entry for a user to edit or modify a program, such as an input pin interface or an input interface of a chip; an audio input device such as a microphone may receive voice data. The output device 92 may include a display, a sound, or other output device.

In this embodiment, the processor of the terminal device includes a module for executing the functions of the modules of the data processing apparatus in each device, and specific functions and technical effects may refer to the foregoing embodiments, which are not described herein again.

Fig. 11 is a schematic hardware structure diagram of a terminal device according to another embodiment of the present application. FIG. 11 is a specific embodiment of the implementation of FIG. 10. As shown in fig. 11, the terminal device of the present embodiment includes a processor 101 and a memory 102.

The processor 101 executes the computer program codes stored in the memory 102 to implement the data communication method between the terminals in fig. 1 to 8 in the above embodiments.

The memory 102 is configured to store various types of data to support operations at the terminal device. Examples of such data include instructions for any application or method operating on the terminal device, such as messages, pictures, videos, and so forth. The memory 102 may include a Random Access Memory (RAM) and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.

Optionally, the processor 101 is provided in the processing assembly 100. The terminal device may further include: a communication component 103, a power component 104, a multimedia component 105, an audio component 106, an input/output interface 107 and/or a sensor component 108. The specific components included in the terminal device are set according to actual requirements, which is not limited in this embodiment.

The processing component 100 generally controls the overall operation of the terminal device. The processing component 100 may include one or more processors 101 to execute instructions to perform all or part of the steps of the methods of fig. 1-7 described above. Further, the processing component 100 can include one or more modules that facilitate interaction between the processing component 100 and other components. For example, the processing component 100 may include a multimedia module to facilitate interaction between the multimedia component 105 and the processing component 100.

The power supply component 104 provides power to the various components of the terminal device. The power components 104 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the terminal device.

The multimedia component 105 includes a display screen that provides an output interface between the terminal device and the user. In some embodiments, the display screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the display screen includes a touch panel, the display screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.

The audio component 106 is configured to output and/or input audio signals. For example, the audio component 106 may include a Microphone (MIC) configured to receive external audio signals when the terminal device is in an operational mode, such as a voice recognition mode. The received audio signal may further be stored in the memory 102 or transmitted via the communication component 103. In some embodiments, the audio component 106 also includes a speaker for outputting audio signals.

The input/output interface 107 provides an interface between the processing component 100 and peripheral interface modules, which may be click wheels, buttons, etc. These buttons may include, but are not limited to: a volume button, a start button, and a lock button.

The sensor component 108 includes one or more sensors for providing various aspects of status assessment for the terminal device. For example, the sensor component 108 can detect the open/closed status of the terminal device, the relative positioning of the components, the presence or absence of user contact with the terminal device. The sensor assembly 108 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact, including detecting the distance between the user and the terminal device. In some embodiments, the sensor assembly 108 may also include a camera or the like.

The communication component 103 is configured to facilitate wired or wireless communication between the terminal device and other devices. The terminal device may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In one embodiment, the terminal device may include a SIM card slot for inserting a SIM card therein, so that the terminal device can log on to a GPRS network and establish communication with the server via the internet.

From the above, the communication component 103, the audio component 106, the input/output interface 107 and the sensor component 108 involved in the embodiment of fig. 11 can be implemented as the input device in the embodiment of fig. 10.

An embodiment of the present application provides a terminal device, including: one or more processors; and one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the terminal device to perform a method as described in one or more of the embodiments of the application.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.

The method and the device for data communication between terminals provided by the present application are introduced in detail above, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiment is only used to help understand the method and the core idea of the present application; in view of the above, the description should not be taken as limiting the application.

Claims

1. A data communication method between terminals is applied to a first terminal and comprises the following steps:

acquiring verification information from a second terminal, wherein the verification information comprises a user identifier and user system time of the second terminal;

analyzing the verification information by using the key information;

judging whether the analyzed verification information meets the operation authority opening condition or not;

if the judgment result is yes, opening the operation authority;

the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; and the system time of the user is in a preset operation time range corresponding to the user identification.

