CN106254400A - IoT connectivity architecture - Google Patents

Abstract

An internet of things connection architecture is composed of a client device, a cloud device and a plurality of agent devices; the client device is a device with a wireless communication function and a specific user identifier; the cloud device has a function of communicating with the client, and confirms that the client device is one of the client devices in the Internet of things by the specific user identifier of the client; and the proxy server device is provided with the website and the password and can communicate with the cloud device. After the cloud device confirms that the client device is a device of the internet of things, the client device can only communicate with the proxy server device, and then the proxy server device communicates with the cloud device.

Description

Translated fromChinese

物联网连接架构IoT connectivity architecture

技术领域technical field

本发明是有关于一种云端服务应用的系统，特别是有关于一种使用物联网连接架构，以及使用此物联网连接架构将产品的物流、仓储及销售状况传送到云端装置进处理的管理系统。The present invention relates to a cloud service application system, in particular to a management system that uses the Internet of Things connection architecture and uses the Internet of Things connection architecture to transmit the logistics, warehousing and sales status of products to cloud devices for processing .

背景技术Background technique

随着科技的快速发展与经济的结构巨变，传统「企业对企业」的竞争形态已演变为「供应链对供应链」的竞争局面。提升供应链信息整合功能，以改善物流效率及降低物流成本，是现今企业创造竞争力的重要课题。随着「无线射频识别」(Radio Frequency Identification，RFID)技术的进步，RFID已逐渐被采用于供应链活动与流程改造。With the rapid development of technology and the dramatic changes in the economic structure, the traditional "business-to-business" competition has evolved into a "supply chain-to-supply chain" competition. Improving the information integration function of the supply chain to improve logistics efficiency and reduce logistics costs is an important issue for enterprises to create competitiveness today. With the advancement of Radio Frequency Identification (RFID) technology, RFID has been gradually adopted in supply chain activities and process transformation.

在物流管理的特性中，有助于提高产业竞争力的两种特性因子分别为效率性与完整性。首先，就效率性而言，不只是在一定时间内把货物送至客户手中而已，还要加上在同时间内把不同的货物送至不同的客户手中的整合性配送方式。其次，就完整性而言，不只有提供货物的实体完整性，还要提供货物内容信息。厂商为了提升这两种特性，必须要取得货物本身的实时信息，而将RFID技术配合云端监控系统，即可协助企业与其伙伴(经销商)，能够在第一时间掌控物流，以便能够实时的产生货物的实时信息。Among the characteristics of logistics management, two characteristic factors that help to improve industrial competitiveness are efficiency and integrity. First of all, in terms of efficiency, it is not only about delivering goods to customers within a certain period of time, but also an integrated delivery method that delivers different goods to different customers at the same time. Secondly, in terms of integrity, not only the physical integrity of the goods is provided, but also the content information of the goods. In order to improve these two characteristics, manufacturers must obtain real-time information on the goods themselves. Using RFID technology with the cloud monitoring system can help enterprises and their partners (distributors) to control the logistics at the first time, so as to be able to produce in real time. Real-time information on cargo.

藉由RFID与云端监控系统所提供的实时信息，可提高顾客对于货物的完整性的满意度。货物的完整性不单只有实体货品的完整性，其货物内容的信息的提供，也是货物完整性的考虑方面。而且单针对货物从生产工厂出产之后，到顾客的手中，在这个过程中，RFID让物流中心对于货物的监控情形，与实时提供货品信息可进一步作风险评估。With the real-time information provided by RFID and cloud monitoring system, customer satisfaction with the integrity of the goods can be improved. The integrity of the goods is not only the integrity of the physical goods, the provision of information on the contents of the goods is also a consideration of the integrity of the goods. And only for the goods from the production factory to the hands of customers. During this process, RFID allows the logistics center to monitor the situation of the goods and provide real-time information on the goods for further risk assessment.

在物流管理的特性中，效率和安全是其中最重要的二个环节，因此对于制造商和托运业者来说，如何有效追踪及管理商品是最重要的问题之一。如果厂商想要提升这两种特性，则必须要取得货物本身的实时信息，而透过RFID与云端监控系统的技术便能够产生实时的货物完整信息。Among the characteristics of logistics management, efficiency and safety are the two most important links. Therefore, for manufacturers and shippers, how to effectively track and manage goods is one of the most important issues. If manufacturers want to improve these two features, they must obtain real-time information on the goods themselves, and real-time complete information on the goods can be generated through the technology of RFID and cloud monitoring systems.

此外，经由RFID与云端监控系统的建制，使用业务端库存量亦可快速回传企业总部，使企业总部能够在最短的时间内掌握第一手的商品销售状况跟市场需求。因此可以有效改善以往企业下订采购的时程，例如:以往下订采购的时程往往以月为单位，若估算错误则造成货品囤积(多估)或者失去销售获利机会(少估)；而当企业总部能够实时掌控销售状况跟市场需求时，可使企业快速反应，越短的下订采购时间表示企业可依市场实际反应，及时增加或减少供货，有效降低风险、增加获利。In addition, through the establishment of RFID and cloud monitoring system, the inventory on the business side can also be quickly sent back to the corporate headquarters, so that the corporate headquarters can grasp first-hand product sales and market demand in the shortest possible time. Therefore, it is possible to effectively improve the timetable for ordering purchases in the past. For example, the timetable for ordering purchases in the past was often based on months. If the estimate is wrong, it will cause stockpiling of goods (overestimation) or loss of sales profit opportunities (underestimation); When the corporate headquarters can control the sales status and market demand in real time, the company can respond quickly. The shorter the ordering time, the shorter the ordering time means that the company can increase or decrease supply in time according to the actual market response, effectively reducing risks and increasing profits.

能够形成上述这些应用，是因为物联网(Internet of Things；IOT)连接架构的建立。物联网是藉由一个高度整合的云端网络，将每个人与周遭的事物全部连接在一个网络内；例如:制造者、消费者、机器、生产原料、产品生产过程、物流管理、产品销售状况、消费习惯等，所有从产品生产到产品销售，进而到根据这些产品销售状况的大数据(big data)，推断或预估出消费者的消费习惯等，都可以通过产品上的感测组件(例如:RFID、电子标签)与软件程序连接到物联网平台。同样的，物联网在效率和安全是最重要的二个关键条件，然而，效率和安全却是两个互相抵触的指标。因此，如何兼顾效率和安全是物流管理系统能否成功应用的关键。The above-mentioned applications can be formed because of the establishment of the connection architecture of the Internet of Things (IOT). The Internet of Things is a highly integrated cloud network that connects everyone and everything around them in one network; for example: manufacturers, consumers, machines, production materials, product production processes, logistics management, product sales status, Consumption habits, etc., all from product production to product sales, and then based on the big data (big data) of these product sales conditions, infer or estimate consumers' consumption habits, etc., can be detected through the sensing components on the product (such as : RFID, electronic tags) and software programs are connected to the IoT platform. Similarly, efficiency and security are the two most important key conditions for the Internet of Things. However, efficiency and security are two contradictory indicators. Therefore, how to balance efficiency and safety is the key to the successful application of logistics management system.

发明内容Contents of the invention

为了将上述的需求实际运用在企业运营上，本发明的主要目的在于提供一种物联网的连通架构，包括:客户端装置，为具有无线通信功能的装置，藉由特定用户标识符确认客户端装置为物联网中的其中之一个客户端装置；云端装置，具有与客户端通信的功能，可以藉由且特定用户标识符来确认客户端装置为物联网中的其中之一个客户端装置；代理伺服装置，具有网址及密码，并能与云端装置通信；其中，于云端装置提供代理伺服装置的网址及密码予客户端装置后，客户端装置只能与代理伺服装置通信，并再由代理伺服装置与该云端装置通信，以便将客户端装置上的讯息传至云端装置中；可以提高物联网的安全性、效率性与降低商业运营的成本。In order to actually apply the above requirements to enterprise operations, the main purpose of the present invention is to provide a connectivity architecture for the Internet of Things, including: a client device, which is a device with wireless communication functions, and the client device is identified by a specific user identifier The device is one of the client devices in the Internet of Things; the cloud device has the function of communicating with the client, and can confirm that the client device is one of the client devices in the Internet of Things through a specific user identifier; the agent The server device has a website address and password, and can communicate with the cloud device; wherein, after the cloud device provides the website address and password of the proxy server device to the client device, the client device can only communicate with the proxy server device, and then the proxy server device The device communicates with the cloud device so as to transmit the information on the client device to the cloud device; the security and efficiency of the Internet of Things can be improved and the cost of business operation can be reduced.

本发明的另一主要目的在于提供一种使用本发明物联网连通架构的物品物流管理系统，能够提高物流管理的效率性与降低运营的成本。Another main purpose of the present invention is to provide an item logistics management system using the Internet of Things connectivity architecture of the present invention, which can improve the efficiency of logistics management and reduce operating costs.

依据上述目的，本发明首先提供一种物联网的连通架构，包括:客户端装置，具有无线通信功能的装置，且具有特定用户标识符；云端装置，具有与客户端装置通信的功能，藉由特定用户标识符确认客户端装置为物联网中的其中之一个客户端装置；代理伺服装置，具有网址及密码，并能与云端装置通信；其中，于云端装置提供代理伺服装置的网址及密码予物联网中的客户端装置后，客户端装置只能与代理伺服装置通信，并再由代理伺服装置与云端装置通信，以便将客户端装置上的讯息传至云端装置中。According to the above purpose, the present invention firstly provides a connectivity architecture of the Internet of Things, including: a client device, a device with a wireless communication function, and has a specific user identifier; a cloud device, with a function of communicating with the client device, by The specific user identifier confirms that the client device is one of the client devices in the Internet of Things; the proxy server device has a website address and a password, and can communicate with the cloud device; wherein, the cloud device provides the website address and password of the proxy server device to After the client device in the Internet of Things, the client device can only communicate with the proxy server device, and then the proxy server device communicates with the cloud device, so as to transmit the information on the client device to the cloud device.

本发明接着提供一种物联网的连通架构，包括:多个客户端装置，每一个客户端装置均为具有无线通信功能的装置，且每一个客户端装置均具有特定的用户标识符；云端装置，具有与每一个客户端装置通信的功能，藉由每一个特定用户标识符确认每一个客户端装置均为物联网中的其中之一个客户端装置；多个代理伺服装置，每一个代理伺服装置具有网址及密码，并能与云端装置通信；其中，于云端装置提供每一个代理伺服装置的网址及密码予至少一个物联网中的客户端装置形成配对后，每一个客户端装置只能与配对的代理伺服装置通信，并再由代理伺服装置与云端装置通信，以便将每一个客户端装置上的讯息传至云端装置中。The present invention then provides a connectivity architecture for the Internet of Things, including: a plurality of client devices, each of which is a device with a wireless communication function, and each of the client devices has a specific user identifier; a cloud device , has the function of communicating with each client device, and confirms that each client device is one of the client devices in the Internet of Things by each specific user identifier; multiple proxy server devices, each proxy server device Have a URL and password, and be able to communicate with the cloud device; wherein, after the cloud device provides the URL and password of each proxy server device to at least one client device in the Internet of Things to form a pair, each client device can only be paired with The proxy server device communicates, and then the proxy server device communicates with the cloud device, so that the information on each client device is transmitted to the cloud device.

附图说明Description of drawings

图1为本发明的物联网连接架构示意图。FIG. 1 is a schematic diagram of the Internet of Things connection architecture of the present invention.

图2为本发明的物联网连接架构另一实施例的示意图。FIG. 2 is a schematic diagram of another embodiment of the Internet of Things connection architecture of the present invention.

图3为本发明的物联网连接方法的流程图。FIG. 3 is a flow chart of the IoT connection method of the present invention.

图4为发明的物联网连接方法的另一实施例的示意图。Fig. 4 is a schematic diagram of another embodiment of the inventive IoT connection method.

图5为本发明的物联网产品的物流管理系统架构示意图。FIG. 5 is a schematic diagram of the logistics management system architecture of the Internet of Things product of the present invention.

图6为本发明的读写装置结构示意图。Fig. 6 is a schematic structural diagram of the read-write device of the present invention.

图7A为本发明的云端装置结构示意图。FIG. 7A is a schematic structural diagram of the cloud device of the present invention.

图7B为本发明储存在内存模块中的安全判断数据示意图。FIG. 7B is a schematic diagram of the security judgment data stored in the memory module according to the present invention.

图7C为本发明储存在内存模块内的仓储数据示意图。FIG. 7C is a schematic diagram of storage data stored in the memory module according to the present invention.

