阅读说明：本技术 安全域的配置、发现和加入方法及装置、电子设备 (Security domain configuration, discovery and joining method and device and electronic equipment ) 是由 茹昭 吕小强 张军 于 2020-01-19 设计创作，主要内容包括：本申请实施例涉及安全域的配置和发现方法以及装置、电子设备。本申请的实施例中,通过在物联网设备中增加安全域资源,用以配置和管理设备所归属的安全域,提供了一种对网络中存在的物联网安全域进行配置的解决方案。当安全域信息可发现时,可通过将属性值映射到设备的发现资源,可以简化资源发现过程,使其他设备可便捷地发现和获得网络中的安全域信息。此外,网络中存在多个安全域时,可通过发现的安全域信息区分不同的安全域。(The embodiment of the application relates to a security domain configuration and discovery method, a security domain configuration and discovery device and an electronic device. In the embodiment of the application, security domain resources are added in the equipment of the Internet of things to configure and manage the security domain to which the equipment belongs, and a solution for configuring the security domain of the Internet of things existing in a network is provided. When the security domain information can be discovered, the attribute values are mapped to the discovery resources of the devices, so that the resource discovery process can be simplified, and other devices can conveniently discover and obtain the security domain information in the network. In addition, when a plurality of security domains exist in the network, different security domains can be distinguished through discovered security domain information.)

A security domain configuration method, comprising:

acquiring security domain information;

performing security domain configuration according to the acquired security domain information;

wherein the security domain information comprises: security domain discoverability and at least one of a security domain identifier and a security domain name.

The method of claim 1, wherein the obtaining security domain information comprises:

automatically generating a random number as the security domain identifier;

requesting a user to set the security domain name;

requesting a user to set the security domain discoverability.

The method of claim 2, wherein the automatically generating a random number as the security domain identifier comprises:

and generating a random number according to the self authentication root certificate, and using the random number as the security domain identifier.

The method according to any one of claims 1 to 3, wherein the configuring of the security domain according to the acquired security domain information comprises:

and setting the security domain information into the equipment to be configured by sending an instruction carrying the security domain information to the equipment to be configured.

The method of claim 1, wherein the obtaining security domain information comprises:

receiving an instruction carrying the security domain information;

the configuring the security domain according to the acquired security domain information includes:

and configuring a security domain according to the security domain information in the instruction.

The method according to any one of claims 1 to 5, wherein the configuring of the security domain according to the acquired security domain information comprises:

mapping the security domain identifier to a discovery resource if the security domain discoverability attribute value characterizes discoverability.

A security domain discovery method, comprising:

acquiring discovery resources of IoT (Internet of things) equipment in a network;

obtaining a security domain identifier from the discovery resource;

determining a security domain corresponding to the security domain identifier in the network;

wherein the IoT device has configured security domain information, the security domain information comprising at least: a security domain identifier, a security domain name, and security domain discoverability.

The method of claim 7, wherein determining the security domain corresponding to the security domain identifier in the network comprises:

upon obtaining the security domain identifiers from at least two IoT devices, comparing the security domain identifiers;

when the security domain identifiers are the same, judging that one security domain exists in the network;

and when the security domain identifiers are different, judging that a plurality of security domains exist in the network.

The method of claim 7 or 8, wherein after acquiring the security domain identifier from the discovery resource, further comprising:

and acquiring a security domain name corresponding to the security domain identifier from the IoT equipment according to the security domain identifier.

The method of claim 9, wherein the obtaining, from the IoT device, the security domain name corresponding to the security domain identifier according to the security domain identifier comprises:

sending a request message for obtaining the security domain name corresponding to the security domain identifier to the IoT device;

receiving the security domain name fed back by the IoT device.

The method of claim 9 or 10, wherein after obtaining the security domain name corresponding to the security domain identifier from the IoT device according to the security domain identifier, the method further comprises:

when judging that one security domain exists in the network, representing the security domain by using the security domain name;

when it is determined that a plurality of security domains exist in a network and have different security domain names, representing the plurality of security domains by respective security domain names;

when it is determined that a plurality of security domains exist in a network and have the same security domain name, the plurality of security domains are represented by the security domain identifier and the corresponding security domain name.

A security domain discovery method performed by an internet of things device configured with security domain information by the security domain configuration method of any one of claims 1 to 6, comprising:

feeding back discovery resources in response to a received request message for performing resource discovery;

responding to a received request message for obtaining a security domain name corresponding to a security domain identifier, and feeding back the security domain name;

wherein the security domain information at least comprises: a security domain identifier, a security domain name, and security domain discoverability;

the security domain identifier is included in the discovery resource when an attribute value characterizing the security domain discoverability is discoverable.

A security domain joining method, comprising:

requesting a user to select a security domain to be added; wherein the security domain for selection by the user is a security domain discovered by the method of any of claims 7 to 11;

according to the security domain selected by the user, starting an instance of the security domain.