2. The method according to claim 1, wherein the preset operation time range is a user operation time range corresponding to the user identifier acquired by the first terminal.

3. The method according to claim 1, wherein the operation right opening condition further comprises: the user system time is matched with the current time of the first terminal.

4. The method of claim 1, wherein the authentication information comprises information generated by performing a cryptographic operation on a user identification and a user system time using the key information.

5. The method of claim 1, wherein the key information is stored in a secure storage area of the first terminal.

6. The method of claim 1, wherein the parsing the authentication information using key information comprises:

analyzing the verification information by using a plurality of candidate key information respectively;

and the first terminal stores a plurality of candidate key information and the corresponding pre-stored identification.

7. The method of claim 1, wherein the step of parsing the authentication information using key information comprises:

analyzing the verification information by using a public key;

searching corresponding key information by using the user identification in the analyzed verification information;

and analyzing the verification information by using the searched key information.

8. The method of claim 1, wherein opening the operational right comprises:

displaying a user interface allowing operation; and/or

Information allowing connection is displayed.

9. A data communication method between terminals is applied to a second terminal, and the method comprises the following steps:

generating verification information by using the key information, the user identification and the user system time;

sending the verification information;

10. The method according to claim 9, wherein the key information is a key shared by the first terminal and the second terminal.

11. The method according to claim 9, wherein the first terminal comprises a plurality of candidate key information, each candidate key information being associated with one of the pre-stored identities.

12. A data communication method is applied to logistics object management equipment and comprises the following steps:

acquiring verification information from a handheld terminal, wherein the verification information comprises a user identifier of the handheld terminal and user system time;

analyzing the verification information by using the key information of the logistics object management equipment;

if the judgment result is yes, opening the operation authority;

13. A data communication method between IoT terminals is applied to a first IoT device and comprises the following steps:

obtaining authentication information from a second IoT device, wherein the authentication information comprises a user identification and a user system time of the second IoT device;

parsing the authentication information using key information of a first IoT device;

if the judgment result is yes, opening the operation authority;

14. A data communication method between terminals is applied to donation item management equipment and comprises the following steps:

analyzing the verification information by using the key information;

if the judgment result is yes, opening the operation authority;

the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information; the user system time is within a preset operation time range corresponding to the user identification;

the preset operation time range is a user operation time range corresponding to the user identifier, which is acquired from a server by the donation item management device, and the user operation within the user operation time range includes donation item delivery.

15. A data communication method between terminals is applied to a first terminal and comprises the following steps:

acquiring verification information from a second terminal, wherein the verification information comprises a user identifier of the second terminal;

analyzing the verification information by using the key information;

if the judgment result is yes, opening the operation authority;

the operation authority opening condition includes: the user identification is matched with a pre-stored identification associated with the key information;

wherein the key information is stored in a secure storage area of the first terminal.

16. The method according to claim 15, wherein the parsed authentication information includes a system time of the user of the second terminal, and the operation right enabling condition further includes: the user system time is matched with the current time of the first terminal.

17. An apparatus for data communication between terminals, comprising:

the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring verification information from a second terminal, and the verification information comprises a user identifier and user system time of the second terminal;

the analysis module is used for analyzing the verification information by using the key information;

the judging module is used for judging whether the analyzed verification information meets the operation authority opening condition or not;

the execution module is used for opening the operation authority if the judgment result is yes;

18. A non-volatile storage medium, wherein a computer-readable program is stored in the non-volatile storage medium, and when the computer-readable program runs, a device in which the non-volatile storage medium is located performs the method of any one of claims 1 to 16.

19. A computing device, comprising:

a memory having a computer readable program stored therein;

a processor for executing the computer readable program, wherein the computer readable program when executed performs the method of any of claims 1 to 16.