图8为本发明的物联网产品物流管理系统第一实施例示意图。FIG. 8 is a schematic diagram of the first embodiment of the IoT product logistics management system of the present invention.

图9为本发明的物联网产品物流管理系统第一实施例中的第二位置区域示意图。FIG. 9 is a schematic diagram of a second location area in the first embodiment of the IoT product logistics management system of the present invention.

图10为本创发明的物联网产品物流管理系统第二实施例的产品仓储管理示意图。FIG. 10 is a schematic diagram of product warehouse management in the second embodiment of the IoT product logistics management system of the present invention.

图11为本发明的物联网产品物流管理系统第二实施例的产品销售管理示意图。Fig. 11 is a schematic diagram of product sales management in the second embodiment of the IoT product logistics management system of the present invention.

图12为本发明中的管理者讯息显示的示意图。FIG. 12 is a schematic diagram of manager message display in the present invention.

【主要组件符号说明】[Description of main component symbols]

通信方向 S1～S10Communication direction S1～S10

产品 10Product 10

电子标签 12Electronic tags 12

读写装置 31/32/33/41/42/43/51/52/53/61/62/63/71Reader/Writer 31/32/33/41/42/43/51/52/53/61/62/63/71

客户端装置(读写装置) 100Client devices (reading and writing devices) 100

控制器 110/210/310/410Controller 110/210/310/410

天线 120/220/320/420Antenna 120/220/320/420

输出入接口 130I/O interface 130

无线传输模块 140/240/340/440Wireless transmission module 140/240/340/440

定位装置 150Positioning device 150

消磁模块 170Degaussing module 170

云端装置 500Cloud device 500

接收/发射接口模块 510Receive/Transmit Interface Module 510

数据处理模块 520Data processing module 520

内存模块 530memory module 530

显示模块 600Display module 600

代理伺服装置 700proxy server 700

具体实施方式detailed description

为使本发明的目的、技术特征及优点，能更为相关技术领域人员所了解并得以实施本发明，在此配合所附图式，于后续的说明书阐明本发明的技术特征与实施方式，并列举较佳实施例进一步说明，然以下实施例说明并非用以限定本发明，且以下文中所对照的图式，表达与本发明特征有关的示意。In order to make the purpose, technical features and advantages of the present invention better understood by those skilled in the art and able to implement the present invention, the technical features and implementation methods of the present invention are explained in the following description in conjunction with the accompanying drawings, and The preferred embodiments are listed for further description, but the descriptions of the following embodiments are not intended to limit the present invention, and the schematic diagrams related to the characteristics of the present invention are expressed in the following drawings.

首先，请参考图1，是本发明的物联网连接架构示意图。如图1所示，物联网连接架构是由客户端装置(client device)100、云端装置(clouddevice)500及至少一个代理装置(broker device)700所组成；其中，客户端装置100为一种具有无线通信功能且具有特定用户标识符的装置；云端装置500，具有与客户端100通信的功能，藉由客户端100的特定用户标识符确认客户端装置100为物联网中的其中之一个客户端装置100；以及代理伺服装置700，具有其网址及密码，并能与云端装置500通信。First, please refer to FIG. 1 , which is a schematic diagram of the Internet of Things connection architecture of the present invention. As shown in FIG. 1 , the Internet of Things connection architecture is composed of a client device (client device) 100, a cloud device (clouddevice) 500, and at least one agent device (broker device) 700; wherein, the client device 100 is a device with A device with a wireless communication function and a specific user identifier; the cloud device 500 has the function of communicating with the client 100, and the client device 100 is confirmed as one of the clients in the Internet of Things by the specific user identifier of the client 100 The device 100; and the proxy server device 700, which has its URL and password, and can communicate with the cloud device 500.

在本发明的物联网连接架构中，客户端装置100是一种随时变动的浮动IP(Internet Protocol)的无线通信功能的装置(例如:个人计算机、笔记本计算机、智能型手机、智能型便携设备、智能型读取装置等)，并且每一个客户端装置100都具有独特性的标识符(例如:制造厂商于出厂时所设定的编码；又例如:MAC Address等硬件数据)，以便用来产生客户端装置100的通用唯一标识符(Universally Unique Identifier；缩写为uuid)，用以辨识或防止黑客侵入。此外，在本发明的物联网连接架构中，云端装置500是一种固定式域名系统(Domain Name System；缩写为DNS)，其具有服务器(sever)的功能并且具有与客户端装置100通信的功能，同时云端装置500至少是由接收/发射接口模块、数据处理模块及内存模块等装置所组成；因此，云端装置500已经记录着所有属于本发明物联网中的所有客户端的uuid并已储存在内存模块中，形成数据库。再者，代理伺服装置700是一种随时变动的浮动IP，其最主要的工作是将确认是为物联网中的客户端装置100所传送的编码数据串在接收后，直接传送出至云端装置500；特别要说明的是，代理伺服装置700在收到客户端装置所传送的数据串后，不做任何处理，而是直接将接收到的资料串直接传送出去，在云端装置500收到代理伺服装置700的数据串后，再经过解碼后，才会对客户端装置100所传送的数据串进行处理。很明显的，在本发明的物联网连接架构中，在整个客户端装置100将数据串递给云端装置500的过程中，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率，可以大幅度的提高物联网的安全性。In the Internet of Things connection architecture of the present invention, the client device 100 is a device with a floating IP (Internet Protocol) wireless communication function that changes at any time (for example: personal computer, notebook computer, smart phone, smart portable device, intelligent reading device, etc.), and each client device 100 has a unique identifier (for example: the code set by the manufacturer when leaving the factory; another example: hardware data such as MAC Address), so as to be used to generate The universally unique identifier (Universally Unique Identifier; abbreviated as uuid) of the client device 100 is used to identify or prevent hackers from entering. In addition, in the Internet of Things connection framework of the present invention, the cloud device 500 is a fixed domain name system (Domain Name System; abbreviated as DNS), which has the function of a server (sever) and has the function of communicating with the client device 100 At the same time, the cloud device 500 is at least composed of devices such as a receiving/transmitting interface module, a data processing module, and a memory module; therefore, the cloud device 500 has recorded all uuids belonging to all clients in the Internet of Things of the present invention and stored them in memory In the module, a database is formed. Furthermore, the proxy server device 700 is a floating IP that changes at any time, and its main job is to directly send the coded data string that is confirmed to be sent by the client device 100 in the Internet of Things to the cloud device after receiving it. 500; in particular, after receiving the data string transmitted by the client device, the proxy server device 700 does not perform any processing, but directly transmits the received data string, and the cloud device 500 receives the proxy After the data string sent by the server device 700 is decoded, the data string sent by the client device 100 will be processed. Obviously, in the Internet of Things connection architecture of the present invention, during the entire process of the client device 100 passing the data string to the cloud device 500, the cloud device 500 will not directly expose its own address, so it can reduce the number of cloud devices. 500% chance of being hacked can greatly improve the security of the Internet of Things.

而在本发明的物联网连接架构的较佳实施例中，可以将多个客户端装置100分为多个群组，每一个群组分别对应或配对至一个代理伺服装置700，故在本发明的物联网连接架构中，可以有多个代理伺服装置700，如图2所示。当云端装置500判断其中一个代理伺服装置700遭受黑客攻击后，可以选择将被攻击的代理伺服装置700关闭，或再重新建立一个新的代理伺服装置700的网址及密码，可以更确保本发明物联网的安全性。此外，在本发明的实施例中，代理伺服装置700是选择使用MQTT(Message Queuing TelemetryTransport)的通信标准(protocol)来做数据串的传送。由于MQTT是为了物联网而设计的协议，特别是基于发布/订阅模式的轻量级消息传输协议，其为IBM的Andy Stanford-Clark博士及Arcom公司的Arlen Nipper博士于1999年发明；最初是为大量计算能力有限且工作在低带宽、不可靠的网络的远程传感器和控制设备之间的通讯而设计的协议。因此，MQTT具有传输资料小且轻巧的优点，可以在带宽及速度上都有极大优势；也由于其所需要的网络带宽是很低的，因而使得其所需要的硬件资源也是低的，故可以将物联网系统或是使用此物联网架构的各种商业运营系统(例如物流管理或是产品的生产履历等)的效率性提升；也因此可以有效地降低商业运营的成本。In a preferred embodiment of the Internet of Things connection architecture of the present invention, multiple client devices 100 can be divided into multiple groups, and each group corresponds to or is paired with a proxy server device 700, so in the present invention In the Internet of Things connection architecture, there may be multiple proxy server devices 700, as shown in FIG. 2 . When the cloud device 500 judges that one of the proxy server devices 700 has been attacked by hackers, it can choose to close the attacked proxy server device 700, or re-establish a new website address and password of the proxy server device 700, which can ensure the content of the present invention. Internet security. In addition, in the embodiment of the present invention, the proxy server 700 chooses to use MQTT (Message Queuing TelemetryTransport) communication standard (protocol) to transmit the data string. Since MQTT is a protocol designed for the Internet of Things, especially a lightweight message transmission protocol based on the publish/subscribe model, it was invented by Dr. Andy Stanford-Clark of IBM and Dr. Arlen Nipper of Arcom in 1999; it was originally developed for A protocol designed for communication between remote sensors and control devices with limited computing power and working over low-bandwidth, unreliable networks. Therefore, MQTT has the advantages of small and light transmission data, which can have great advantages in bandwidth and speed; also because the required network bandwidth is very low, so the required hardware resources are also low, so It can improve the efficiency of the Internet of Things system or various business operation systems using this Internet of Things architecture (such as logistics management or product production records, etc.); therefore, it can effectively reduce the cost of business operations.

接着，详细说明本发明的物联网实际完成连接的过程及其方法。Next, the process and method of actually completing the connection of the Internet of Things of the present invention will be described in detail.

请继续参考图1，首先，由客户端装置100向云端装置500进行登录(如图1中的S1标示的通信方向)，例如:客户端装置100通过https向云端装置500登录，以便启动物联网系统。接着，当云端装置500收到客户端装置100的请求后(如图1中的S2标示的通信方向)，云端装置500会先验证客户端装置100所使用的MAC Address是否已经储存在云端装置500的数据库中；若确认客户端装置100所使用的MAC Address已经储存在云端装置500的数据库时，则产生一个客户辩证码(client uuid)；接着，云端装置500产生一对专属客户使用的密钥；在本发明的较佳实施例中，此密钥是使用RSM非对称式密钥(Asymmetric Key)；故可以产生出一对client_pub_key及client_pri_key；其中，RSM非对称式密钥具有解碼时间长，所以安全性高。此外，在另一较佳实施例中，云端装置500还可以选择性的产生一个客户端装置100专属的对称式密钥(Symmetric Key)client_share_key。故在本发明的较佳实施例中，可以选择性的将RSM非对称式密钥及对称式密钥配合使用；由于，对称式密钥具有译码时间短，相对地安全性较低，因此需要随时变动client_share_key，以确保安全性；为此，云端装置500还会进一步产生/设定一个变动的时间(share_key_expiry date time)，藉由不定时的更改share_key_expiry date time来提升安全性；故当云端装置500侦测到随时变动的client_share_key已经超过了share_key_expiry date time设定变动的时间后，即会自动产生新的client_share_key，以确保安全性。当云端装置500在确认一个客户端装置100的MAC Address数据与储存在数据库中相同时，则判断此客户端装置100为本物联网中的客户端，之后，云端装置500会将所产生的uuid及密钥等讯息回传至客户端装置100(如图1中的S3标示的标通信方向)，这些回传至客户端装置100的讯息包括:client_uuid、sever_pub_key(此sever_pub_key即是client_pub_key；因为所有客户端装置100都会使用同一个pub_key，所以又可称为sever_pub_key)及client_pri_key。Please continue to refer to FIG. 1. First, the client device 100 logs in to the cloud device 500 (communication direction indicated by S1 in FIG. 1), for example: the client device 100 logs in to the cloud device 500 through https, so as to start the Internet of Things system. Next, when the cloud device 500 receives the request from the client device 100 (communication direction indicated by S2 in FIG. 1 ), the cloud device 500 will first verify whether the MAC Address used by the client device 100 has been stored in the cloud device 500 If it is confirmed that the MAC Address used by the client device 100 has been stored in the database of the cloud device 500, a client authentication code (client uuid) will be generated; then, the cloud device 500 will generate a pair of private keys used by the client In a preferred embodiment of the present invention, this key is to use the RSM asymmetric key (Asymmetric Key); so a pair of client_pub_key and client_pri_key can be produced; wherein, the RSM asymmetric key has a long decoding time, So high security. In addition, in another preferred embodiment, the cloud device 500 can optionally generate a client_share_key which is a symmetric key (Symmetric Key) specific to the client device 100 . Therefore, in a preferred embodiment of the present invention, the RSM asymmetric key and the symmetric key can be selectively used in conjunction; because the symmetric key has a short decoding time and relatively low security, therefore It is necessary to change the client_share_key at any time to ensure security; for this reason, the cloud device 500 will further generate/set a change time (share_key_expiry date time), and improve security by changing the share_key_expiry date time from time to time; so when the cloud The device 500 will automatically generate a new client_share_key after detecting that the client_share_key changing at any time has exceeded the change time set by the share_key_expiry date time to ensure security. When the cloud device 500 confirms that the MAC Address data of a client device 100 is the same as that stored in the database, it determines that the client device 100 is a client in the Internet of Things, and then the cloud device 500 will generate the uuid and Messages such as keys are sent back to the client device 100 (as shown in the communication direction indicated by S3 in Figure 1), and these messages sent back to the client device 100 include: client_uuid, sever_pub_key (this sever_pub_key is client_pub_key; because all clients The terminal device 100 will use the same pub_key, so it can also be called server_pub_key) and client_pri_key.