The method of claim 13, wherein the initiating, according to the security domain selected by the user, an instance of the security domain comprises:

switching to an instance of the security domain if the user-selected instance of the security domain exists in a configured security domain instance;

if there is no instance of the security domain selected by the user in the configured instance of security domains, an instance of the security domain available for the user selection is generated.

A security domain configuration apparatus, comprising:

the acquisition module is used for acquiring security domain information;

the configuration module is used for configuring a security domain according to the acquired security domain information;

wherein the security domain information at least comprises: a security domain identifier, a security domain name, and security domain discoverability.

The apparatus of claim 15, wherein the obtaining means is further configured to obtain the security domain information by:

automatically generating a random number as the security domain identifier;

requesting a user to set the security domain name;

requesting a user to set the security domain discoverability.

The apparatus of claim 16, wherein the means for obtaining is further configured to:

and when the random number is automatically generated as the security domain identifier, generating the random number according to the self authentication root certificate, and using the random number as the security domain identifier.

The apparatus of any of claims 15 to 17, wherein the configuration module is further configured to: and setting the security domain information into the equipment to be configured by sending an instruction carrying the security domain information to the equipment to be configured.

The apparatus of claim 15, wherein the means for obtaining is further configured to: receiving an instruction carrying the security domain information;

the configuration module is further to: and configuring a security domain according to the security domain information in the instruction.

The apparatus of any of claims 15 to 19, wherein the configuration module is further configured to: mapping the security domain identifier to a discovery resource when an attribute value of the security domain discoverability characterizes discoverability.

A security domain discovery apparatus, comprising:

the first acquisition module is used for acquiring discovery resources of the IoT equipment in the network;

a second obtaining module, configured to obtain a security domain identifier from the discovery resource;

a determining module, configured to determine a security domain corresponding to the security domain identifier in the network;

wherein the IoT device has configured security domain information, the security domain information comprising at least: a security domain identifier, a security domain name, and security domain discoverability.

The apparatus of claim 21, wherein the means for determining comprises:

a comparison submodule, configured to compare the security domain identifiers when the security domain identifiers are acquired from at least two IoT devices;

the judgment submodule is used for judging that one security domain exists in the network when the security domain identifiers are the same; and when the security domain identifiers are different, judging that a plurality of security domains exist in the network.

The apparatus of claim 21 or 22, wherein the apparatus further comprises:

a third obtaining module, configured to obtain, according to the security domain identifier obtained by the second obtaining module, a security domain name corresponding to the security domain identifier from the IoT device.

The apparatus of claim 23, wherein the third obtaining means comprises: a sending submodule, configured to send, to the IoT device, a request message for obtaining the security domain name corresponding to the security domain identifier;

a receiving submodule, configured to receive the security domain name fed back by the IoT device.

The apparatus of claim 23 or 24, wherein the means for determining further comprises:

a representation submodule for:

when judging that one security domain exists in the network, representing the security domain by using the security domain name;

when it is determined that a plurality of security domains exist in a network and have different security domain names, representing the plurality of security domains by respective security domain names;

when it is determined that a plurality of security domains exist in a network and have the same security domain name, the plurality of security domains are represented by the security domain identifier and the corresponding security domain name.

A security domain discovery apparatus, configured with security domain information by the security domain configuration method of any one of claims 1 to 6, comprising:

a first feedback module, configured to feed back discovery resources in response to a received request message for performing resource discovery;

the second feedback module is used for responding to a received request message for obtaining a security domain name corresponding to a security domain identifier and feeding back the security domain name;

wherein the security domain information at least comprises: a security domain identifier, a security domain name, and security domain discoverability; the security domain identifier is included in the discovery resource when an attribute value characterizing the security domain discoverability is discoverable.

A security domain joining apparatus, comprising:

the request module is used for requesting a user to select a security domain to be added; wherein the security domain for selection by the user is a security domain discovered by the apparatus of any of claims 7 to 11;

and the starting module is used for starting the instance of the security domain according to the security domain selected by the user.

The apparatus of claim 27, wherein the means for initiating is further for:

switching to an instance of the security domain when the user-selected instance of the security domain exists in a configured security domain instance;

generating an instance of the security domain available for the user selection when there is no instance of the security domain selected by the user in the configured instance of the security domain.

An electronic device, comprising: a processor and a memory for storing a computer program, the processor being configured to invoke and execute the computer program stored in the memory to perform the method of any of claims 1 to 14.

A chip, comprising: a processor for calling and running a computer program from a memory so that a device on which the chip is installed performs the method of any one of claims 1 to 14.

A computer-readable storage medium for storing a computer program which causes a computer to perform the method of any one of claims 1 to 14.

A computer program product comprising computer program instructions for causing a computer to perform the method of any one of claims 1 to 14.

A computer program, characterized in that the computer program causes a computer to perform the method according to any of claims 1 to 14.