(19)
(11)EP 3 686 829 A1

(12)EUROPEAN PATENT APPLICATION
published in accordance with Art. 153(4) EPC

(43)Date of publication:
29.07.2020 Bulletin 2020/31

(21)Application number: 18882248.0

(22)Date of filing:  23.11.2018
(51)International Patent Classification (IPC): 
G06Q 20/38(2012.01)
(86)International application number:
PCT/CN2018/117122
(87)International publication number:
WO 2019/101156 (31.05.2019 Gazette  2019/22)
(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
Designated Extension States:
BA ME
Designated Validation States:
KH MA MD TN

(30)Priority: 27.11.2017 CN 201711209715

(71)Applicant: Huawei Technologies Co., Ltd.
Longgang District Shenzhen, Guangdong 518129 (CN)

(72)Inventor:
  • MEI, Jingqing
    Shenzhen Guangdong 518129 (CN)

(74)Representative: Grünecker Patent- und Rechtsanwälte PartG mbB 
Leopoldstraße 4
80802 München
80802 München (DE)

  


(54)DEVICE CONTROL METHOD, AND RELATED DEVICE FOR SAME


(57) Embodiments of this application provide a device control method and a related device, so that a target device rejects, based on second transaction information including second data, control by a first participant. The method in the embodiments of this application includes: generating, by a server, first transaction information, where the first transaction information is used to indicate that a first participant has obtained control permission, the first transaction information includes information about the first participant and first data that includes information about a second participant, and the control permission is permission to control a target device; sending, by the server, the first transaction information to a blockchain; when the control permission is revoked, generating, by the server, second transaction information, where the second transaction information includes second data, and there is a correspondence between the second data and the first data; and sending, by the server, the second transaction information to the blockchain, where the second transaction information is used to indicate that the control permission on the target device has been revoked, and that the control permission has been revoked is used to instruct the target device to reject control over the target device by the first participant.




Description


[0001] This application claims priority to Chinese Patent Application No. 201711209715.8, filed with the Chinese Patent Office on November 27, 2017 and entitled "DEVICE CONTROL METHOD AND RELATED DEVICE", which is incorporated herein by reference in its entirety.

TECHNICAL FIELD



[0002] This application relates to the communications field, and in particular, to a device control method and a related device.

BACKGROUND



[0003] An Internet of things (the internet of things, IOT) is an Internet in which objects are interconnected. The Internet of things is developed based on the Internet. A user terminal is extended to any object, and information exchange and communication are performed between objects. With development of information and communications technologies, great importance is attached to development and prospects of the Internet of things by society. Many technologies of a basic Internet of things have entered human life, such as smart household and smart traffic. The smart household technology may be used to control a household appliance when a user is taking part in an outdoor activity, meeting a user requirement and improving user experience.

[0004] Control over a target device by a user may be implemented by using a blockchain-based bitcoin technology. First, an authorization server generates a transaction. The transaction describes granting of target device control permission to the user, and an address corresponding to a public key of the user is filled in for a first participant. If the target device finishes verifying the permission of the user and the verification succeeds, a payee address of the user in a first transaction may be recorded, and the payee address corresponds to the public key of the user. When the user manages the target device, each management instruction is signed by using a private key corresponding to the public key, and the target device may verify whether the private key matches the recorded public key, namely, the payee address of the user. If the private key matches the recorded public key, the management instruction is executed. If the private key does not match the recorded public key, the management instruction is not executed. In a behavior of bitcoin payment through transfer, a blockchain can effectively prevent tampering and record all valid transactions in the blockchain, ensuring immutability of transactions. After a payer performs a behavior of bitcoin payment through transfer, a transfer service is acknowledged and cannot be revoked.

[0005] Bitcoin is essentially a behavior of payment through transfer. Once the payer pays and payment is acknowledged, a transaction cannot be revoked. Therefore, during control over the target device by the user by using the blockchain-based bitcoin service technology, when it is found later that the transaction needs to be canceled, that is, control over the target device by the user needs to be canceled, the transaction cannot be revoked, resulting in a failure to revoke control over the target device by the user.

SUMMARY



[0006] Embodiments of this application provide a device control method and a related device, so that a target device rejects, based on second transaction information including second data, control by a first participant.

[0007] A first aspect of this application provides a device control method, including:

when a server determines to authorize a first participant to control a target device, generating first transaction information, where the first transaction information is used to indicate that the first participant has obtained control permission, the first transaction information includes information about the first participant and first data that includes information about a second participant, and the control permission is permission to control the target device;

sending, by the server, the first transaction information to a blockchain, or directly recording the first transaction information in a blockchain, to ensure immutability of a transaction;

when the control permission is revoked, generating, by the server, second transaction information, where the second transaction information includes second data, and there is a correspondence between the second data and the first data; and

sending, by the server, the second transaction information to the blockchain to ensure immutability of a transaction, where the second transaction information is used to indicate that the control permission on the target device has been revoked, so that the target device can reject, based on the second transaction information, control by the first participant.



[0008] In this embodiment, the server generates the second transaction information including the second data, where the second data corresponds to the first data in the first transaction information. Therefore, when obtaining the second transaction information from the blockchain, the target device determines that the control permission has been revoked, and therefore rejects control over the target device by the first participant. In this way, control permission of a user on a target device can be revoked based on a need in a blockchain-based Internet of things service, for example, a bitcoin-based Internet of things service.

[0009] Based on the first aspect, in a first implementation of the first aspect of the embodiments of this application, that the server generates the first transaction information based on the first message may include:

determining, by the server, authorization information as permission X; and

generating, by the server, the first transaction information, and using a target value in the first transaction information to represent the permission X.



[0010] This embodiment describes in detail how the server generates the first transaction information carrying the authorization information. This increases feasibility of solution implementation.

[0011] Based on the first aspect or the first implementation of the first aspect, in a second implementation of the first aspect of the embodiments of this application, the second participant includes:
a target account of the server, where the account may be controlled by the server. Therefore, the account can be used to generate the second transaction information.

[0012] This embodiment describes a specific object of the second participant, increasing feasibility of solution implementation.

[0013] A second aspect of this application provides a device control method, including:

checking, by a target device, whether second transaction information exists in a blockchain, and if the second transaction information exists in the blockchain, determining, by the target device based on the second transaction information, that control permission has been revoked by a server, where the second transaction information includes second data, there is a correspondence between the second data and first data that includes information about a second participant, and it should be noted that the control permission is permission to control the target device by a first participant, and the first participant may be any specific device, for example, a user mobile phone;

then determining, by the target device, the first participant in first transaction information obtained from the blockchain, where the first transaction information includes the first data and information about the first participant, and may further include information about a third or even more participants, the first transaction information is used to inform the target device that the first participant has obtained the control permission, and the first transaction information is generated when the server authorizes the first participant to control the target device; and

then rejecting, by the target device, control over the target device by the first participant.



[0014] Based on the second aspect, in a first implementation of the second aspect of the embodiments of this application, before the determining, by the target device based on the second transaction information, that control permission has been revoked, the method further includes:

first receiving, by the target device from the blockchain, the first transaction information sent by the server;

verifying, by the target device, the control permission based on the first transaction information;

because the second transaction information does not exist at this time, determining, by the target device, that verifying the control permission succeeds; and

accepting, by the target device, control by the first participant.



[0015] Based on the first implementation of the second aspect, in a second implementation of the second aspect of the embodiments of this application, after the accepting, by the target device, control over the target device by the first participant, and before the determining, by the target device based on the second transaction information, that control permission has been revoked, the method further includes:

periodically checking, by the target device, whether the second transaction exists in the blockchain, where a check period is not fixed and may be preset; and

if the second transaction information exists, performing, by the target device, a step to be performed when the second transaction information is detected.



[0016] Based on the first implementation of the second aspect or the second implementation of the second aspect, in a third implementation of the second aspect of the embodiments of this application, the receiving, by the target device from the blockchain, the first transaction information sent by the server includes:

receiving, by the target device, a transaction ID, of the first transaction information, sent by the first participant; and

then receiving, by the target device from the blockchain based on the transaction ID, the first transaction information sent by the server; or

obtaining, by the target device, third transaction information sent by the first participant, where the third transaction information includes third data, and the third data corresponds to the first participant;

determining, by the target device, a transaction ID of the first transaction information based on the third transaction information; and

receiving, by the target device from the blockchain based on the transaction ID, the first transaction information sent by the server.