另外，若当云端装置500收到客户端装置100的请求后，云端装置500比对出客户端装置100所使用的MAC Address并不在云端装置500的数据库中时，及判断此客户端装置100所使用的MAC Address并非本物联网中的客户端装置，则将此MAC Address讯息储存在另一个数据库中，以便后续比对。特别要说明，S3通信方向的回传机制，一般而言，是不会有错误的，但是还是有发生错误的机制；例如，等待Server反映时间过久导致此次联机失败，则会再由客户端装置100重新执行一次，但是此时的云端装置500会判定此次的MAC address已经在数据库中被记录，因而还是会将此MAC address对应的uuid回传，此时，云端装置500所产生并回传给客户端装置100的一对密钥会更新。因此，即便有假的装置使用任何方法仿冒此客户端装置100的MAC address也无法取得相同密钥。换句话说，只会有一个确定的uuid能存活在系统中。In addition, if after the cloud device 500 receives the request from the client device 100, the cloud device 500 compares that the MAC Address used by the client device 100 is not in the database of the cloud device 500, and judges that the client device 100 is If the MAC Address used is not the client device in the Internet of Things, the MAC Address information is stored in another database for subsequent comparison. In particular, it should be noted that the return mechanism of the S3 communication direction generally does not have errors, but there is still a mechanism for errors; The terminal device 100 executes it again, but at this time the cloud device 500 will determine that the MAC address has been recorded in the database, so it will still return the uuid corresponding to the MAC address. At this time, the cloud device 500 will generate and The pair of keys sent back to the client device 100 will be updated. Therefore, even if a fake device fakes the MAC address of the client device 100 by any method, it cannot obtain the same key. In other words, only one certain uuid will survive in the system.

接着，如图1中的S4标示的通信方向，当客户端装置100以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https“要求”取得client_share_key、share_key_expiry date time、MQTT_BrokerIP及MQTT_Broker帐号及密码(username/passward)；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将client_share_key、share_key_expiry date time、MQTT_Broker IP及MQTT_Broker帐号及密码等以client_pub_key编码后回传至客户端装置100(如图1中的S5标示的通信方向)。Next, in the communication direction indicated by S4 in FIG. 1, when the client device 100 obtains the client_share_key, share_key_expiry date time, MQTT_BrokerIP and MQTT_Broker account number and password (username/passward); and when the cloud device 500 receives the client_uuid converted into garbled characters, it will decode it according to the sever_pri_key to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key, share_key_expiry date time, MQTT_Broker IP and MQTT_Broker account number and password, etc. are encoded with client_pub_key and sent back to the client device 100 (communication direction indicated by S5 in FIG. 1 ).

此外，在本发明的一个较佳实施例中，MQTT_Broker的IP、帐号及密码可以选择分两次取得；例如，第一次(如图1中的S4标示的通信方向)，客户端装置100以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https“要求”取得client_share_key、share_key_expirydate time及MQTT_Broker IP；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将client_share_key、share_key_expiry date time及MQTT_Broker IP等以client_pub_key编码后回传至客户端装置100(如图1中的S5标示的通信方向)。第二次(如图1中的S6标示的通信方向)，客户端装置100再以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)，通过https“要求”取得MQTT_Broker帐号及密码；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将MQTT_Broker帐号及密码等以client_pub_key编码后回传至客户端装置100(如图1中的S7标示的通信方向)。特别要说明的，第一次及第二次所要取得的内容中，只要求将MQTT_Broker的IP、帐号及密码分两次取得，其他并不加以限制。In addition, in a preferred embodiment of the present invention, the IP, account number and password of MQTT_Broker can be obtained twice; for example, for the first time (communication direction indicated by S4 in FIG. The encoded client_uuid (that is, client_uuid will be converted into garbled characters according to sever_pub_key) obtains client_share_key, share_key_expirydate time, and MQTT_Broker IP through https "request"; and when the cloud device 500 receives the client_uuid converted into garbled characters, it will decode it according to sever_pri_key, To confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the client_share_key, share_key_expiry date time, and MQTT_Broker IP with the client_pub_key and sends them back to the client device 100 (communication direction indicated by S5 in Figure 1 ). For the second time (communication direction indicated by S6 in Fig. 1), the client device 100 obtains the MQTT_Broker account number and password through https "request" with the encoded client_uuid (that is, the client_uuid will be converted into garbled characters according to the sever_pub_key); After the cloud device 500 receives the client_uuid converted into garbled characters, it will decode it according to the sever_pri_key to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the MQTT_Broker account number and password with the client_pub_key and sends it back to the client device 100 (communication direction indicated by S7 in FIG. 1 ). In particular, among the content to be obtained for the first time and the second time, only the IP, account number and password of MQTT_Broker are required to be obtained twice, and the others are not restricted.

很明显地，在客户端装置100与云端装置500进行辨识与确认的过程中，所使用的https是属于混合型密码防骇、安全通讯协议(Secure SocketsLayer；SSL)或传输层安全协议(Transport Layer Security；TLS)，其本身属于公认的安全协议，且云端装置500端所需要有的公认凭证，可以由客户端装置100端藉由认证中心的数字签名来确认讯息是否由云端装置500直接传出；因此，当有黑客在讯息传递过程进行窜改、盗用或否认等行为时，都可藉由这些安全认证来防止密码遭窜改或盗用。Obviously, in the process of identifying and confirming the client device 100 and the cloud device 500, the https used is a hybrid password hacker, a secure communication protocol (Secure SocketsLayer; SSL) or a transport layer security protocol (Transport Layer Security Protocol). Security; TLS), which itself belongs to a recognized security protocol, and the recognized certificate required by the cloud device 500 can be confirmed by the client device 100 through the digital signature of the certification center to confirm whether the message is directly transmitted from the cloud device 500 ; Therefore, when a hacker tampers, embezzles or denies the information during the message transmission process, these security certifications can be used to prevent the password from being tampered with or embezzled.

接着，如图1中的S8标示的通信方向，当客户端装置100自云端装置500取得相关数据后，客户端装置100随即会与代理伺服装置700进行连接；但在进行与连接代理伺服装置700前，必须确认所收到的讯息必须完整，此完整的讯息包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_Broker IP；4.MQTT_Broker username/passward；5.client_Share_key；6.Share_key_expiry date time。当客户端装置100在确认收到完整的讯息后，会使用client_share_key将client_uuid及客户端装置100所要传给云端的数据内容(data involved)进行编码后，再上传至代理伺服装置700(即MQTT Broker)。Next, in the communication direction indicated by S8 in FIG. 1, after the client device 100 obtains relevant data from the cloud device 500, the client device 100 will immediately connect to the proxy server device 700; Before, it must be confirmed that the received message must be complete. This complete message includes: 1. Sever_pub_key; 2. Client_pri_key; 3. MQTT_Broker IP; 4. MQTT_Broker username/passward; 5. client_Share_key; After the client device 100 confirms receipt of the complete message, it will use the client_share_key to encode the client_uuid and the data content (data involved) that the client device 100 will transmit to the cloud, and then upload it to the proxy server device 700 (i.e. MQTT Broker ).

在本发明的较佳实施例中，客户端装置100会进一步检查Share_key_expiry date time的时效是否已经到期(例如:到期日为2015/0501)；如果已经过了Share_key_expiry date time的时效时(例如:检查期日的结果为2015/0502)，则客户端装置100会重新以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)，通过https要求取得新的讯息；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将新的share_key_expiry date time以client_pub_key编码后回传至客户端装置100。此外，为增加安全性，share_key-_expiry date time所设定的时间可以是周期性的，也可以是随机变量的，可以由云端装置500决定。In a preferred embodiment of the present invention, the client device 100 will further check whether the time limit of the Share_key_expiry date time has expired (for example: the expiration date is 2015/0501); if the time limit of the Share_key_expiry date time has passed (for example : the result of checking the date is 2015/0502), then the client device 100 will re-encode the client_uuid (that is, the client_uuid will be converted into garbled characters according to the sever_pub_key), and obtain a new one through https request message; and when the cloud device 500 receives the client_uuid converted into garbled characters, it will decode it according to the sever_pri_key to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will use the new share_key_expiry date time as the client_pub_key After encoding, it is sent back to the client device 100 . In addition, in order to increase security, the time set by the share_key-_expiry date time can be periodic or random, and can be determined by the cloud device 500 .

当客户端装置100在确认已收到完整的讯息后，此时客户端装置100已经知道代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码，故客户端装置100可以将编码的client_uuid及数据串上传至代理伺服装置700(如图1中的S8标示的通信方向)；接着，代理伺服装置700在收到客户端装置100所上传的编码client_uuid及数据串后，随即将客户端装置100所上传的讯息直接(也就是说，不做任何处理)传送给云端装置500端；很明显地，整个物联网在客户端装置100将其讯息串递给云端装置500的过程中，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率。由于代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500，故可以降低代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码被破解的机率，可以更增加物联网通信过程的安全性。After the client device 100 confirms that the complete message has been received, the client device 100 already knows the MQTT_Broker IP and the MQTT_Broker account number and password of the proxy server device 700, so the client device 100 can upload the encoded client_uuid and data string To the proxy server device 700 (communication direction indicated by S8 in Fig. 1); then, after the proxy server device 700 receives the encoded client_uuid and the data string uploaded by the client device 100, it immediately uploads the client device 100 The message is directly (that is, without any processing) sent to the cloud device 500; obviously, the entire Internet of Things is in the process of the client device 100 passing its message string to the cloud device 500, the cloud device 500 will not The own address is directly exposed, so the probability of the cloud device 500 being attacked by hackers can be reduced. Since the proxy server device 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, it can reduce the probability of the MQTT_Broker IP, MQTT_Broker account number and password of the proxy server device 700 being cracked, and can further increase the security of the communication process of the Internet of Things sex.

接着，如图1中的S9标示的通信方向，云端装置500在接收到代理伺服装置700所直接传送的数据(即经过编码后的client_uuid及数据串)后，随即使用client_share_key进行译码(Decode)，并且会验证所收到的client_uuid及数据串是否完整及正确；如果正确时，则再储存至内存模块中，等待用户将这些收到的数据串进行特定的应用；若验证所收到的client_uuid及数据串不完整或不正确时，则进行纪录。要说明的是，要验证出不正确的讯息的目的，是可以由物联网系统借着人工智能作深度学习或人为增加、更改或修正的验证机制，来防止或降低被骇成功的机率。在本实施例中，不正确的讯息包括，例如:(1)由网络爬虫抓取新闻发现当下某些商品的伪品猖獗；又亦或是(2)程序一开始便设定的同一个client_uuid，竟然在同一时间出现在两个完全不同的地方，此时物联网系统会通知公司稽查人员或提出警告，而稽查人员可做出的处置方式至少有观察或忽略等动作，达到事先预警及防骇的功效；又亦或是(3)装置500本身持续受到某特定代理伺服装置700传送可疑信息时，例如:不明的client_uuid信息时；当不正确的讯息持续出现时，则判断代理伺服装置700可能被黑客攻击，则云端装置500可以选择关闭此代理伺服装置700(如图1中的S10标示的通信方向)。Next, in the communication direction indicated by S9 in FIG. 1, the cloud device 500 immediately uses the client_share_key to decode (Decode) after receiving the data directly transmitted by the proxy server device 700 (i.e. the encoded client_uuid and data string). , and will verify whether the received client_uuid and data strings are complete and correct; if they are correct, they will be stored in the memory module and wait for the user to use these received data strings for specific applications; if the received client_uuid is verified And when the data string is incomplete or incorrect, record it. It should be noted that the purpose of verifying incorrect information is to prevent or reduce the probability of successful hacking by the Internet of Things system using artificial intelligence for deep learning or artificially adding, changing or correcting the verification mechanism. In this embodiment, the incorrect information includes, for example: (1) Grabbing news by a web crawler and finding that counterfeit products of certain commodities are rampant; or (2) the same client_uuid set at the beginning of the program , appearing in two completely different places at the same time, at this time, the IoT system will notify the company's auditors or issue a warning, and the auditors can at least observe or ignore actions to achieve early warning and preventive actions. or (3) when the device 500 itself continues to receive suspicious information sent by a specific proxy server device 700, for example: when unknown client_uuid information; when the incorrect message continues to appear, then judge the proxy server device 700 If it is possible to be attacked by hackers, the cloud device 500 may choose to close the proxy server device 700 (communication direction indicated by S10 in FIG. 1 ).

在本发明的实施例中，client_share_key编码方式可以配合哈希函数来防止窜改，其中哈希函数可以选择MD5、SHA-1或SHA-256等。同时，client_share_key也可以配合不同的译码(decode)方式，例如:区块密码、串流密码、ECB模式或是前述的混合方法等，除了可以更有效的提高破解难度外，还可以不损失解碼时间。In the embodiment of the present invention, the client_share_key encoding method can cooperate with a hash function to prevent tampering, and the hash function can be MD5, SHA-1, or SHA-256. At the same time, client_share_key can also cooperate with different decoding methods, such as: block password, stream password, ECB mode or the aforementioned mixed method, etc., in addition to more effectively improving the difficulty of cracking, it can also be decoded without loss time.

请参考图2，是本发明的物联网连接架构另一实施例的示意图。如图2所示，物联网连接架构是由多个客户端装置100所组成、云端装置500及至少一个代理装置700所组成；其中，每一个客户端装置100均为具有无线通信功能且具有特定用户标识符的装置；云端装置500，具有与每一个客户端100通信的功能，藉由每一个客户端100各自独有的特定用户标识符来确认客户端装置100为物联网中的其中之一个客户端装置100；代理伺服装置700，具有其网址及密码，并能与云端装置500通信。由于图2的实施例与图1的实施例在基本连接的架构是相同的，而两者之间的差异仅在于云端装置500提供每一个代理伺服装置的网址、帐号及密码予至少一个物联网中的客户端装置100并形成配对后，这些被配对后的客户端装置100只能与配对的代理伺服装置700通信，并再由代理伺服装置700与云端装置500通信，以便将每一个客户端装置100上的数据串传至云端装置500中。故图2的物联网实际完成连接的过程简要说明如下。Please refer to FIG. 2 , which is a schematic diagram of another embodiment of the IoT connection architecture of the present invention. As shown in Figure 2, the Internet of Things connection architecture is composed of multiple client devices 100, a cloud device 500, and at least one agent device 700; wherein, each client device 100 has a wireless communication function and has a specific The device of the user identifier; the cloud device 500 has the function of communicating with each client 100, and confirms that the client device 100 is one of them in the Internet of Things by the unique specific user identifier of each client 100 The client device 100 ; the proxy server device 700 has its URL and password, and can communicate with the cloud device 500 . Since the embodiment of FIG. 2 is the same as the embodiment of FIG. 1 in the basic connection structure, the difference between the two is only that the cloud device 500 provides the URL, account number and password of each proxy server device to at least one Internet of Things After the client devices 100 in the system are paired, these paired client devices 100 can only communicate with the paired proxy server device 700, and then the proxy server device 700 communicates with the cloud device 500, so that each client device The data on the device 100 is serially transmitted to the cloud device 500 . Therefore, the process of actually completing the connection of the Internet of Things in Figure 2 is briefly described as follows.

请继续参考图2，首先，每一个客户端装置100各自透过https向云端装置500进行登录。接着，当云端装置500分别收到每一个客户端装置100的请求后，云端装置500会先验证每一个客户端装置100所使用的MACAddress是否已经储存在云端装置500的数据库中；若确认每一个客户端装置100所使用的MAC Address都已经储存在云端装置500的数据库时，则分别产生每一个客户各自的辩证码(client uuid)；接着，云端装置500根据每一个客户端装置100产生一对专属客户使用的密钥；当云端装置500判断每一个客户端装置100均为本物联网中的客户端之后，云端装置500会将所产生的每一个uuid及密钥等讯息回传至相应的每一个客户端装置100中，这些回传至每一个客户端装置100的讯息包括:client_uuid、sever_pub_key及client_pri_key。Please continue to refer to FIG. 2 , first, each client device 100 logs in to the cloud device 500 via https. Then, after the cloud device 500 receives the request of each client device 100 respectively, the cloud device 500 will first verify whether the MACAddress used by each client device 100 has been stored in the database of the cloud device 500; When the MAC Addresses used by the client device 100 have been stored in the database of the cloud device 500, each customer's respective authentication code (client uuid) is generated respectively; then, the cloud device 500 generates a pair of The key used by the exclusive customer; when the cloud device 500 judges that each client device 100 is a client in the Internet of Things, the cloud device 500 will return each generated uuid and key information to the corresponding each In a client device 100, the messages sent back to each client device 100 include: client_uuid, server_pub_key and client_pri_key.

接着，每一个客户端装置100可以将其编码后的client_uuid通过https“要求”取得client_share_key、share_key_expiry date time、MQTT_Broker IP及MQTT_Broker帐号及密码(username/passward)；而当云端装置500收到转成乱码的client_uuid后，即会根据各自的sever_pri_key进行译码，以确认每一个收到的client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将client_share_key、share_key_expiry date time、MQTT_Broker IP及MQTT_Broker帐号及密码等以client_pub_key编码后回传至客户端装置100。例如:将代理装置(Broker-1)的IP、帐号及密码回传给Client-1～Client-5；将代理装置(Broker-2)的IP、帐号及密码回传给Client-6～Client-15；将代理装置(Broker-3)的IP、帐号及密码回传给Client-16～Client-50；很明显的，本物联网已经将50个各别的客户端装置100分别配对由3个代理伺服装置700来与云端装置500通信。接着，当每一个客户端装置100各自透过云端装置500取得相关数据后，客户端装置100随即会与其所获得的配对的代理伺服装置700进行连接；同时，当每一个客户端装置100确认其由云端装置500所收到的讯息已包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_BrokerIP；4.MQTT_Broker username/passward；5.Client_Share_key；6.Share_key_expiry date time后，会使用client_share_key将client_uuid及此客户端装置100所要传给云端的数据内容进行编码后，再上传至代理伺服装置700(即MQTT Broker)。Then, each client device 100 can obtain the client_share_key, share_key_expiry date time, MQTT_Broker IP and MQTT_Broker account number and password (username/passward) by its encoded client_uuid through https "request"; After the client_uuid, it will be decoded according to their respective sever_pri_key to confirm whether each received client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key, share_key_expiry date time, MQTT_Broker IP and MQTT_Broker account number and The password etc. is encoded with the client_pub_key and sent back to the client device 100 . For example: return the IP, account number and password of the agent device (Broker-1) to Client-1~Client-5; send back the IP, account number and password of the agent device (Broker-2) to Client-6~Client- 15; Send back the IP, account number and password of the agent device (Broker-3) to Client-16～Client-50; obviously, the Internet of Things has paired 50 individual client devices 100 respectively by 3 agents The server device 700 communicates with the cloud device 500 . Then, when each client device 100 respectively obtains relevant data through the cloud device 500, the client device 100 will immediately connect to the paired proxy server device 700 obtained; at the same time, when each client device 100 confirms its The message received by the cloud device 500 includes: 1. Sever_pub_key; 2. Client_pri_key; 3. MQTT_BrokerIP; 4. MQTT_Broker username/passward; The data content to be transmitted from the terminal device 100 to the cloud is encoded, and then uploaded to the proxy server device 700 (ie MQTT Broker).

由于，当每一个客户端装置100在确认已收到完整的讯息后，此时客户端装置100已经知道其所配对的代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码，故客户端装置100可以将编码client_uuid及讯息串上传至配对的代理伺服装置700；接着，每一个代理伺服装置700在收到配对的客户端装置100所上传的编码client_uuid及讯息串后，随即将客户端装置100所上传的讯息直接(也就是说，不做任何处理)传送给云端装置500端；很明显地，整个物联网在客户端装置100将其讯息串递给云端装置500的过程中，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率。由于每一个代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500，故可以降低代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码被破解的机率，可以更增加物联网通信过程的安全性。接着，云端装置500在接收到每一个代理伺服装置700所直接传送的数据(即经过编码后的client_uuid及数据串)后，随即使用每一个client_share_key进行译码，并且会验证所收到的client_uuid及数据串是否完整及正确；如果正确时，则再储存至内存模块中，等待用户将这些收到的数据串进行特定的应用；若验证所收到的client_uuid及数据串不完整或不正确时，则进行纪录；在本实施例中，不正确讯息的产生可能包括:每一个client发布信息频率有一定的规律性，如若产生某client以不正常或过多频率来发布的信息，则视为不正确的讯息；或代理伺服装置700本身频率发布信息非经MQTT方式，而试图连接云端装置500等；当不正确的讯息持续出现时，则判断代理伺服装置700可能被黑客攻击；则云端装置500可以选择关闭此代理伺服装置700。Because, after each client device 100 confirms that the complete message has been received, the client device 100 already knows the MQTT_Broker IP and the MQTT_Broker account number and password of the proxy server device 700 it is paired with, so the client device 100 can Upload the coded client_uuid and message string to the paired proxy server device 700; then, each proxy server device 700 uploads the coded client_uuid and message string uploaded by the paired client device 100 immediately after receiving the coded client_uuid and message string uploaded by the client device 100 The message of the entire Internet of Things is directly (that is, without any processing) sent to the cloud device 500; obviously, the entire Internet of Things is in the process of the client device 100 passing its message string to the cloud device 500, the cloud device 500 does not It will directly expose its own address, so the probability of the cloud device 500 being attacked by hackers can be reduced. Since each proxy server device 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, it can reduce the probability of the MQTT_Broker IP, MQTT_Broker account number and password of the proxy server device 700 being cracked, and can further increase the communication process of the Internet of Things security. Then, after the cloud device 500 receives the data directly transmitted by each proxy server device 700 (ie, the encoded client_uuid and data string), it immediately uses each client_share_key to decode, and verifies the received client_uuid and Whether the data string is complete and correct; if it is correct, store it in the memory module, and wait for the user to use the received data string for a specific application; if the client_uuid and data string received are incomplete or incorrect, Then record; in the present embodiment, the generation of incorrect information may include: each client publishes the information frequency to have certain regularity, if produce the information that certain client releases with abnormal or excessive frequency, then regard as incorrect correct message; or the proxy server device 700 itself publishes information not through the MQTT mode, but attempts to connect to the cloud device 500; when incorrect messages continue to appear, it is determined that the proxy server device 700 may be hacked; The proxy server 700 can optionally be turned off.

综合上述，本发明的物联网连接架构的主要技术手段，是在云端装置500确认每一个客户端装置100均为本物联网的用户后，云端装置500会将代理伺服装置700的MQTT_Broker IP、MQTT_Broker帐号及密码回传给每一个客户端装置100，之后，每一个客户端装置100根据所收到的MQTT_Broker IP、MQTT_Broker帐号及密码与代理伺服装置700连接，并且将每一个客户端装置100所要传送的数据串编码后，一起上传至代理伺服装置700，接着，代理伺服装置700在不对客户端装置100传送的数据串进行处理的状况下，直接将客户端装置100传送的数据串传递至云端装置500进行译码及处理。很明显的，本发明的物联网连接架构分为两个阶段进行连接，并且在第一阶段完成客户端装置100的辨识后，客户端装置100在第二阶段中，只能与代理伺服装置700连接；由于第一阶段是在客户端装置100进行连接之前就已完成，故当客户端装置100正是传递数据串时，均只能与代理伺服装置700连接及通信；因此，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率，可以有效的提高物联网连接架构的安全性。In summary, the main technical means of the Internet of Things connection architecture of the present invention is that after the cloud device 500 confirms that each client device 100 is a user of the Internet of Things, the cloud device 500 will proxy the MQTT_Broker IP and MQTT_Broker account of the server device 700 And the password is sent back to each client device 100, after that, each client device 100 is connected with the proxy server device 700 according to the received MQTT_Broker IP, MQTT_Broker account number and password, and each client device 100 will transmit After the data strings are encoded, they are uploaded to the proxy server device 700 together. Then, the proxy server device 700 directly transfers the data strings sent by the client device 100 to the cloud device 500 without processing the data strings sent by the client device 100 Decoding and processing. Obviously, the Internet of Things connection architecture of the present invention is divided into two stages for connection, and after the identification of the client device 100 is completed in the first stage, the client device 100 can only communicate with the proxy server device 700 in the second stage Connection; since the first stage is completed before the client device 100 is connected, so when the client device 100 is just passing the data string, it can only be connected and communicated with the proxy server device 700; therefore, the cloud device 500 does not It will not directly expose its own address, so it can reduce the probability of the cloud device 500 being attacked by hackers, and can effectively improve the security of the Internet of Things connection architecture.