[0017] A third aspect of this application provides a server, including:

a first generation unit, configured to generate first transaction information based on a first message when the server determines to grant authorization, where the first transaction information is used to indicate that a first participant has obtained control permission, the first transaction information includes information about the first participant and first data that includes information about a second participant, and may further include information about a third participant or even information about more participants, and the control permission indicates permission to control a target device by any device;

a first sending unit, configured to send the first transaction information to a blockchain, to ensure immutability of a transaction;

a second generation unit, configured to generate second transaction information when the control permission is revoked, where the second transaction information includes second data, and there is a correspondence between the second data and the first data; and

a second sending unit, configured to send the second transaction information to the blockchain to ensure immutability of a transaction, where the second transaction information is used to indicate that the control permission on the target device has been revoked, so that the target device can reject, based on the second transaction information, control by the first participant.



[0018] In this embodiment, the server generates the second transaction information including the second data, where there is a correspondence between the second transaction information and the first data in the first transaction information. Therefore, when obtaining the second transaction information from the blockchain, the target device determines that the control permission has been revoked, and therefore rejects control over the target device by the first participant. In this way, when a blockchain-based service is applied to an Internet of things, control permission of a user on a target device can be revoked based on a need.

[0019] Based on the third aspect, in a first implementation of the first aspect of the embodiments of this application, the first generation unit includes:

a determining module, configured to determine authorization information as permission X; and

a generation module, configured to generate the first transaction information, and use a target value in the first transaction information to represent the permission X.



[0020] This embodiment describes in detail how the server generates the first transaction information carrying the authorization information. This increases feasibility of solution implementation.

[0021] A fourth aspect of this application provides a device control method, including:

a first detection unit, configured to check whether second transaction information exists in a blockchain; and if the second transaction information exists in the blockchain, a target device may determine, based on the second transaction information, that control permission has been revoked by a server, where the second transaction information includes second data, there is a correspondence between the second data and first data that includes information about a second participant, and the control permission is permission to control the target device;

a first determining unit, configured to determine a first participant in first transaction information obtained from the blockchain, where the first transaction information includes the first data and information about the first participant, the two participants may be the first participant and the second participant, the first transaction information is used to inform the target device that the first participant has obtained the control permission, and the first transaction information is generated after the server receives a message sent by the first participant to request the control permission on the target device; and

a control rejection unit, configured to reject control over the target device by the first participant.



[0022] In this embodiment, when detecting the second transaction information, the target device rejects control by the first participant in the first transaction information, thereby implementing control rejection based on the second transaction information.

[0023] Based on the fourth aspect, in a first implementation of the fourth aspect of the embodiments of this application, the target device further includes:

a receiving unit, configured to receive, from the blockchain, the first transaction information sent by the server;

a verification unit, configured to verify the control permission based on the first transaction information;

a second determining unit, configured to: because the second transaction information does not exist at this time, determine that verifying the control permission succeeds; and

a control accepting unit, configured to accept control by the first participant.



[0024] In this embodiment, a control accepting process is supplemented before the target device rejects control. This indicates that when being under control, the target device can reject, based on the second transaction information, control by the first participant.

[0025] Based on the first implementation of the fourth aspect, in a second implementation of the fourth aspect of the embodiments of this application, the target device further includes:

a second detection unit, configured to periodically check whether the second transaction exists in the blockchain, where a check period is not fixed and may be preset; and

an execution unit, configured to: if the second transaction information exists, perform a step to be performed when the second transaction information is detected.



[0026] This embodiment describes in detail that the target device periodically checks for the second transaction information when the target device is under control. This increases diversity of solution implementation.

[0027] Based on the first implementation of the fourth aspect or the second implementation of the fourth aspect, in a third implementation of the fourth aspect of the embodiments of this application, the receiving unit includes:

a first receiving module, configured to receive a transaction ID, of the first transaction information, sent by the first participant; and

a first receiving module, configured to receive, from the blockchain based on the transaction ID, the first transaction information sent by the server; or

a third receiving module, configured to receive third transaction information sent by the first participant, where the third transaction information includes third data, and the third data corresponds to the first participant, that is, the third data includes a private key of the first participant, and after signature authentication, it can be learned that a transaction is initiated by the first participant;

a determining module, configured to determine a transaction ID of the first transaction information based on the third transaction information; and

a fourth receiving module, configured to receive, from the blockchain based on the transaction ID, the first transaction information sent by the server.



[0028] This embodiment describes in detail a way in which the target device obtains the first transaction information. This increases diversity of solution implementation.

[0029] A fifth aspect of this application provides a server, including a memory, a transceiver, a processor, and a bus system, where
the memory is configured to store a program and an instruction;
the transceiver is configured to send or receive information under control of the processor;
the processor is configured to execute the program in the memory; and
the bus system is configured to connect the memory, the transceiver, and the processor, so that the memory, the transceiver, and the processor communicate with each other, where
the processor is configured to invoke the program and the instruction in the memory to perform the method according to any one of the first aspect or the first and second implementations of the first aspect.

[0030] A sixth aspect of this application provides a target device, including a memory, a transceiver, a processor, and a bus system, where
the memory is configured to store a program and an instruction;
the transceiver is configured to send or receive information under control of the processor;
the processor is configured to execute the program in the memory; and
the bus system is configured to connect the memory, the transceiver, and the processor, so that the memory, the transceiver, and the processor communicate with each other, where
the processor is configured to invoke the program and the instruction in the memory to perform the method according to any one of the second aspect or the first to third implementations of the second aspect.

[0031] A seventh aspect of the embodiments of this application provides a computer-readable storage medium, including an instruction, where when the instruction is run on a computer, the computer is enabled to perform the method according to any one of the first aspect or the first and second implementations of the first aspect, the second aspect or the first implementation to the third implementation of the second aspect, the third aspect or the first implementation of the third aspect, and the fourth aspect or the first to third implementations of the fourth aspect.

[0032] An eighth aspect of the embodiments of this application provides a computer program product including an instruction, where when the computer program product is run on a computer, the computer is enabled to perform the method according to any one of the first aspect or the first and second implementations of the first aspect, the second aspect or the first implementation to the third implementation of the second aspect, the third aspect or the first implementation of the third aspect, and the fourth aspect or the first to third implementations of the fourth aspect.

[0033] From the foregoing technical solutions, it can be learned that the embodiments of this application have the following advantages: First, the server generates the first transaction information, and the server sends the first transaction information to the blockchain, where the first transaction information is used to indicate that the first participant has obtained the control permission, the first transaction information includes the information about the first participant and the first data that includes the information about the second participant, and the control permission is the permission to control the target device; when the control permission is revoked, the server generates the second transaction information, where the second transaction information includes the second data, and there is a correspondence between the second data and the first data; then, the server sends the second transaction information to the blockchain, so that when the target device obtains the second transaction information from the blockchain, the target device determines that the control permission has been revoked, and therefore rejects control over the target device by the first participant. In the embodiments, the server generates the second transaction information that includes the second data corresponding to the first data in the first transaction information, and sends the second transaction information to the blockchain, so that when the target device determines that the second transaction information exists in the blockchain, the target device determines that the control permission has been revoked, and therefore rejects control over the target device by the first participant.

BRIEF DESCRIPTION OF DRAWINGS



[0034] 

FIG. 1 is a schematic diagram of an embodiment of a device control method according to this application;

FIG. 2 is a data structure diagram of transaction information;

FIG. 3 is a schematic diagram of another embodiment of a device control method according to this application;

FIG. 4 is a schematic diagram of another embodiment of a device control method according to this application;

FIG. 5 is a schematic diagram of another embodiment of a device control method according to this application;

FIG. 6A and FIG. 6B are a schematic diagram of another embodiment of a device control method according to this application;

FIG. 7 is a schematic diagram of another embodiment of a device control method according to this application;

FIG. 8 is a schematic diagram of another embodiment of a device control method according to this application;

FIG. 9 is a schematic diagram of an embodiment of a server according to this application;

FIG. 10 is a schematic diagram of another embodiment of a server according to this application;

FIG. 11 is a schematic diagram of an embodiment of a target device according to this application;

FIG. 12 is a schematic diagram of another embodiment of a target device according to this application;

FIG. 13 is a schematic diagram of another embodiment of a target device according to this application;

FIG. 14 is a schematic diagram of another embodiment of a target device according to this application;

FIG. 15 is a schematic diagram of another embodiment of a server according to this application; and

FIG. 16 is a schematic diagram of another embodiment of a target device according to this application.