再接着，详细说明本发明的物联网连接架构的连接方法及过程，透过本物联网连接架构的连接方法及过程，可以更清楚的了解本发明使用代理伺服装置700的创新点。Next, the connection method and process of the Internet of Things connection framework of the present invention will be described in detail. Through the connection method and process of the Internet of Things connection framework, the innovative point of using the proxy server device 700 in the present invention can be more clearly understood.

请参考图3，是本发明的物联网连接方法的流程图。如图3所示，本发明的物联网连接方法包括:Please refer to FIG. 3 , which is a flow chart of the IoT connection method of the present invention. As shown in Figure 3, the Internet of Things connection method of the present invention includes:

步骤1:由客户端装置100向云端装置500进行登录，例如:客户端装置100通过https向云端装置500登录，以便启动物联网系统。Step 1: Log in to the cloud device 500 by the client device 100, for example: the client device 100 logs in to the cloud device 500 through https, so as to start the Internet of Things system.

步骤2:当云端装置500收到客户端装置100的请求后，云端装置500会先验证客户端装置100所使用的MAC Address是否已经储存在云端装置500的数据库中。Step 2: After the cloud device 500 receives the request from the client device 100, the cloud device 500 will first verify whether the MAC Address used by the client device 100 has been stored in the database of the cloud device 500.

步骤3:当云端装置500确认客户端装置100所使用的MAC Address已经储存在云端装置500的数据库时，则判断客户端装置100数据正确，其为本物联网中的客户端装置100，则云端装置500会产生一个客户辩证码(client uuid)、一对专属客户使用的密钥。在本实施例中，此密钥是使用安全性高的RSM非对称式密钥(Asymmetric Key)；故可以产生出一对client_pub_key及client_pri_key；并且将其所产生的uuid及密钥等讯息回传客户端装置100，这些回传客户端装置100的讯息包括:client_uuid、sever_pub_key(此sever_pub_key即是client_pub_key。此外，若当云端装置500收到客户端装置100的请求后，云端装置500比对出客户端装置100所使用的MAC Address并不在云端装置500的数据库中时，及判断此客户端装置100所使用的MAC Address并非本物联网中的客户端装置，则将此MACAddress讯息储存在另一个数据库中，以便后续比对。Step 3: When the cloud device 500 confirms that the MAC Address used by the client device 100 has been stored in the database of the cloud device 500, then it is judged that the data of the client device 100 is correct, and it is the client device 100 in the Internet of Things, then the cloud device 500 will generate a client authentication code (client uuid) and a pair of keys used exclusively by clients. In this embodiment, the key uses a highly secure RSM asymmetric key (Asymmetric Key); therefore, a pair of client_pub_key and client_pri_key can be generated; and the generated uuid and key information are sent back The client device 100, these messages returned to the client device 100 include: client_uuid, sever_pub_key (the sever_pub_key is client_pub_key. In addition, if the cloud device 500 receives the request from the client device 100, the cloud device 500 compares the client When the MAC Address used by the terminal device 100 is not in the database of the cloud device 500, and it is determined that the MAC Address used by the client device 100 is not a client device in the Internet of Things, the MAC Address message is stored in another database , for subsequent comparisons.

步骤4:客户端装置100判断云端装置500所产生的uuid及密钥等讯息是否以正确收到；当客户端装置100确认已经正确地收到uuid及密钥等讯息后，客户端装置100随即会以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https向云端装置500要求取得client_share_key、代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码(username/passward)。Step 4: The client device 100 judges whether the messages such as the uuid and the key generated by the cloud device 500 are received correctly; when the client device 100 confirms that the messages such as the uuid and the key have been correctly received, the client device 100 immediately The encoded client_uuid (that is, the client_uuid will be converted into garbled characters according to the server_pub_key) will request the cloud device 500 to obtain the client_share_key, the MQTT_Broker IP of the proxy server device 700 , and the MQTT_Broker account number and password (username/passward) through https.

步骤5:当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将client_share_key、代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码等以client_pub_key编码后回传至客户端装置100。Step 5: After the cloud device 500 receives the client_uuid converted into garbled characters, it will decode according to the server_pri_key to confirm whether the client_uuid is correct; MQTT_Broker IP, MQTT_Broker account number and password etc. are encoded with client_pub_key and sent back to the client device 100 .

步骤6:当客户端装置100自云端装置500取得相关数据后，客户端装置100随即会使用client_pri_key进行译码，并确认所收到的讯息必须完整，此完整的讯息包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_BrokerIP；4.MQTT_Broker username/passward；5.client_Share_key。当客户端装置100在确认收到完整的讯息后，即会与代理伺服装置700进行连接；若客户端装置100判断所收到的讯息不完整时，会回到步骤4，重新要求向云端装置500要求取得client_share_key、代理伺服装置700的MQTT_BrokerIP及MQTT_Broker帐号及密码(username/passward)。Step 6: After the client device 100 obtains the relevant data from the cloud device 500, the client device 100 will use the client_pri_key to decode immediately, and confirm that the received message must be complete. The complete message includes: 1. Sever_pub_key; 2. .Client_pri_key; 3.MQTT_BrokerIP; 4.MQTT_Broker username/passward; 5.client_Share_key. After the client device 100 confirms that the complete message has been received, it will connect to the proxy server device 700; 500 request to obtain client_share_key, MQTT_BrokerIP of proxy server device 700, MQTT_Broker account number and password (username/passward).

步骤7:客户端装置100使用MQTT_Broker IP及MQTT_Broker帐号及密码连接代理伺服装置700；同时，也使用client_share_key将client_uuid及客户端装置100所要传给云端装置500的数据内容(data involved)进行编码后，再上传至代理伺服装置700。Step 7: The client device 100 uses the MQTT_Broker IP and the MQTT_Broker account number and password to connect to the proxy server device 700; at the same time, after encoding the client_uuid and the data content (data involved) that the client device 100 will transmit to the cloud device 500 using the client_share_key, Then upload to the proxy server device 700 .

步骤8:代理伺服装置700在收到客户端装置100所上传的编码client_uuid及讯息串后，随即将客户端装置100所上传的讯息直接(也就是说，不做任何处理)传送给云端装置500端。Step 8: After receiving the encoded client_uuid and the message string uploaded by the client device 100, the proxy server device 700 immediately sends the message uploaded by the client device 100 directly (that is, without any processing) to the cloud device 500 end.

步骤9:云端装置500在接收到代理伺服装置700所直接传送的数据后，随即使用client_share_key进行译码，并且会验证所收到的client_uuid及数据串是否完整及正确。Step 9: After receiving the data directly transmitted by the proxy server device 700, the cloud device 500 uses the client_share_key to decode, and verifies whether the received client_uuid and data string are complete and correct.

步骤10:云端装置500判断所收到的client_uuid及数据串完整及正确时，则将译码后的客户端数据串储存至内存模块中，等待用户将这些收到的数据串进行特定的应用；若验证所收到的client_uuid及数据串不完整或不正确时，则进行纪录；在本实施例中，不正确的讯息包括(1)某ip对应到的client_uuid不正确，则可能有盗用问题(2)若某client_uuid有配合上Geo Location的数据上传，可以藉由验证GeoLocation的合理性来验证(是否某个client_uuid这一分钟在亚洲，下一分钟在北美)；当不正确的讯息持续出现时，则判断代理伺服装置700可能被黑客攻击；则云端装置500可以选择关闭此代理伺服装置700。Step 10: when the cloud device 500 judges that the received client_uuid and data strings are complete and correct, the decoded client data strings are stored in the memory module, waiting for the user to perform specific applications on these received data strings; If the received client_uuid and data strings are incomplete or incorrect during verification, record them; in this embodiment, the incorrect information includes (1) the client_uuid corresponding to a certain ip is incorrect, and there may be a misappropriation problem ( 2) If a certain client_uuid has data uploaded with Geo Location, it can be verified by verifying the rationality of GeoLocation (whether a certain client_uuid is in Asia one minute, and North America the next minute); when incorrect information continues to appear , then it is determined that the proxy server 700 may be attacked by hackers; then the cloud device 500 may choose to shut down the proxy server 700 .

很明显地，在整个物联网架构的连接方法过程中，从步骤1至步骤6都是在每一个客户端装置100出厂前就与云端装置500完成连接，即每一个客户端装置100出厂后，就已经自云端装置500获得完整的讯息包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_Broker IP；4.MQTT_Brokerusername/passward；5.client_Share_key。当物联网系统启动后，每一个客户端装置100所要传送给云端装置500处理的数据串，都会根据MQTT_Broker IP传送至代理伺服装置700，再由代理伺服装置700直接将客户端装置100数据串传送给云端装置500。故自步骤7至步骤10之间的讯息传递过程中，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率。由于代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500，故可以降低代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码被破解的机率，可以更增加物联网通信过程的安全性。Obviously, in the connection method process of the entire Internet of Things architecture, from step 1 to step 6, the connection with the cloud device 500 is completed before each client device 100 leaves the factory, that is, after each client device 100 leaves the factory, The complete information obtained from the cloud device 500 includes: 1. Sever_pub_key; 2. Client_pri_key; 3. MQTT_Broker IP; 4. MQTT_Brokerusername/passward; 5. client_Share_key. When the Internet of Things system is started, the data strings that each client device 100 will transmit to the cloud device 500 for processing will be sent to the proxy server device 700 according to the MQTT_Broker IP, and then the proxy server device 700 will directly transmit the data strings of the client device 100 Give cloud device 500. Therefore, during the message transmission process from step 7 to step 10, the cloud device 500 will not directly reveal its own address, so the probability of the cloud device 500 being attacked by hackers can be reduced. Since the proxy server device 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, it can reduce the probability of the MQTT_Broker IP, MQTT_Broker account number and password of the proxy server device 700 being cracked, and can further increase the security of the communication process of the Internet of Things sex.

接着，请参考图4，是本发明的物联网连接方法另一实施例的流程图。如图4所示，本发明的物联网连接方法包括:Next, please refer to FIG. 4 , which is a flow chart of another embodiment of the IoT connection method of the present invention. As shown in Figure 4, the Internet of Things connection method of the present invention includes:

步骤1:由客户端装置100向云端装置500进行登录，例如:客户端装置100通过https向云端装置500登录，以便启动物联网系统。Step 1: Log in to the cloud device 500 by the client device 100, for example: the client device 100 logs in to the cloud device 500 through https, so as to start the Internet of Things system.

步骤2:当云端装置500收到客户端装置100的请求后，云端装置500会先验证客户端装置100所使用的MAC Address是否已经储存在云端装置500的数据库中。Step 2: After the cloud device 500 receives the request from the client device 100, the cloud device 500 will first verify whether the MAC Address used by the client device 100 has been stored in the database of the cloud device 500.