DESCRIPTION OF EMBODIMENTS



[0035] Embodiments of this application provide a device control method and a related device, to reject, based on second transaction information related to first transaction information, control by a first participant.

[0036] In the specification, claims, and accompanying drawings of this application, the terms "first", "second", "third", "fourth", and so on (if existent) are intended to distinguish between similar objects but do not necessarily indicate a specific order or sequence. It should be understood that the data termed in such a way are interchangeable in proper circumstances so that the embodiments of the present invention described herein can be implemented in other orders than the order illustrated or described herein. Moreover, the terms "include", "contain" and any other variants mean to cover the non-exclusive inclusion, for example, a process, method, system, product, or device that includes a list of steps or units is not necessarily limited to those units, but may include other units not expressly listed or inherent to such a process, method, system, product, or device.

[0037] In the embodiments, a target device is a target device with a management server. The management server may be a server used for authorization in the embodiments; or may be a server that belongs to a service party different from that of the server used for authorization, but has a partnership with the server used for authorization.

[0038] In the embodiments of this application, the target device is relative to the first participant, and the target device is a determined physical device.

[0039] This application is implemented based on a blockchain technology. Imitating a bitcoin service in a blockchain, control over the target device is simulated as bitcoin payment through transfer. However, a behavior of payment through transfer is irrevocable, that is, once a user has control permission on a device, the control permission cannot be revoked. Therefore, this application proposes a device control method, to implement revocation of the control permission of the user on the device. The embodiments of this application may be used in an Internet of things. The following provides descriptions with reference to specific examples.

[0040] In the embodiments, bitcoin payment through transfer is generally used as an example for description of application scenarios. It can be understood that revocation of control permission may not involve input and output of amounts of money in the embodiments. For example, payment through transfer indicates only a relationship between a payer of a second transaction and a payee of a first transaction.

Application scenario 1: education industry



[0041] An Internet of things applied to the education industry can achieve integration of education resources. Specific education facilities, including books, experimental devices, school networks, related personnel, and the like, are all integrated to implement a unified and interconnected education network.

[0042] This application scenario is based on the blockchain technology. The blockchain is a private blockchain or an alliance blockchain. A field carrying authorization information is set in a data structure of the private blockchain or the alliance blockchain. A specific control manner is as follows: In an education system of a school, the foregoing resource information is integrated into an Internet device first. The device contains an introduction to school courses, an introduction to teachers, community activities, an introduction to books in a library, and the like. A student may use this device for course appointment, community registration, or the like. Certainly, another manner may alternatively be available. Specifically, a student uses a mobile phone, a computer, or another device to remotely control the Internet device to perform registration or make an appointment, or may communicate with the Internet device and access an education resource on the Internet device. Sometimes, the school implements some security measures to prevent resource leakage, for example, construction of a campus local area network. Only a device within a scope of this local area network can control the campus Internet device. Therefore, in the scenario of the embodiments of this application, a user mobile phone or the like first sends a first message to a server. Content of this message is "Please authorize the device to control the school Internet device." The server checks whether the device is within the scope of the campus local area network. If the device is within the scope of the campus local area network, the server grants permission X to the user mobile phone, and generates first transaction information. The transaction information includes a submitter, namely, an authorization requesting party: the user mobile phone; a first receiver, namely, a control object: the school Internet device, with a public key address of the school Internet device being filled in for the receiver; and a second receiver, which may be the server itself or a server-controllable target account, with a public key address of the second receiver being filled in for the receiver. A transfer transaction is used as an example. For example, A has CNY 100, and pays CNY 50 to a first payee B, and A receives CNY 50 as a second payee A'.

[0043] Then, the server sends the first transaction information to a blockchain to ensure immutability of a transaction. It can be understood that the first transaction information further includes much content of other aspects, such as authorization information, a HASH value of the transaction, input and output amounts of money, and a transaction ID. When the campus Internet device detects, in the blockchain, only the first transaction information carrying the authorization information, the campus Internet device accepts control over the campus Internet device by the user mobile phone. A user can remotely access a web page of the device, or use the mobile phone to remotely perform an operation that can be performed by using only the Internet device. When the user mobile phone disconnects from the campus local area network, the server revokes control over the campus Internet device by the user mobile phone. A revocation manner is to use second transaction information generated by the server-controllable target account with a private key of the second receiver, or second transaction information generated by the server with a private key of the second receiver, where the second transaction information carries the private key of the second payee. A target device can learn from a private key-based signature that the second transaction information is initiated by a second participant. Following the foregoing transfer transaction, with bitcoin payment through transfer being used as an example, a second transaction is that, for example, A' is a payer, C is a payee, and CNY 50 is paid to C. The server sends the second transaction information to the blockchain. When the school Internet device obtains the second transaction information from the blockchain, the school Internet device may learn that the server has revoked control permission of the user mobile phone on the school Internet device, and therefore rejects control by the user mobile phone.

[0044] In this application scenario, the server determines whether to grant authorization based on a criterion of whether the user mobile phone exists within the scope of the campus local area network. It can be understood that, in different application scenarios, there are different criteria for the server to determine whether to grant authorization, and a criterion for determining whether to grant authorization may alternatively not be determined based on an application scenario. For example, the server stores an identifier of an authorization requesting party that is allowed to be authorized. When the server detects that an authorization requesting party has this identifier, the authorization requesting party may be authorized.

[0045] In this application scenario, a manner in which the school Internet device obtains the first transaction information and the second transaction information from the blockchain may be as follows.
  1. (1) Manner 1: Because the server first generates the first transaction information and sends the first transaction information to the blockchain, the school Internet device first obtains the first transaction information, and checks whether the second transaction information exists. If the second transaction information exists, the school Internet device rejects, based on the second transaction information, control by the user mobile phone.
  2. (2) Manner 2: After obtaining the first transaction information, the school Internet device detects no second transaction information in the blockchain. The school Internet device accepts control by the user mobile phone, and periodically checks whether the second transaction information exists in the blockchain. If the second transaction information exists, the school Internet device rejects, based on the second transaction information, control by the user mobile phone.

Application scenario 2: smart household



[0046] In this application scenario, a user uses a portable smart device to remotely control a household appliance. This application scenario is based on a blockchain bitcoin technology. The blockchain is a public blockchain. A difference from the first application scenario is that a field carrying an authorization instruction is not set in a data structure.

[0047] First, a user A may use a portable smart device to send a first message to a server. Content of the message is "Request to control an air conditioner A." The server detects that the smart device is a smart device whose public key address has been stored in advance, and therefore grants permission Y to the smart device, and generates first transaction information. Then, the server sends the first transaction information to a blockchain. When the air conditioner detects only the first transaction information in the blockchain, the air conditioner accepts control by the smart device. The user may perform a series of operations, such as "turn-on", "timing", "turn-off", and "temperature adjustment", on the air conditioner by using the smart device. A specific implementation manner may be that the smart device has an application program, and the user can use the application program to perform the foregoing operations.

[0048] When the server determines to revoke control permission of the smart device, the server generates second transaction information. A characteristic of the second transaction information is similar to that in the application scenario 1. The second transaction information includes a private key of a second participant in the first transaction information. It can be learned from a private key-based signature that the second transaction information is initiated by the second participant. When the air conditioner detects the second transaction information in the blockchain, the air conditioner may learn that the smart device does not have the control permission, and therefore rejects control by the smart device.

[0049] This application scenario is based on a public blockchain. Therefore, a manner in which the first transaction information carries authorization information may be indicated by using a received amount of money. For example, if the server grants permission 1 to the user mobile phone, a corresponding amount of money is 0.00000001 BTC.

[0050] Likewise, in this application scenario, a manner in which the air conditioner A obtains the first transaction information and the second transaction information from the blockchain may be as follows.
  1. (1) Manner 1: Because the server first generates the first transaction information and sends the first transaction information to the blockchain, the air conditioner A first obtains the first transaction information, and checks whether the second transaction information exists. If the second transaction information exists, the air conditioner A rejects, based on the second transaction information, control by the smart device.
  2. (2) Manner 2: After obtaining the first transaction information, the air conditioner A detects no second transaction information in the blockchain. The air conditioner A accepts control by the smart device, and then periodically checks whether the second transaction information exists in the blockchain. If the second transaction information exists in the blockchain, the air conditioner A rejects, based on the second transaction information, control by the smart device.


[0051] The following describes in detail the device control method in the embodiments of this application. Referring to FIG. 1, an embodiment of a device control method according to the embodiments of this application includes the following steps.

[0052] 101. A server generates first transaction information.

[0053] After receiving a first message, the server determines to authorize a first participant to control a target device. A specific manner of indicating authorization by the server is generating the first transaction information.

[0054] In this embodiment, a data structure of a piece of transaction information is shown in FIG. 2 and includes:

a version number: a protocol version;

information about various input data and output data, and quantities of pieces of input and output transaction information;

a transaction request HASH value: used to prevent a transaction from being tampered with; in a blockchain technology, immutability of a transaction is guaranteed from two aspects, a HASH algorithm is a major technical means of the two aspects, and a HASH value is a value obtained after data is calculated by using the HASH algorithm; and

a digital signature of a submitter for this transaction, for example, the server uses a private key to sign a first transaction, and the target device may determine, based on the signature, that the transaction is initiated by the server.



[0055] It can be understood that the data structure of the transaction information shown in the figure is only some constituent parts of the transaction information. A piece of transaction information may further include more constituent parts than those shown in the figure.

[0056] In this embodiment, the target device may learn, based on the first transaction information, that the first participant has obtained control permission. A specific implementation manner may be that the first transaction information carries authorization information.

[0057] In this embodiment, the first transaction information includes information about the first participant and first data that includes information about a second participant. The first participant is user equipment, and the second participant may be the server itself, or may be a server-controllable target account, or may be another device or user. The second participant has a private key. This is not specifically limited herein.

[0058] A possible case is that when the second participant is the another device or user, a manner in which the server generates second transaction information may be that the server has the private key of the second participant, and it may be learned, based on the private key, that a second transaction is submitted by the second participant (the another device and user)

[0059] Another possible case is that the server instructs another device corresponding to the controllable target account, to use the private key of the second participant to generate the second transaction information.

[0060] In this embodiment, in addition to the information about the first participant and the information about the second participant, the first transaction information may further include information about a third participant or even information about more participants. A quantity of participants whose information is included is not limited herein, provided that at least the information about the first participant and the information about the second participant are included, that is, information about at least two participants needs to be included.

[0061] In this embodiment, the server fills in, for a first payee (the first participant) in the first transaction information, an address corresponding to a public key of the first payee. A manner in which the server obtains the address may be that the address is carried in the first message and sent to the server together with the first message, or may be that the address is stored in the server in advance. This is not specifically limited herein.

[0062] In this embodiment, when the user equipment requests, after obtaining the control permission, to manage the target device, the user equipment submits a transaction ID of the first transaction, a challenge value signed by using a private key, and a public key. The challenge value is provided to prove that the first participant actually has a private key, and therefore a temporarily given random number can be encrypted. After obtaining the first transaction information from a blockchain, the target device needs to determine that: 1. the public key address of the first payee (the first participant) is consistent with the public key provided by the first participant; 2. a submitter of the first transaction information is a valid server; and 3. no second transaction information exists. If all the three points are met, the target device accepts control by the first participant.

[0063] In this embodiment, data encrypted by using a private key may be decrypted by using a public key. Therefore, the first participant corresponds to the public key address of the user equipment, and the second participant corresponds to a public key address of an associated account of the authorization server or a public key address of the authorization server. Both the first participant and the second participant have their respective private keys. After obtaining the first transaction information, the target device obtains the public keys of the first participant and the second participant, and can decrypt different private keys by using the corresponding public keys, to authenticate identities of the first participant and the second participant.

[0064] In this embodiment, the first transaction information further includes first data information. The first data information includes the information about the second participant.

[0065] In this embodiment, the control permission is permission to control the target device.

[0066] 102. The server sends the first transaction information to the blockchain.

[0067] After generating the first transaction information, the server sends and adds the transaction information to a block block, and then the block is added to the entire blockchain.

[0068] 103. When the control permission is revoked, the server generates the second transaction information.

[0069] When the server itself determines to revoke the control permission, or the server receives a message sent by another device and then determines to revoke the control permission, the server generates the second transaction information. The second transaction information includes second data. There is a correspondence between the second data and the first data. In this embodiment, the correspondence between the second data and the first data is as follows: The first transaction information includes the transaction ID of the first transaction information, the information about the first participant, and the information about the second participant (for example, a public key address of the second participant), and the second transaction information includes the transaction ID of the first transaction information, a transaction ID of the second transaction information, and the private key of the second participant, where the private key is used to perform signature authentication to prove that the second transaction information is submitted by the second participant.

[0070] This embodiment is based on the blockchain technology. When this embodiment is applied to a behavior of bitcoin payment through transfer, a process is similar to that in this embodiment, but involves input and output of amounts of money. The following uses payment through transfer as an example to describe content of the second transaction information with reference to a specific application scenario.

[0071] Payment through transfer is used as an example. Content of the first transaction information is as follows: A has CNY 100, pays CNY 50 to B, and pays CNY 50 to A', where A' is A. The content of the second transaction information may be as follows: A payer A' has CNY 50, and pays CNY x to a payee C, where x is less than 50. The correspondence between the second data and the first data may be as follows: 1. the participant A' in the first transaction information and the participant A' in the second transaction information correspond to each other; 2. an amount of money in the first transaction information and an amount of money in the second transaction information correspond to each other; and 3. the second data includes a transaction source, that is, a transaction index number: the transaction ID TXID1 of the first transaction information. This embodiment is used for control authorization, but does not involve input and output of amounts of money. Therefore, the second transaction information needs to include only the private key of the second participant. Then, signature authentication is performed so that it is learned that the transaction information is initiated by the second participant.

[0072] 104. The server sends the second transaction information to the blockchain.

[0073] After the server generates the second transaction information including the second data, where there is the correspondence between the second data and the first data in the first transaction information, the server sends the second transaction information to the blockchain. After the target device obtains the second transaction information from the blockchain, the target device learns, based on the second transaction information, that the server has canceled the control permission of the first participant on the target device. The target device rejects control over the target device by the first participant.

[0074] In this embodiment, the server generates the second transaction information including the second data, where there is a correspondence between the second transaction information and the first data in the first transaction information. Therefore, when obtaining the second transaction information from the blockchain, the target device determines that the control permission has been revoked, and therefore rejects control over the target device by the first participant. In this way, when a blockchain-based technology is applied to an Internet of things, control permission of a user on a target device can be revoked based on a need.

[0075] In this embodiment, a reason why the target device can authorize, based on the first transaction information, the first participant to control the target device may be that the first transaction information carries the authorization information. In a blockchain, a manner of carrying authorization information varies according to blockchain type. When the blockchain is a private blockchain or an alliance blockchain, a field carrying authorization information is set in a data structure of the blockchain. The server needs to use only the field to describe the authorization information. Specifically, the authorization information is a digital certificate, and a formal HASH value is added to an optional field OP_RETURN of a transaction.

[0076] When the blockchain is a public blockchain, the authorization information may be carried in the first transaction information in a plurality of manners, for example, through a received amount of money in the first transaction information. Referring to FIG. 3, the following provides a description.

[0077] 301. A server receives a first message sent by a first participant.

[0078] In this embodiment, the first message is used by the first participant to request control permission on a target device.

[0079] When a user needs to control the target device, the first message is generated by using a portable smart terminal of the user, and is sent to the server for processing. After receiving the first message, the server parses data and an instruction that are carried in the first message, and learns that the user is requesting the control permission on the target device. The server determines whether to authorize the user to control the target device.

[0080] In this embodiment, the first participant is a party that requests to obtain the control permission on the target device. In an Internet of things, a first participant is generally a specific terminal device.

[0081] In this embodiment, content of the first message may be specifically "Please authorize the first participant to control the target device."

[0082] In this embodiment, a manner in which the first participant sends the first message to the server may be that instruction information is sent by using a smart device of the first participant, or may be that the first participant directly configures the server. This is not specifically limited herein.

[0083] 302. The server determines authorization information as permission X based on the first message.

[0084] In this embodiment, after determining to authorize the first participant to control the target device, the server determines the authorization information as the permission X.

[0085] 303. The server uses a target value in first transaction information to represent the permission X, and generates the first transaction information that carries the permission X.