步骤3:当云端装置500确认客户端装置100所使用的MAC Address已经储存在云端装置500的数据库时，则判断客户端装置100数据正确，其为本物联网中的客户端装置100，则云端装置500会产生一个客户辩证码(client uuid)、一对专属客户使用的密钥。在本实施例中，此密钥是使用安全性高的RSM非对称式密钥(Asymmetric Key)；故可以产生出一对client_pub_key及client_pri_key；并且将其所产生的uuid及密钥等讯息回传客户端装置100，这些回传客户端装置100的讯息包括:client_uuid、sever_pub_key(此sever_pub_key即是client_pub_key。此外，若当云端装置500收到客户端装置100的请求后，云端装置500比对出客户端装置100所使用的MAC Address并不在云端装置500的数据库中时，及判断此客户端装置100所使用的MAC Address并非本物联网中的客户端装置，则将此MACAddress讯息储存在另一个数据库中，以便后续比对。Step 3: When the cloud device 500 confirms that the MAC Address used by the client device 100 has been stored in the database of the cloud device 500, then it is judged that the data of the client device 100 is correct, and it is the client device 100 in the Internet of Things, then the cloud device 500 will generate a client authentication code (client uuid) and a pair of keys used exclusively by clients. In this embodiment, the key uses a highly secure RSM asymmetric key (Asymmetric Key); therefore, a pair of client_pub_key and client_pri_key can be generated; and the generated uuid and key information are sent back The client device 100, these messages returned to the client device 100 include: client_uuid, sever_pub_key (the sever_pub_key is client_pub_key. In addition, if the cloud device 500 receives the request from the client device 100, the cloud device 500 compares the client When the MAC Address used by the terminal device 100 is not in the database of the cloud device 500, and it is determined that the MAC Address used by the client device 100 is not a client device in the Internet of Things, the MAC Address message is stored in another database , for subsequent comparisons.

步骤4:客户端装置100判断云端装置500所产生的uuid及密钥等讯息是否以正确收到；当客户端装置100确认已经正确地收到uuid及密钥等讯息后，客户端装置100随即会以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https向云端装置500要求取得client_share_key、share_key_expiry date time、代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码(username/passward)。Step 4: The client device 100 judges whether the messages such as the uuid and the key generated by the cloud device 500 are received correctly; when the client device 100 confirms that the messages such as the uuid and the key have been correctly received, the client device 100 immediately The encoded client_uuid (that is, the client_uuid will be converted into garbled characters according to the sever_pub_key) will request the cloud device 500 to obtain the client_share_key, share_key_expiry date time, the MQTT_Broker IP of the proxy server device 700, and the MQTT_Broker account number and password (username/passward) through https.

在本发明的较佳实施例中，此密钥是使用RSM非对称式密钥(AsymmetricKey)；故可以产生出一对client_pub_key及client_pri_key；其中，RSM非对称式密钥具有解碼时间长，所以安全性高。此外，在另一较佳实施例中，云端装置500还可以选择性的产生一个客户端装置100专属的对称式密钥(Symmetric Key)client_share_key。故在本发明的较佳实施例中，可以选择性的将RSM非对称式密钥及对称式密钥配合使用；由于，对称式密钥具有译码时间短，相对地安全性较低，因此需要随时变动client_share_key，以确保安全性；为此，云端装置500还会进一步产生一个随时变动的share_key_expiry date time，藉由不定时的更改client_share_key来提升安全性；故当云端装置500侦测到随时变动的client_share_key已经超过了设定变动的时间后，即会自动产生新的client_share_key，以确保安全性。In a preferred embodiment of the present invention, this key is to use the RSM asymmetric key (AsymmetricKey); so a pair of client_pub_key and client_pri_key can be produced; wherein, the RSM asymmetric key has a long decoding time, so it is safe high sex. In addition, in another preferred embodiment, the cloud device 500 can optionally generate a client_share_key which is a symmetric key (Symmetric Key) specific to the client device 100 . Therefore, in a preferred embodiment of the present invention, the RSM asymmetric key and the symmetric key can be selectively used in conjunction; because the symmetric key has a short decoding time and relatively low security, therefore It is necessary to change the client_share_key at any time to ensure security; for this reason, the cloud device 500 will further generate a share_key_expiry date time that changes at any time, and improve security by changing the client_share_key from time to time; so when the cloud device 500 detects any change After the client_share_key has exceeded the set change time, a new client_share_key will be automatically generated to ensure security.

步骤5:当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将client_share_key、share_key_expiry date time、代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码等以client_pub_key编码后回传至客户端装置100。Step 5: After the cloud device 500 receives the client_uuid converted into garbled characters, it will decode according to the sever_pri_key to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 will client_share_key, share_key_expiry date time, agent The MQTT_Broker IP, MQTT_Broker account and password of the server device 700 are encoded with the client_pub_key and sent back to the client device 100 .

步骤6:当客户端装置100自云端装置500取得相关数据后，客户端装置100随即会使用client_pri_key进行译码，并确认所收到的讯息必须完整，此完整的讯息包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_BrokerIP；4.MQTT_Broker username/passward；5.client_Share_key；6.share_key_expiry date time。当客户端装置100在确认收到完整的讯息后，即会与代理伺服装置700进行连接；若客户端装置100判断所收到的讯息不完整时，会回到步骤4，重新要求向云端装置500要求取得。Step 6: After the client device 100 obtains the relevant data from the cloud device 500, the client device 100 will use the client_pri_key to decode immediately, and confirm that the received message must be complete. The complete message includes: 1. Sever_pub_key; 2. .Client_pri_key; 3.MQTT_BrokerIP; 4.MQTT_Broker username/passward; 5.client_Share_key; 6.share_key_expiry date time. After the client device 100 confirms that the complete message has been received, it will connect to the proxy server device 700; 500 requests to obtain.

步骤7:客户端装置100使用MQTT_Broker IP及MQTT_Broker帐号及密码连接代理伺服装置700；同时，也使用client_share_key将client_uuid及客户端装置100所要传给云端装置500的数据内容(data involved)进行编码后，再上传至代理伺服装置700。Step 7: The client device 100 uses the MQTT_Broker IP and the MQTT_Broker account number and password to connect to the proxy server device 700; at the same time, after encoding the client_uuid and the data content (data involved) that the client device 100 will transmit to the cloud device 500 using the client_share_key, Then upload to the proxy server device 700 .

步骤8:客户端装置100检查Share_key_expiry date time的时效是否已经到期；若检查结果尚未到期后，则编码后的client_uuid及数据串内容上传至代理伺服装置700；若检查结果为过期状态后，则会回到步骤4，重新要求向云端装置500要求取得新的Share_key_expiry date time。例如:到期日为2015/0501时；如果检查结果已经过了Share_key_expiry date time的时效时(例如:检查日期的结果为2015/0502)，则客户端装置100会重新以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)，通过https要求取得新的share_key_expiry date time；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将新的share_key_expiry date time以client_pub_key编码后回传至客户端装置100。此外，为增加安全性，share_key_expiry date time所设定的时间可以是周期性的，也可以是随机变量的，可以由云端装置500决定。Step 8: the client device 100 checks whether the validity of the Share_key_expiry date time has expired; if the check result has not yet expired, then the encoded client_uuid and data string content are uploaded to the proxy server device 700; if the check result is expired, It will go back to step 4 and request to obtain a new Share_key_expiry date time from the cloud device 500 again. For example: when the expiry date is 2015/0501; if the inspection result has passed the time limitation of the Share_key_expiry date time (for example: the result of the inspection date is 2015/0502), then the client device 100 will re-encode the client_uuid (ie client_uuid will be converted into garbled characters according to sever_pub_key), and request to obtain a new share_key_expiry date time through https; and when the cloud device 500 receives the client_uuid converted into garbled characters, it will decode it according to sever_pri_key to confirm whether the client_uuid is correct; wait for the cloud device After 500 confirms that the client_uuid is correct, the cloud device 500 encodes the new share_key_expiry date time with the client_pub_key and sends it back to the client device 100 . In addition, to increase security, the time set by the share_key_expiry date time can be periodic or random, and can be determined by the cloud device 500 .

步骤9:代理伺服装置700在收到客户端装置100所上传的编码client_uuid及讯息串后，随即将客户端装置100所上传的讯息直接(也就是说，不做任何处理)传送给云端装置500端。Step 9: After receiving the encoded client_uuid and message string uploaded by the client device 100, the proxy server device 700 immediately sends the message uploaded by the client device 100 directly (that is, without any processing) to the cloud device 500 end.

步骤10:云端装置500在接收到代理伺服装置700所直接传送的数据后，随即使用client_share_key进行译码，并且会验证所收到的client_uuid及数据串是否完整及正确。Step 10: After receiving the data directly transmitted by the proxy server device 700, the cloud device 500 uses the client_share_key to decode, and verifies whether the received client_uuid and data string are complete and correct.

步骤11:云端装置500判断所收到的client_uuid及数据串完整及正确时，则将译码后的客户端数据串储存至内存模块中，等待用户将这些收到的数据串进行特定的应用；若验证所收到的client_uuid及数据串不完整或不正确时，则进行纪录；在本实施例中，不正确的讯息包括(1)某IP对应到的client_uuid不正确，则可能有盗用问题(2)若某client_uuid有配合上Geo Location的数据上传，可以藉由验证GeoLocation的合理性来验证(是否某个client_uuid这一分钟在亚洲，下一分钟在北美)。当不正确的讯息持续出现时，则判断代理伺服装置700可能被黑客攻击；则云端装置500可以选择关闭此代理伺服装置700。Step 11: when the cloud device 500 judges that the received client_uuid and data strings are complete and correct, the decoded client data strings are stored in the memory module, waiting for the user to perform specific applications on these received data strings; If the received client_uuid and data strings are incomplete or incorrect during verification, record them; in this embodiment, the incorrect information includes (1) the client_uuid corresponding to a certain IP is incorrect, and there may be a misappropriation problem ( 2) If a certain client_uuid is uploaded with Geo Location data, it can be verified by verifying the rationality of GeoLocation (whether a certain client_uuid is in Asia one minute and North America the next minute). When the incorrect information continues to appear, it is determined that the proxy server 700 may be attacked by hackers; then the cloud device 500 may choose to close the proxy server 700 .

很明显地，在整个物联网架构的连接方法过程中，从步骤1至步骤6都是在每一个客户端装置100出厂前就与云端装置500完成连接，即每一个客户端装置100出厂后，就已经自云端装置500获得完整的讯息包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_Broker IP；4.MQTT_Brokerusername/passward；5.client_Share_key；6.share_key_expiry date time。当物联网系统启动后，每一个客户端装置100所要传送给云端装置500处理的数据串，都会根据MQTT_Broker IP传送至代理伺服装置700，再由代理伺服装置700直接将客户端装置100数据串传送给云端装置500。故自步骤7至步骤10之间的讯息传递过程中，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率。由于代理伺服装置700只是将客户端装置100上传的数据直接传送给云端装置500，故可以降低代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码被破解的机率，可以更增加物联网通信过程的安全性。Obviously, in the connection method process of the entire Internet of Things architecture, from step 1 to step 6, the connection with the cloud device 500 is completed before each client device 100 leaves the factory, that is, after each client device 100 leaves the factory, The complete information obtained from the cloud device 500 includes: 1. Sever_pub_key; 2. Client_pri_key; 3. MQTT_Broker IP; 4. MQTT_Brokerusername/passward; 5. client_Share_key; 6. share_key_expiry date time. When the Internet of Things system is started, the data strings that each client device 100 will transmit to the cloud device 500 for processing will be sent to the proxy server device 700 according to the MQTT_Broker IP, and then the proxy server device 700 will directly transmit the data strings of the client device 100 Give cloud device 500. Therefore, during the message transmission process from step 7 to step 10, the cloud device 500 will not directly reveal its own address, so the probability of the cloud device 500 being attacked by hackers can be reduced. Since the proxy server device 700 only directly transmits the data uploaded by the client device 100 to the cloud device 500, it can reduce the probability of the MQTT_Broker IP, MQTT_Broker account number and password of the proxy server device 700 being cracked, and can further increase the security of the communication process of the Internet of Things sex.

接着，本发明还可以在图3的步骤4中，将客户端装置100向云端装置500取得代理伺服装置700的MQTT_Broker IP、MQTT_Broker帐号及MQTT_Broker密码的过程，分为两次来执行；例如:第一次是客户端装置100以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)通过https要求取得client_share_key及MQTT_Broker IP；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将client_share_key及MQTT_Broker IP等以client_pub_key编码后回传至客户端装置100；第二次是客户端装置100再以编码后的client_uuid(即client_uuid会根据sever_pub_key转成乱码)，通过https要求取得MQTT_Broker帐号及密码；而当云端装置500收到转成乱码的client_uuid后，即会根据sever_pri_key进行译码，以确认client_uuid是否正确；待云端装置500确认client_uuid正确后，云端装置500将MQTT_Broker帐号及密码等以client_pub_key编码后回传至客户端装置100。特别要说明的，第一次及第二次所要取得的内容中，只要求将MQTT_Broker的IP、帐号及密码分两次取得，其他并不加以限制。Next, in the present invention, in step 4 of FIG. 3 , the process of obtaining the MQTT_Broker IP, MQTT_Broker account number and MQTT_Broker password of the proxy server device 700 from the client device 100 to the cloud device 500 can be divided into two executions; for example: Once, the client device 100 requests client_share_key and MQTT_Broker IP through https with the encoded client_uuid (that is, the client_uuid will be converted into garbled characters according to the sever_pub_key); and when the cloud device 500 receives the client_uuid converted into garbled characters, it will perform Decoding to confirm whether the client_uuid is correct; after the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the client_share_key and MQTT_Broker IP with the client_pub_key and sends them back to the client device 100; the second time is that the client device 100 encodes After the client_uuid (that is, the client_uuid will be converted into garbled characters according to the sever_pub_key), the MQTT_Broker account and password will be obtained through https; and when the cloud device 500 receives the client_uuid converted into garbled characters, it will be decoded according to the sever_pri_key to confirm whether the client_uuid is correct ; After the cloud device 500 confirms that the client_uuid is correct, the cloud device 500 encodes the MQTT_Broker account and password with the client_pub_key and sends it back to the client device 100 . In particular, among the content to be obtained for the first time and the second time, only the IP, account number and password of MQTT_Broker are required to be obtained twice, and the others are not restricted.