[0086] In this embodiment, bitcoin is used as an example. A smallest unit of bitcoin is one Satoshi, corresponding to one hundred millionth of a bitcoin. A manner in which the server uses the target value in the first transaction information to represent the permission X may be as follows.
  1. (1) A received amount of money of the first participant is used for representation.
    For example, if the control permission is permission 5, the received amount of money of the first participant is 0.00000005 BTC.
  2. (2) A received amount of money of a second participant is used for representation.
    For example, if the control permission is permission 10, the received amount of money of the second participant is 0.0000001 BTC.
  3. (3) Received amounts of money of the first participant and the second participant are used for representation.
    For example, if the control permission is permission 5, a sum of received amounts of money of the first participant and the second participant is 0.0000005 BTC.
  4. (4) In this embodiment, when third transaction information further includes a third participant, a fourth participant,... and an Nth participant, the control permission may alternatively be represented by using a sum of amounts of money of at least two payees in the first to Nth payees. This is not specifically limited herein.


[0087] 304. The server sends the first transaction information to a blockchain.

[0088] 305. When the control permission is revoked, the server generates second transaction information.

[0089] 306. The server sends the second transaction information to the blockchain.

[0090] In this embodiment, embodiment steps 304, 305, and 306 are similar to embodiment steps 102, 103, and 104 shown in FIG. 1. Details are not described herein again.

[0091] In this embodiment, because the blockchain is a public blockchain, the received amount of money of the payee (participant) carries the authorization information in this embodiment, properly using a field in the first transaction information, and improving practical applicability of solution implementation.

[0092] The foregoing describes the device control method in the embodiments of this application from a perspective of the server. Referring to FIG. 4, the following describes a device control method in the embodiments of this application from a perspective of a target device.

[0093] 401. When a target device detects second transaction information in a blockchain, the target device determines, based on the second transaction information, that control permission has been revoked.

[0094] When the target device detects that the second transaction information exists in the blockchain, the target device can determine, based on the second transaction information, that control permission of a first participant has been revoked.

[0095] In this embodiment, a reason why the target device can determine, based on the second transaction information, that the control permission of the first participant has been revoked is that the second transaction information includes second data, and there is a correspondence between the second data and first data in first transaction information. The correspondence is similar to that in embodiment step 103, and details are not described herein again. The first transaction information may be generated when a server determines, after receiving a first message sent by the first participant, to authorize the first participant to control the target device. Therefore, the target device can accept, based on a first transaction, control by the first participant. However, when the target device detects the second transaction information with the foregoing characteristic, the target device determines that the control permission has been revoked, and therefore rejects control by the first participant.

[0096] 402. The target device determines the first participant in the first transaction information obtained from the blockchain.

[0097] After determining the second transaction information, the target device needs to further determine the first participant in the first transaction information. A reason is that when a plurality of participants are controlling the target device, the target device needs to determine whose control should be rejected.

[0098] In this embodiment, the first transaction information includes the first data, the first data includes information about a second participant, and the first transaction information further includes information about the first participant.

[0099] In this embodiment, the first transaction information includes the first data, the first data includes the information about the second participant, and the first transaction information further includes the information about the first participant. It can be understood that the first transaction information may further include information about a third participant or even information about more participants. A quantity of participants whose information is included is not limited herein, provided that at least the information about the first participant and the information about the second participant are included, that is, information about at least two participants needs to be included.

[0100] 403. The target device rejects control over the target device by the first participant.

[0101] In this embodiment, when the first participant requests to control the target device or after the target device accepts control by the second participant, the target device can reject, based on the second transaction information, control by the first participant.

[0102] In this embodiment, when the target device detects the second transaction information in the blockchain, the target device determines the first participant in the first transaction information, and rejects control by the first participant. In this way, when a blockchain-based technology is applied to an Internet of things, control permission of a user on a target device can be revoked based on a need.

[0103] In this embodiment, the target device may detect the second transaction information when verifying the control permission after obtaining the first transaction information, or may detect the second transaction information after accepting control by the first participant. This is not specifically limited herein. The following describes the two cases.

[0104] Case 1: The target device detects the second transaction information when verifying the control permission after obtaining the first transaction information. Referring to FIG. 5, the following provides a description.

[0105] 501. A server receives a first message sent by a first participant.

[0106] In this embodiment, embodiment step 501 is similar to embodiment step 301 shown in FIG. 3. Details are not described herein again.

[0107] 502. The server generates first transaction information based on the first message.

[0108] 503. The server sends the first transaction information to a blockchain.

[0109] 504. A target device obtains the first transaction information from the blockchain.

[0110] In this embodiment, after the server sends the first transaction information to the blockchain, the target device obtains the first transaction information.

[0111] 505. When control permission is revoked, the server generates second transaction information.

[0112] 506. The server sends the second transaction information to the blockchain.

[0113] In this embodiment, embodiment steps 502, 503, 505, and 506 are similar to embodiment steps 101, 102, 103, and 104 shown in FIG. 1. Details are not described herein again.

[0114] 507. The target device detects the second transaction information in the blockchain.

[0115] In this embodiment, after obtaining the first transaction information, the target device verifies control permission of the first participant in the first transaction information. During the verification, the target device also needs to verify whether the second transaction information exists. If the second transaction information exists, the target device determines that the control permission has been revoked. In this case, the verification fails, and the target device rejects control by the first participant.

[0116] 508. The target device determines, based on the second transaction information, that the control permission has been revoked.

[0117] 509. The target device determines the first participant in the first transaction information.

[0118] 510. The target device rejects control over the target device by the first participant.

[0119] In this embodiment, after the target device obtains the first transaction information from the blockchain and then detects the second transaction information in the blockchain, the target device rejects control by the first participant when the first participant requests to control the target device. This increases feasibility and diversity of solution implementation.

[0120] In this embodiment, embodiment steps 508, 509, and 510 are similar to embodiment steps 401, 402, and 403 shown in FIG. 4. Details are not described herein again.

[0121] Case 2: The target device detects the second transaction information after accepting control by the first participant. Referring to FIG. 6A and FIG. 6B, the following provides a description.

[0122] 601. A server receives a first message sent by a first participant.

[0123] 602. The server generates first transaction information based on the first message.

[0124] 603. The server sends the first transaction information to a blockchain.

[0125] In this embodiment, embodiment steps 601 to 603 are similar to embodiment steps 501 to 503 shown in FIG. 5. Details are not described herein again.

[0126] 604. A target device obtains the first transaction information from the blockchain.

[0127] In this embodiment, after the server sends the first transaction information to the blockchain, the target device obtains the first transaction information.

[0128] 605. The target device verifies control permission based on the first transaction information.

[0129] The target device verifies the control permission to mainly determine that: 1. a public key address of a first payee (the first participant) is consistent with a public key provided by the first participant; 2. a submitter of the first transaction information is a valid server; and 3. no second transaction information exists. If all the three points are met, the target device accepts control by the first participant.

[0130] 606. The target device determines that verifying the control permission succeeds.

[0131] 607. The target device accepts control over the target device by the first participant.

[0132] In this case, when the first participant requests to control the target device, the target device accepts control over the target device by the first participant.

[0133] 608. When the control permission is revoked, the server generates second transaction information.

[0134] 609. The server sends the second transaction information to the blockchain.

[0135] In this embodiment, embodiment steps 608 and 609 are similar to embodiment steps 503 and 504 shown in FIG. 5. Details are not described herein again.

[0136] 610. The target device periodically checks whether the second transaction exists in the blockchain.

[0137] In this embodiment, after accepting control by the first participant, the target device periodically checks whether the second transaction information exists in the blockchain. A check period may be preset on the target device.

[0138] 611. If the second transaction information exists in the blockchain, the target device determines, based on the second transaction information, that the control permission has been revoked.

[0139] If the second transaction information exists, the target device determines that the server has revoked the control permission of the first participant on the target device.

[0140] 612. The target device determines the first participant in a first transaction.

[0141] 613. The target device rejects control over the target device by the first participant.

[0142] In this embodiment, embodiment steps 612 and 613 are similar to embodiment steps 402 and 403 shown in FIG. 4. Details are not described herein again.

[0143] In this embodiment, the target device verifies the control permission in the first transaction information. When verifying the permission succeeds, the target device accepts control by the first participant. Then, the target device periodically checks whether the second transaction information exists. If the second transaction information exists, the target device rejects control by the first participant. This increases diversity of solution implementation.

[0144] Each piece of transaction information has a transaction ID. A plurality of pieces of transaction information may exist in the blockchain. A manner in which the target device obtains the first transaction information may be that the first participant submits a transaction ID of the first transaction to the target device, and the target device obtains the first transaction from the blockchain based on the ID; or may be that the target device obtains third transaction information submitted by the first participant, where there is a correspondence between the third transaction information and the first transaction information, and the target device determines an ID of the first transaction information based on the third transaction information, and then obtains the first transaction information. A latter manner is a one-time authorization manner because the third transaction information cannot be generated twice. The following describes each of the manners.

[0145] Manner 1: The target device obtains the ID of the first transaction sent by the first participant. Referring to FIG. 7, the following provides a description.

[0146] 701. A server receives a first message sent by a first participant.

[0147] 702. The server generates first transaction information based on the first message.

[0148] 703. The server sends the first transaction information to a blockchain.

[0149] In this embodiment, embodiment steps 701, 702, and 703 are similar to embodiment steps 501, 502, and 503 shown in FIG. 5. Details are not described herein again.

[0150] 704. A target device receives a transaction ID, of the first transaction information, sent by the first participant.

[0151] In this embodiment, the transaction ID may be used to indicate an address of the first transaction information in the blockchain, or may be a unique identifier of the first transaction information. The target device may obtain the first transaction information from the blockchain based on the identifier.

[0152] 705. The target device obtains the first transaction information from the blockchain based on the transaction ID.

[0153] In this embodiment, after obtaining the transaction ID of the first transaction information, the target device obtains the first transaction information based on the transaction ID.

[0154] 706. When the target device detects second transaction information in the blockchain, the target device determines, based on the second transaction information, that control permission has been revoked.

[0155] 707. The target device determines the first participant in the first transaction information.

[0156] 708. The target device rejects control over the target device by the first participant.

[0157] In this embodiment, embodiment steps 706 to 708 are similar to embodiment steps 401 to 403 shown in FIG. 4. Details are not described herein again.

[0158] In this embodiment, the first participant provides the transaction ID of the first transaction information to the target device, so that the target device can obtain the first transaction information from the blockchain. This increases feasibility of the solution.

[0159] Manner 2: The target device obtains the third transaction information sent by the first participant. Referring to FIG. 8, the following provides a description.

[0160] 801. A server receives a first message sent by a first participant.

[0161] 802. The server generates first transaction information based on the first message.

[0162] 803. The server sends the first transaction information to a blockchain.

[0163] In this embodiment, embodiment steps 801, 802, and 803 are similar to embodiment steps 501, 502, and 503 shown in FIG. 5. Details are not described herein again.

[0164] 804. A target device obtains third transaction information sent by the first participant.

[0165] In this embodiment, the first participant generates the third transaction information. The third transaction information includes third data in the first transaction information. The third data corresponds to the first participant.

[0166] In this embodiment, the third data corresponds to the first participant. In other words, the third data includes a private key of the first participant. The private key can be used to perform signature authentication to learn that the third transaction information is initiated by the first participant. Therefore, the third transaction information further includes a transaction source, namely, a transaction ID of the first transaction information or a transaction index.

[0167] In this embodiment, the target device may directly obtain the third transaction information from the first participant; or the target device may obtain the third transaction information from the blockchain after the first participant sends the third transaction information to the blockchain. This is not specifically limited herein.

[0168] In this embodiment, the first transaction information is associated with both second transaction information and the third transaction information, but specific association content is different. The following provides a description with reference to a specific application scenario.

[0169] Payment through transfer is used as an example. Content of the first transaction information is as follows: A has CNY 100, pays CNY 70 to B, and pays CNY 30 to A', where A' is A. Content of the second transaction information is as follows: A payer A' with CNY 30 pays CNY x to C, where x is less than 30. Content of the third transaction information is as follows: A payer B with CNY 70 pays CNY y to D, where y is less than 70.

[0170] 805. The target device determines the transaction ID of the first transaction information based on the third transaction information.

[0171] Because the transaction source of the third transaction information is the first transaction information, the target device can determine the transaction ID of the first transaction information based on the third transaction information.

[0172] 806. The target device obtains the first transaction information from the blockchain based on the transaction ID.

[0173] 807. When the target device detects the second transaction information in the blockchain, the target device determines, based on the second transaction information, that control permission has been revoked.

[0174] 808. The target device determines the first participant in the first transaction information.

[0175] 809. The target device rejects control over the target device by the first participant.

[0176] In this embodiment, embodiment steps 807 to 809 are similar to embodiment steps 401 to 403 shown in FIG. 4. Details are not described herein again.

[0177] In this embodiment, the target device obtains the third transaction information sent by the first participant, learns an address of the first transaction information based on the third transaction information, and obtains the first transaction information from the blockchain. This increases diversity of manners of obtaining the first transaction information.

[0178] FIG. 1 and FIG. 3 to FIG. 8 describe the embodiments of this application from a perspective of the device control method. Referring to FIG. 9, the following describes embodiments of this application from a perspective of a server.

[0179] A first generation unit 901 is configured to generate first transaction information. The first transaction information is used to indicate that a first participant has obtained control permission. The first transaction information includes information about the first participant and first data that includes information about a second participant. The control permission is permission to control a target device.

[0180] A first sending unit 902 is configured to send the first transaction information to a blockchain.

[0181] A second generation unit 903 is configured to generate second transaction information when the control permission is revoked. The second transaction information includes second data, and there is a correspondence between the second data and the first data.

[0182] A second sending unit 904 is configured to send the second transaction information to the blockchain. The second transaction information is used to indicate that the control permission on the target device has been revoked. That the control permission has been revoked is used to instruct the target device to reject control over the target device by the first participant.

[0183] In this embodiment, the first generation unit 901 generates the first transaction information; the first sending unit 902 sends the first transaction information to the blockchain; the second generation unit 903 generates the second transaction information when the control permission is revoked; and the second sending unit 904 sends the second transaction information to the blockchain, so that the target device rejects, based on the second transaction information, control by the first participant. In this embodiment, the second transaction information is generated to overwrite the first transaction information, so as to revoke authorization and reject control by the first participant.

[0184] In this embodiment, the first transaction information may carry authorization information by using a received amount of money. Referring to FIG. 10, the following provides a description.

[0185] A first generation unit 1001 is configured to generate first transaction information. The first transaction information is used to indicate that a first participant has obtained control permission. The first transaction information includes information about the first participant and first data that includes information about a second participant. The control permission is permission to control a target device.

[0186] A first sending unit 1002 is configured to send the first transaction information to a blockchain.

[0187] A second generation unit 1003 is configured to generate second transaction information when the control permission is revoked. The second transaction information includes second data, and there is a correspondence between the second data and the first data.

[0188] A second sending unit 1004 is configured to send the second transaction information to the blockchain. The second transaction information is used to indicate that the control permission on the target device has been revoked. That the control permission has been revoked is used to instruct the target device to reject control over the target device by the first participant.

[0189] The first generation unit includes:

a determining module 10011, configured to determine authorization information as permission X based on the first message, where the authorization information corresponds to the control permission; and

a generation module 10012, configured to use a target value in the first transaction information to represent the permission X, and generate the first transaction information that carries the permission X.



[0190] In this embodiment, after the determining module 10021 determines the authorization information as the permission X, the generation module 10012 generates the first transaction information in which the target value is used to represent the permission X, effectively using a field resource of the first transaction information.

[0191] FIG. 9 and FIG. 10 describe the embodiments of this application from the perspective of the server. Referring to FIG. 11, the following describes embodiments of this application from a perspective of a target device.

[0192] A first detection unit 1101 is configured to: when detecting second transaction information in a blockchain, determine, based on the second transaction information, that control permission has been revoked. The second transaction information includes second data. There is a correspondence between the second data and first data that includes information about a second participant. The control permission is permission to control the target device.

[0193] A first determining unit 1102 is configured to determine a first participant in first transaction information obtained from the blockchain. The first transaction information includes the first data and information about the first participant. The first transaction information is used to indicate that the first participant has obtained the control permission. The first transaction information is generated by the server.

[0194] A control rejection unit 1103 is configured to reject control over the target device by the first participant.

[0195] In this embodiment, from the perspective of the target device, when detecting the second transaction information in the blockchain, the first detection unit 1101 learns that the server has canceled the control permission of the first participant on the target device; the first determining unit 1102 determines the first participant in the first transaction information; and then the control rejection unit 1103 rejects control over the target device by the first participant.

[0196] In this embodiment, the target device may detect the second transaction information after accepting control by the first participant. Referring to FIG. 12, the following provides a description.