接着，详细说明本发明的物联网架构应用在产品的物流管理系统上的实施方式。Next, the embodiment of applying the Internet of Things architecture of the present invention to the product logistics management system will be described in detail.

首先，请参考图5，是本发明的物联网产品物流管理系统架构示意图。如图5所示，本发明的一种产品的物流管理系统，包括:多个产品10、配置于每一个产品上的电子标签12、至少一个客户端装置100(例如:个人计算机、笔记本计算机、智能型手机、智能型便携设备、智能型读取装置等)，且每一个客户端装置100可以读取及传送电子标签12内部的讯息及藉由一个代理伺服装置700传送电子标签12内部讯息至云端装置500及一个与云端装置500连接的显示设备600所组成，物流管理系统之间使用无线网络形成通信链路；其中，每一个客户端装置100均为一种具有浮动IP的无线通信装置，且每一个客户端装置100均具有特定的用户标识符；云端处理装置500，是一种固定式域名系统(DNS)，其具有服务器(sever)的功能并且具有与每一个客户端装置100通信的功能，藉由每一个客户端装置100的特定用户标识符确认每一个客户端装置100均为物联网中的其中之一的客户端装置；代理伺服装置700(即MQTT Broker)，是一种随时变动的浮动IP，具有网址及密码，其最主要的工作是将确认是为物联网中的客户端装置100所传送的编码数据串在接收后，直接传送出至云端装置500，并能与云端装置100通信；其中，于云端装置500提供代理伺服装置700的网址及密码予物联网中的每一个客户端装置100后，这些客户端装置100只能与代理伺服装置700通信，并再由代理伺服装置700与云端装置500通信，以便将每一个客户端装置100所要传送的产品10讯息传至云端装置100中，并于云端装置100处理后，将处理后的结果于一个显示设备600上显示出来。First, please refer to FIG. 5 , which is a schematic diagram of the architecture of the IoT product logistics management system of the present invention. As shown in Figure 5, a logistics management system for a product of the present invention includes: a plurality of products 10, an electronic label 12 configured on each product, at least one client device 100 (for example: a personal computer, a notebook computer, Smart phones, smart portable devices, smart reading devices, etc.), and each client device 100 can read and transmit the internal information of the electronic tag 12 and send the internal information of the electronic tag 12 to the Composed of a cloud device 500 and a display device 600 connected to the cloud device 500, the logistics management system uses a wireless network to form a communication link; wherein, each client device 100 is a wireless communication device with a floating IP, And each client device 100 has a specific user identifier; the cloud processing device 500 is a fixed domain name system (DNS), which has the function of a server (sever) and has communication with each client device 100 function, confirm that each client device 100 is one of the client devices in the Internet of Things by the specific user identifier of each client device 100; proxy server device 700 (ie MQTT Broker), is a kind of The changing floating IP has a URL and a password. Its main job is to send the coded data string that is confirmed to be sent by the client device 100 in the Internet of Things to the cloud device 500 after receiving it, and can communicate with the cloud device. The device 100 communicates; where, after the cloud device 500 provides the website address and the password of the proxy server device 700 to each client device 100 in the Internet of Things, these client devices 100 can only communicate with the proxy server device 700, and then the agent The server device 700 communicates with the cloud device 500 so as to transmit the product 10 information to be sent by each client device 100 to the cloud device 100, and after the cloud device 100 processes the processed result, it displays the processed result on a display device 600 come out.

接着，请参考图6，是本发明的客户端装置(例如:个人计算机、笔记本计算机、智能型手机、智能型便携设备、智能型读取装置等)结构示意图；如图6所示，客户端装置100包括控制器110、多个天线120、多个输出入接口130及一个无线传输模块140所组成；再接着，请参考图7A，是本发明的云端装置结构示意图；如图7A所示，云端装置500是由一个接收/发射接口模块510、数据处理模块520与内存模块530所组成，其中，在内存模块530中已建立了安全判断数据库，包括编号、用户标识符(例如:MAC Address)、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等数据，故数据处理模块520会执行比对及验证，例如，至少比对每一个客户端装置100所使用的用户标识符(例如:MAC Address)是否已经储存在云端装置500的内存模块530数据库中；此外，云端装置500还可以通过接收/发射接口模块510与每一个客户端装置100、代理伺服装置700及显示模块600通信。Next, please refer to FIG. 6, which is a schematic structural diagram of a client device (for example: personal computer, notebook computer, smart phone, smart portable device, smart reading device, etc.) of the present invention; as shown in FIG. 6, the client The device 100 includes a controller 110, a plurality of antennas 120, a plurality of input and output interfaces 130 and a wireless transmission module 140; then, please refer to FIG. 7A, which is a schematic structural diagram of the cloud device of the present invention; as shown in FIG. 7A, The cloud device 500 is composed of a receiving/transmitting interface module 510, a data processing module 520, and a memory module 530, wherein a security judgment database has been established in the memory module 530, including serial numbers, user identifiers (for example: MAC Address) , the name or serial number of the warehouse where it is located, and the coordinates (including latitude and longitude) of its location and other data, so the data processing module 520 will perform comparison and verification, for example, at least compare the user identifier used by each client device 100 ( For example: whether MAC Address) has been stored in the memory module 530 database of the cloud device 500; in addition, the cloud device 500 can also communicate with each client device 100, proxy server device 700 and display module 600 through the receiving/transmitting interface module 510 .

当物流管理系统运作时，每一个客户端装置100已经已无线传输模块140通过https向云端装置500进行登录，并且已经确认每一个客户端装置100均为物联网中的客户端装置，同时，每一个客户端装置100也已经确认收到完整的讯息，包括:1.Sever_pub_key；2.Client_pri_key；3.MQTT_Broker IP；4.MQTT_Broker username/passward；5.client_Share_key；6.Share_key_expiry date time；其登录及验证过程，如前述实施例所述。而在本物流管理系统实施例中的客户端装置100为一种读写装置，其可以藉由天线120发出电讯号至产品10上的电子标签12，并触发电子标签12将储存于内部的讯息传送出来，再由读写装置的天线120接收电子标签12传送的讯息，经过输出入接口130再传递至控制器110处理，并在使用client_share_key将client_uuid及电子标签12讯息数据进行编码后，由无线传输模块140将编码后的讯息传送到代理伺服装置700；而代理伺服装置700在收到客户端装置所传送的数据串后，不做任何处理，而是直接将接收到的资料串直接传送出去；在云端装置500的接收/发射接口模块510收到代理伺服装置700的数据串后，会再经过数据处理模块520译码，此时，可以将电子标签12内部的讯息储存至内存模块530所设定的储存空间，例如，储存至特定公司所设定的储存空间；或者可以同步将电子标签12内部的讯息传送到显示模块600上显示出信息；也或者待数据处理模块520将多笔电子标签12内部的讯息经过特定处理后，再传送到显示模块600上显示出设定的信息状况；其中，数据处理模块520在进行安全辨识处理时，还可以将接收/发射接口模块510收到的每一个读写装置100的编号、用户标识符、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等数据与储存在内存模块530中的数据进行比对，如图7B所示，是本发明储存在内存模块530中的安全判断数据示意图；若验证所收到的client_uuid及数据串不完整或不正确时，则进行纪录。When the logistics management system is in operation, each client device 100 has logged in to the cloud device 500 through the wireless transmission module 140 through https, and it has been confirmed that each client device 100 is a client device in the Internet of Things. A client device 100 has also confirmed receipt of the complete message, including: 1. Sever_pub_key; 2. Client_pri_key; 3. MQTT_Broker IP; 4. MQTT_Broker username/passward; 5. client_Share_key; 6. Share_key_expiry date time; its login and authentication process, as described in the preceding examples. The client device 100 in this embodiment of the logistics management system is a read-write device, which can send an electrical signal to the electronic tag 12 on the product 10 through the antenna 120, and trigger the electronic tag 12 to store the internal information. After being sent out, the antenna 120 of the read-write device receives the message sent by the electronic tag 12, and then transmits it to the controller 110 for processing through the input/output interface 130, and after using the client_share_key to encode the client_uuid and the message data of the electronic tag 12, the wireless The transmission module 140 transmits the encoded message to the proxy server device 700; and the proxy server device 700 does not perform any processing after receiving the data string sent by the client device, but directly sends the received data string out ; After the receiving/transmitting interface module 510 of the cloud device 500 receives the data string of the proxy server device 700, it will be decoded by the data processing module 520. At this time, the internal information of the electronic tag 12 can be stored in the memory module 530. The set storage space, for example, is stored in the storage space set by a specific company; or the information inside the electronic tag 12 can be transmitted to the display module 600 to display the information; or the data processing module 520 will send multiple electronic The information inside the tag 12 is sent to the display module 600 after specific processing to display the set information status; wherein, the data processing module 520 can also send the information received by the receiving/transmitting interface module 510 when performing security identification processing. Data such as the serial number of each read-write device 100, the user identifier, the name or serial number of the warehouse where it is located, and the coordinates (including latitude and longitude) of its location are compared with the data stored in the memory module 530, as shown in Figure 7B, It is a schematic diagram of the security judgment data stored in the memory module 530 of the present invention; if the received client_uuid and data string are incomplete or incorrect during verification, record it.

在本实施例中，不正确讯息的产生可能包括:每一个客户端装置100发布信息频率有一定的规律性，如若产生某客户端装置100以不正常或过多频率来发布的信息；或某客户端装置100的ip对应到的client_uuid不正确，则可能有盗用问题；或是，若某client_uuid有配合上Geo Location的数据上传，可以藉由验证GeoLocation的合理性来验证(是否某个client_uuid这一分钟在亚洲，下一分钟在北美)；或代理伺服装置700本身频率发布信息非经MQTT方式，而试图连接云端装置500等；则视为不正确的讯息。当不正确的讯息持续出现时，则判断代理伺服装置700可能被黑客攻击；则云端装置500可以选择关闭此代理伺服装置700。此外，将云端装置500处理后的讯息传送到显示模块600的方式，可以示无线传输(WiFi,Bluetooth)或是有线传输。很明显的，在本发明的物联网连接架构中，在整个客户端装置100将数据串递给云端装置500的过程中，云端装置500并不会直接暴露出自己的地址，故可以降低云端装置500被黑客攻击的机率，可以大幅度的提高物联网的安全性。In this embodiment, the generation of incorrect information may include: each client device 100 has a certain regularity in the frequency of publishing information, such as generating information issued by a certain client device 100 with an abnormal or excessive frequency; or a certain If the client_uuid corresponding to the ip of the client device 100 is incorrect, there may be a misappropriation problem; or, if a certain client_uuid has data uploaded in conjunction with Geo Location, it can be verified by verifying the rationality of the GeoLocation (whether a certain client_uuid is One minute in Asia, the next minute in North America); or the proxy server device 700 itself publishes information at a frequency other than MQTT, and tries to connect to the cloud device 500, etc.; then it is regarded as an incorrect message. When the incorrect information continues to appear, it is determined that the proxy server 700 may be attacked by hackers; then the cloud device 500 may choose to close the proxy server 700 . In addition, the manner of transmitting the information processed by the cloud device 500 to the display module 600 may be wireless transmission (WiFi, Bluetooth) or wired transmission. Obviously, in the Internet of Things connection architecture of the present invention, during the entire process of the client device 100 passing the data string to the cloud device 500, the cloud device 500 will not directly expose its own address, so it can reduce the number of cloud devices. 500% chance of being hacked can greatly improve the security of the Internet of Things.