[0197] A receiving unit 1201 is configured to receive, from the blockchain, the first transaction information sent by the server.

[0198] A verification unit 1202 is configured to verify the control permission based on the first transaction information.

[0199] A second determining unit 1203 is configured to determine that verifying the control permission succeeds.

[0200] A control accepting unit 1204 is configured to accept control over the target device by the first participant.

[0201] A first detection unit 1205 is configured to: when detecting second transaction information in the blockchain, determine, based on the second transaction information, that the control permission has been revoked, where the second transaction information includes second data, there is a correspondence between the second data and first data that includes information about a second participant, and the control permission is permission to control the target device. A first determining unit 1206 is configured to determine the first participant in the first transaction information obtained from the blockchain, where the first transaction information includes the first data and information about the first participant, the first transaction information is used to indicate that the first participant has obtained the control permission, and the first transaction information is generated by the server.

[0202] A control rejection unit 1207 is configured to reject control over the target device by the first participant.

[0203] In this embodiment, the target device first accepts control by the first participant, and then detects the second transaction information and rejects control by the first participant. This increases diversity of solution implementation.

[0204] In this embodiment, the target device may detect the second transaction information in the blockchain in a periodic check manner. Referring to FIG. 13, the following provides a description.

[0205] A receiving unit 1301 is configured to receive, from the blockchain, the first transaction information sent by the server.

[0206] A verification unit 1302 is configured to verify the control permission based on the first transaction information.

[0207] A second determining unit 1303 is configured to determine that verifying the control permission succeeds.

[0208] A control accepting unit 1304 is configured to accept control over the target device by the first participant.

[0209] A second detection unit 1305 is configured to periodically check whether the second transaction exists in the blockchain.

[0210] An execution unit 1306 is configured to: if the second transaction exists in the blockchain, perform a step to be performed when the second transaction information is detected.

[0211] A first detection unit 1307 is configured to: when detecting the second transaction information in the blockchain, determine, based on the second transaction information, that the control permission has been revoked. The second transaction information includes second data. There is a correspondence between the second data and first data that includes information about a second participant. The control permission is permission to control the target device.

[0212] A first determining unit 1308 is configured to determine the first participant in the first transaction information obtained from the blockchain. The first transaction information includes the first data and information about the first participant. The first transaction information is used to indicate that the first participant has obtained the control permission. The first transaction information is generated by the server.

[0213] A control rejection unit 1309 is configured to reject control over the target device by the first participant.

[0214] In this embodiment, after accepting control by the first participant, the target device rejects control by the first participant when detecting the second transaction information through a periodic check. This increases diversity of solution implementation.

[0215] In this embodiment, there are a plurality of manners in which the target device obtains the first transaction information from the blockchain. Referring to FIG. 14, the following provides a description.

[0216] A receiving unit 1401 is configured to receive, from the blockchain, the first transaction information sent by the server.

[0217] A verification unit 1402 is configured to verify the control permission based on the first transaction information.

[0218] A second determining unit 1403 is configured to determine that verifying the control permission succeeds.

[0219] A control accepting unit 1404 is configured to accept control over the target device by the first participant.

[0220] A first detection unit 1405 is configured to: when detecting second transaction information in the blockchain, determine, based on the second transaction information, that the control permission has been revoked. The second transaction information includes second data. There is a correspondence between the second data and first data that includes information about a second participant. The control permission is permission to control the target device.

[0221] A first determining unit 1406 is configured to determine the first participant in the first transaction information obtained from the blockchain. The first transaction information includes the first data and information about the first participant. The first transaction information is used to indicate that the first participant has obtained the control permission. The first transaction information is generated by the server.

[0222] A control rejection unit 1407 is configured to reject control over the target device by the first participant.

[0223] The receiving unit includes:

a first receiving module 14011, configured to receive a transaction ID, of the first transaction information, sent by the first participant; and

a second receiving module 14012, configured to receive, from the blockchain based on the transaction ID, the first transaction information sent by the server; or

a third receiving module 14013, configured to receive third transaction information sent by the first participant, where the third transaction information includes third data, and the third data corresponds to the first participant;

a determining module 14014, configured to determine a transaction ID of the first transaction information based on the third transaction information; and

a fourth receiving module 14015, configured to receive, from the blockchain based on the transaction ID, the first transaction information sent by the server.



[0224] In this embodiment, two manners that the first participant sends the transaction ID of the first transaction to the target device and the first participant sends, to the target device, the third transaction information related to the first transaction information are provided, so that the target device can obtain the first transaction information from the blockchain. This increases diversity of solution implementation.

[0225] FIG. 15 is a schematic structural diagram of a server according to an embodiment of this application. The server 1500 may vary relatively greatly depending on configuration or performance, and may include one or more central processing units (central processing units, CPU) 1522 (for example, one or more processors) and memories 1532, and one or more storage media 1530 (for example, one or more storage devices) for storing an application program 1542 or data 1544. The memory 1532 and the storage medium 1530 may be ephemeral storage or persistent storage. A program stored in the storage medium 1530 may include one or more modules (not shown in the figure), and each module may include a series of operation instructions for the server. Further, the central processing unit 1522 may be configured to communicate with the storage medium 1530. The series of operation instructions in the storage medium 1530 are executed on the server 1500.

[0226] The central processing unit 1522 may perform the following steps based on operation instructions:

generating first transaction information, where the first transaction information is used to indicate that a first participant has obtained control permission, the first transaction information includes information about the first participant and first data that includes information about a second participant, and the control permission is permission to control a target device;

sending the first transaction information to a blockchain;

when the control permission is revoked, generating second transaction information, where the second transaction information includes second data, and there is a correspondence between the second data and the first data; and

sending the second transaction information to the blockchain, where the second transaction information is used to indicate that the control permission on the target device has been revoked, and that the control permission has been revoked is used to instruct the target device to reject control over the target device by the first participant.



[0227] The server 1500 may further include one or more power supplies 1526, one or more wired or wireless network interfaces 1550, one or more input/output interfaces 1558, and/or one or more operating systems 1541, for example, Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, and FreeBSDTM.

[0228] Steps performed by the server in the foregoing embodiments may be based on a server structure shown in FIG. 15.

[0229] FIG. 16 is a schematic structural diagram of a target device according to an embodiment of this application. The target device 1600 may vary relatively greatly depending on configuration or performance, and may include one or more central processing units (central processing units, CPU) 1622 (for example, one or more processors) and memories 1632, and one or more storage media 1630 (for example, one or more storage devices) for storing an application program 1642 or data 1644. The memory 1632 and the storage medium 1630 may be ephemeral storage or persistent storage. A program stored in the storage medium 1630 may include one or more modules (not shown in the figure), and each module may include a series of operation instructions for the target device. Further, the central processing unit 1622 may be configured to communicate with the storage medium 1630. The series of operation instructions in the storage medium 1630 are executed on the target device 1600.

[0230] The central processing unit 1622 may perform the following steps based on the operation instructions:

when detecting second transaction information in a blockchain, determining, based on the second transaction information, that control permission has been revoked, where the second transaction information includes first data, and the first data corresponds to a second participant;

when detecting second transaction information in a blockchain, determining, based on the second transaction information, that control permission has been revoked, where the second transaction information includes second data, there is a correspondence between the second data and first data that includes information about a second participant, and the control permission is permission to control the target device;

determining a first participant in first transaction information obtained from the blockchain, where the first transaction information includes the first data and information about the first participant, the first transaction information is used to indicate that the first participant has obtained the control permission, and the first transaction information is generated by the server; and

rejecting control over the target device by the first participant.



[0231] The target device 1600 may further include one or more power supplies 1626, one or more wired or wireless network interfaces 1650, one or more input/output interfaces 1658, and/or one or more operating systems 1641, for example, Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, and FreeBSDTM.

[0232] Steps performed by the target device in the foregoing embodiments may be based on a target device structure shown in FIG. 16.

[0233] It may be clearly understood by a person skilled in the art that, for the purpose of convenient and brief description, for a detailed working process of the foregoing system, apparatus, and unit, refer to a corresponding process in the foregoing method embodiments, and details are not described herein again.

[0234] In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the described apparatus embodiments are merely examples. For example, the unit division is merely logical function division and may be other division in actual implementation. For example, a plurality of units or components may be combined or integrated into another system, or some features may be ignored or not performed. In addition, the displayed or discussed mutual couplings or direct couplings or communication connections may be implemented by using some interfaces. The indirect couplings or communication connections between the apparatuses or units may be implemented in electrical, mechanical, or other forms.

[0235] The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units may be selected based on actual requirements to achieve the objectives of the solutions of the embodiments.

[0236] In addition, functional units in the embodiments of this application may be integrated into one processing unit, or each of the units may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in a form of hardware, or may be implemented in a form of a software functional unit.

[0237] When the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, the integrated unit may be stored in a computer-readable storage medium. Based on such an understanding, the technical solutions of this application essentially, or the part contributing to the prior art, or all or some of the technical solutions may be implemented in a form of a software product. The computer software product is stored in a storage medium and includes instructions for instructing a computer device (which may be a personal computer, a local client, a network device, or the like) to perform all or some of the steps of the methods in the embodiments in FIG. 1 and FIG. 3 to FIG. 8 in this application. The foregoing storage medium includes: any medium that can store program code, such as a USB flash drive, a removable hard disk, a read-only memory (read-only memory, ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disc.

[0238] The foregoing embodiments are merely intended for describing the technical solutions of this application, but not for limiting this application. Although this application is described in detail with reference to the foregoing embodiments, persons of ordinary skill in the art should understand that they may still make modifications to the technical solutions described in the foregoing embodiments or make equivalent replacements to some technical features thereof, without departing from the spirit and scope of the technical solutions of the embodiments of this application.


Claims

1. A device control method, comprising:

generating, by a server, first transaction information, wherein the first transaction information is used to indicate that a first participant has obtained control permission, the first transaction information comprises information about the first participant and first data that comprises information about a second participant, and the control permission is permission to control a target device;

sending, by the server, the first transaction information to a blockchain;

when the control permission is revoked, generating, by the server, second transaction information, wherein the second transaction information comprises second data, and there is a correspondence between the second data and the first data; and

sending, by the server, the second transaction information to the blockchain, wherein the second transaction information is used to indicate that the control permission on the target device has been revoked, and that the control permission has been revoked is used to instruct the target device to reject control over the target device by the first participant.


 
2. The method according to claim 1, wherein the generating, by a server, first transaction information comprises:

determining, by the server, authorization information as permission X, wherein the authorization information corresponds to the control permission; and

using, by the server, a target value in the first transaction information to represent the permission X, and generating the first transaction information that carries the permission X.


 
3. The method according to claim 1 or 2, wherein the second participant comprises:
a target account of the server, wherein the target account is controlled by the server.
 
4. A device control method, comprising:

when a target device detects second transaction information in a blockchain, determining, by the target device based on the second transaction information, that control permission has been revoked, wherein the second transaction information comprises second data, there is a correspondence between the second data and first data that comprises information about a second participant, and the control permission is permission to control the target device;

determining, by the target device, a first participant in first transaction information obtained from the blockchain, wherein the first transaction information comprises the first data and information about the first participant, the first transaction information is used to indicate that the first participant has obtained the control permission, and the first transaction information is generated by the server; and

rejecting, by the target device, control over the target device by the first participant.


 
5. The method according to claim 4, wherein before the determining, by the target device based on the second transaction information, that control permission has been revoked, the method further comprises:

receiving, by the target device from the blockchain, the first transaction information sent by the server;

verifying, by the target device, the control permission based on the first transaction information;

determining, by the target device, that verifying the control permission succeeds; and

accepting, by the target device, control over the target device by the first participant.


 
6. The method according to claim 5, wherein after the accepting, by the target device, control over the target device by the first participant, and before the determining, by the target device based on the second transaction information, that control permission has been revoked, the method further comprises:

periodically checking, by the target device, whether the second transaction exists in the blockchain; and

if the second transaction exists in the blockchain, performing, by the target device, a step to be performed when the second transaction information is detected.


 
7. The method according to claim 5 or 6, wherein the receiving, by the target device from the blockchain, the first transaction information sent by the server comprises:

receiving, by the target device, a transaction ID, of the first transaction information, sent by the first participant; and

receiving, by the target device from the blockchain based on the transaction ID, the first transaction information sent by the server; or

receiving, by the target device, third transaction information sent by the first participant, wherein the third transaction information comprises third data, and the third data corresponds to the first participant;

determining, by the target device, a transaction ID of the first transaction information based on the third transaction information; and

receiving, by the target device from the blockchain based on the transaction ID, the first transaction information sent by the server.


 
8. A server, comprising:

a first generation unit, configured to generate first transaction information, wherein the first transaction information is used to indicate that a first participant has obtained control permission, the first transaction information comprises information about the first participant and first data that comprises information about a second participant, and the control permission is permission to control a target device;

a first sending unit, configured to send the first transaction information to a blockchain;

a second generation unit, configured to generate second transaction information when the control permission is revoked, wherein the second transaction information comprises second data, and there is a correspondence between the second data and the first data; and

a second sending unit, configured to send the second transaction information to the blockchain, wherein the second transaction information is used to indicate that the control permission on the target device has been revoked, and that the control permission has been revoked is used to instruct the target device to reject control over the target device by the first participant.


 
9. The server according to claim 8, wherein the first generation unit comprises:

a determining module, configured to determine authorization information as permission X, wherein the authorization information corresponds to the control permission; and

a generation module, configured to use a target value in the first transaction information to represent the permission X, and generate the first transaction information that carries the permission X.


 
10. A target device, comprising:

a first detection unit, configured to: when detecting second transaction information in a blockchain, determine, based on the second transaction information, that control permission has been revoked, wherein the second transaction information comprises second data, there is a correspondence between the second data and first data that comprises information about a second participant, and the control permission is permission to control the target device;

a first determining unit, configured to determine a first participant in first transaction information obtained from the blockchain, wherein the first transaction information comprises the first data and information about the first participant, the first transaction information is used to indicate that the first participant has obtained the control permission, and the first transaction information is generated by the server; and

a control rejection unit, configured to reject control over the target device by the first participant.


 
11. The target device according to claim 10, wherein the target device further comprises:

a receiving unit, configured to receive, from the blockchain, the first transaction information sent by the server;

a verification unit, configured to verify the control permission based on the first transaction information;

a second determining unit, configured to determine that verifying the control permission succeeds; and

a control accepting unit, configured to accept control over the target device by the first participant.


 
12. The target device according to claim 11, wherein the target device further comprises:

a second detection unit, configured to periodically check whether the second transaction exists in the blockchain; and

an execution unit, configured to: if the second transaction exists in the blockchain, perform a step to be performed when the second transaction information is detected.


 
13. The target device according to claim 11 or 12, wherein the receiving unit comprises:

a first receiving module, configured to receive a transaction ID, of the first transaction information, sent by the first participant; and

a second receiving module, configured to receive, from the blockchain based on the transaction ID, the first transaction information sent by the server; or

a third receiving module, configured to receive third transaction information sent by the first participant, wherein the third transaction information comprises third data, and the third data corresponds to the first participant;

a determining module, configured to determine a transaction ID of the first transaction information based on the third transaction information; and

a fourth receiving module, configured to receive, from the blockchain based on the transaction ID, the first transaction information sent by the server.


 
14. A server, comprising a memory, a transceiver, a processor, and a bus system, wherein
the memory is configured to store a program and an instruction;
the transceiver is configured to send or receive information under control of the processor;
the processor is configured to execute the program in the memory; and
the bus system is configured to connect the memory, the transceiver, and the processor, so that the memory, the transceiver, and the processor communicate with each other, wherein
the processor is configured to invoke the program and the instruction in the memory to perform the method according to any one of claims 1 to 3.
 
15. A target device, comprising a memory, a transceiver, a processor, and a bus system, wherein
the memory is configured to store a program and an instruction;
the transceiver is configured to send or receive information under control of the processor;
the processor is configured to execute the program in the memory; and
the bus system is configured to connect the memory, the transceiver, and the processor, so that the memory, the transceiver, and the processor communicate with each other, wherein
the processor is configured to invoke the program and the instruction in the memory to perform the method according to any one of claims 4 to 7.
 
16. A computer-readable storage medium, comprising an instruction, wherein when the instruction is run on a computer, the computer is enabled to perform the method according to any one of claims 1 to 7.
 
17. A computer program product comprising an instruction, wherein when the computer program product is run on a computer, the computer is enabled to perform the method according to any one of claims 1 to 7.
 




Drawing














































Search report










Cited references

REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description