要强调的是，经由前述的详细说明，在本发明之后的产品物流管理系统实施例说明过程中，其每一个客户端装置100已经通过无线传输模块140向云端装置500进行登录，并且已经确认每一个客户端装置100均为物联网中的客户端装置，同时，每一个客户端装置100也已经确认收到完整的讯息，包括代理伺服装置700的MQTT_Broker IP及MQTT_Broker帐号及密码等，不再详细赘述。It should be emphasized that, through the foregoing detailed description, during the description of the embodiment of the product logistics management system after the present invention, each client device 100 has logged in to the cloud device 500 through the wireless transmission module 140, and has confirmed that each A client device 100 is a client device in the Internet of Things, and at the same time, each client device 100 has also confirmed receipt of a complete message, including the MQTT_Broker IP of the proxy server device 700 and the MQTT_Broker account number and password, etc., no more details repeat.

接着，请参考图8，本发明的物联网产品物流管理系统第一实施例示意图。如图8所示，本发明的产品物流管理系统包括第一位置区域(1)，例如产品存放的仓库；而产品10可以是任何货物，例如，运动鞋、皮包、衣服等消费性产品。第一位置区域1内存放多个产品10，且每一个产品10上均配置有一个电子标签12，此些电子标签12可以选择在产品10存放于第一位置区域1后，再逐一贴上；同时，此电子标签12中至少储存有产品10的品名及识别编码(ID code)；第一位置区域1具有一个出入口，且此出入口上配置有至少一个可以做为户端装置100的第一读写装置31/32/33(例如:三个第一读写装置的安全辨识码分别为A001、A002及A003)，每一个第一读写装置31/32/33均有一个安全辨识码、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等讯息；而在出入口上配置多个第一读写装置的目的，是当单位时间内产品通过出入口的数量增加时，可以有效的提高产品讯息读写的速度及正确率，而降低产品讯息读写的失误率。Next, please refer to FIG. 8 , which is a schematic diagram of a first embodiment of the IoT product logistics management system of the present invention. As shown in Figure 8, the product logistics management system of the present invention includes a first location area (1), such as a warehouse where products are stored; and the product 10 can be any goods, such as consumer products such as sports shoes, purses, and clothes. Multiple products 10 are stored in the first location area 1, and each product 10 is equipped with an electronic label 12, and these electronic labels 12 can be selected to be pasted one by one after the products 10 are stored in the first location area 1; At the same time, at least the product name and identification code (ID code) of the product 10 are stored in the electronic tag 12; Write device 31/32/33 (for example: the safety identification code of three first read-write devices is respectively A001, A002 and A003), each first read-write device 31/32/33 all has a safety identification code, location The name or number of the warehouse and the coordinates (including latitude and longitude) of its location; and the purpose of configuring multiple first read-write devices at the entrance and exit is to effectively improve the quality of the product when the number of products passing through the entrance and exit per unit time increases. Increase the speed and accuracy of product information reading and writing, and reduce the error rate of product information reading and writing.

当存放于第一位置区域1的产品10需要运送至销售据点时，每一个产品10都一定要经过配置在出入口上的至少一个第一读写装置31/32/33，而每一个第一读写装置31/32/33上的第一天线120会发射出讯号，使得每一个通过第一读写装置31/32/33的电子标签12在接收到第一天线120会发射出的讯号后，即会触发电子标签12将储存于内部的产品讯息传送出来，再由第一读写装置31/32/33的第一天线120接收电子标签12传送的讯息，经过输出入接口130传递至控制器110处理后，并在使用client_share_key将client_uuid及电子标签12讯息数据进行编码后，由无线传输模块140将编码后的讯息传送到代理伺服装置700；而代理伺服装置700在收到客户端装置100所传送的数据串后，不做任何处理，而是直接将接收到的资料串直接传送出去；在云端装置500的接收/发射接口模块510收到代理伺服装置700的数据串后，会再经过数据处理模块520译码，此时，可以将电子标签12内部的讯息储存至内存模块530所设定的储存空间，例如，储存至特定公司所设定的储存空间；或者可以同步将电子标签12内部的讯息传送到显示模块600上显示出信息；也或者待数据处理模块520将多笔电子标签12内部的讯息经过特定处理后，再传送到显示模块600上显示出设定的信息状况，使得云端装置500可以掌握有哪些产品及数量已经移出第一位置区域1；因而，可以进一步与存放在内存模块530内的仓储数据进行比对，已确认两者数量是否相同。When the products 10 stored in the first location area 1 need to be transported to the point of sale, each product 10 must pass through at least one first read-write device 31/32/33 arranged on the entrance and exit, and each first read-write device The first antenna 120 on the writing device 31/32/33 will emit a signal, so that each electronic tag 12 passing through the first reading and writing device 31/32/33 receives the signal emitted by the first antenna 120, The electronic tag 12 will be triggered to transmit the product information stored inside, and then the first antenna 120 of the first read-write device 31/32/33 will receive the information sent by the electronic tag 12, and then transmit the information to the controller through the input/output interface 130 110 after processing, and after using the client_share_key to encode the client_uuid and electronic tag 12 message data, the wireless transmission module 140 transmits the encoded message to the proxy server device 700; and the proxy server device 700 receives the client device 100 After transmitting the data string, do not do any processing, but directly transmit the received data string; after the receiving/transmitting interface module 510 of the cloud device 500 receives the data string of the proxy server device 700, it will pass the data string The processing module 520 decodes. At this time, the information inside the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, stored in the storage space set by a specific company; or the information inside the electronic tag 12 can be synchronized. The message is transmitted to the display module 600 to display the information; or after the data processing module 520 has processed the internal messages of multiple electronic tags 12 after specific processing, it is then sent to the display module 600 to display the set information status, so that the cloud The device 500 can grasp which products and quantities have been moved out of the first location area 1; therefore, it can further compare with the storage data stored in the memory module 530 to confirm whether the two quantities are the same.

接着，上述被移出的产品10需要被运送到另一区域进行贩卖时，可能需要透过运输装置将这些产品送到设定的区域进行仓储；例如，要将放在上海自由贸易区中的一万双运动鞋运送至北京王府井大街的销售点仓储。为了确保所要运送的运动鞋如期如数的送到设定的区域进行仓储，因此，进入运输装置的入口时，就必须确认是那些运动鞋进入运输装置(例如:一个货柜)，同时还必须确保整个运送过程中，放在运输装置中的产品是没有被缺少的。Then, when the above-mentioned removed products 10 need to be transported to another area for sale, it may be necessary to send these products to a set area for storage through a transport device; for example, to place a product in the Shanghai Free Trade Zone 10,000 pairs of sports shoes were delivered to the warehouse at the point of sale in Wangfujing Street, Beijing. In order to ensure that the sports shoes to be transported are delivered to the set area for storage as scheduled, when entering the entrance of the transport device, it must be confirmed that those sports shoes enter the transport device (for example: a container), and it must also be ensured During the entire shipping process, the product placed in the transport unit is not missing.

为了解决上述需求，本发明的产品物流管理系统第一实施例接着进行如下的程序。运输装置上的货柜(或称为第二位置区域2)配置一个出入口，出入口上配置至少一个可以做为户端装置100的第二读写装置41/42/43(例如:三个第二读写装置的安全辨识码分别为P004、P005及P006)，而每一个第二读写装置41/42/43上的第二天线220会发射出讯号，使得每一个通过第二读写装置41/42/43的电子标签12在接收到第二天线220会发射出的讯号后，即会触发电子标签12将储存于内部的产品讯息传送出来，再由第二读写装置41/42/43的第二天线220接收电子标签12传送的讯息，经过输出入接口130传递至控制器210处理后，并在使用client_share_key将client_uuid及电子标签12讯息数据进行编码后，由无线传输模块240将编码后的讯息传送到代理伺服装置700；而代理伺服装置700在收到客户端装置所传送的数据串后，不做任何处理，而是直接将接收到的资料串直接传送出去；在云端装置500的接收/发射接口模块510收到代理伺服装置700的数据串后，会再经过数据处理模块520译码，此时，可以将电子标签12内部的讯息储存至内存模块530所设定的储存空间，例如，储存至特定公司所设定的储存空间；或者可以同步将电子标签12内部的讯息传送到显示模块600上显示出信息；也或者待数据处理模块520将多笔电子标签12内部的讯息经过特定处理后，再传送到显示模块600上显示出设定的信息状况；使得云端装置500可以知道送进第二位置区域2的产品数量以及每一个产品的品名及识别编码，可以进一步与内存模块530内的仓储数据进行比对，使得云端装置500可以掌握有哪些产品及数量已经进入至第二位置区域2存放；此外，本实施例在对第二读写装置41/42/43所传送讯息的安全确认方式与前述相同，不再另行说明；其中的差异处在于安全辨识码，以本实施例而言，P004中的P代表是配置在运输货柜上的读写装置，故其可以选择传送或是不传送坐标(包括经/纬度)讯息。In order to solve the above-mentioned needs, the first embodiment of the product logistics management system of the present invention proceeds with the following procedures. The container on the transport device (or called the second location area 2) is equipped with an entrance and exit, and at least one second read-write device 41/42/43 (for example: three second read-write devices 41/42/43) that can be used as the client device 100 is configured on the entrance-exit. The security identification codes of the writing device are respectively P004, P005 and P006), and the second antenna 220 on each second reading and writing device 41/42/43 will emit a signal, so that each one passes through the second reading and writing device 41/43 After the electronic tag 12 of 42/43 receives the signal emitted by the second antenna 220, it will trigger the electronic tag 12 to transmit the product information stored inside, and then the second read-write device 41/42/43 The second antenna 220 receives the message transmitted by the electronic tag 12, passes it to the controller 210 for processing through the input/output interface 130, and uses the client_share_key to encode the client_uuid and the message data of the electronic tag 12, and the wireless transmission module 240 transmits the encoded message The message is sent to the proxy server device 700; and the proxy server device 700 does not do any processing after receiving the data string sent by the client device, but directly sends the received data string out; After the transmission interface module 510 receives the data string from the proxy server device 700, it will be decoded by the data processing module 520. At this time, the internal information of the electronic tag 12 can be stored in the storage space set by the memory module 530, for example , stored in the storage space set by the specific company; or the information inside the electronic tag 12 can be transmitted to the display module 600 to display the information; After processing, it is sent to the display module 600 to display the set information status; so that the cloud device 500 can know the number of products sent into the second location area 2 and the product name and identification code of each product, and can further communicate with the memory module 530 Compare the storage data in the cloud device 500, so that the cloud device 500 can grasp which products and quantities have entered the second location area 2 for storage; in addition, this embodiment is based on the information sent by the second read-write device 41/42/43 The safety confirmation method is the same as above, and no further explanation will be given; the difference lies in the safety identification code. In this embodiment, the P in P004 represents the read-write device configured on the transport container, so it can choose to transmit or Yes do not send coordinates (including longitude/latitude) information.

再接着，请参考图9，本发明的物联网产品物流管理系统第一实施例中的第二位置区域示意图。在第二位置区域2中，进一步配置有至少一个可以做为户端装置100的第三读写装置51/52/53(例如:三个第三读写装置的安全辨识码分别为G007、G008及G009)，其中，每一个第三读写装置51/52/53是至少一个第三天线320、第三控制模块310、定位装置150及第三无线传输模块340所组成。这些第三读写装置51/52/53用以对放置在第二位置2中的产品10进行扫描或监控，以确保存放在第二位置区域2的产品数量都安全的放置在第二位置区域2中；很明显的，在本实施例中，此第二位置区域2为一种运送产品的运输货柜，已使整个产品10在运送过程中，这些第三读写装置51/52/53都会持续地经由第三天线320发出讯息至产品10上的电子标签12后，即会触发电子标签12将储存于内部的产品讯息发射出来，再由第三读写装置51/52/53的第三天线320接收电子标签12发射的讯息，经过输出入接口130传递至控制器110处理后，并在使用client_share_key将client_uuid及电子标签12讯息数据进行编码后，由无线传输模块140将编码后的讯息传送到代理伺服装置700；而代理伺服装置700在收到客户端装置所传送的数据串后，不做任何处理，而是直接将接收到的资料串直接传送出去；在云端装置500的接收/发射接口模块510收到代理伺服装置700的数据串后，会再经过数据处理模块520译码，此时，可以将电子标签12内部的讯息储存至内存模块530所设定的储存空间，例如，储存至特定公司所设定的储存空间；或者可以同步将电子标签12内部的讯息传送到显示模块600上显示出信息；也或者待数据处理模块520将多笔电子标签12内部的讯息经过特定处理后，再传送到显示模块600上显示出设定的信息状况；使得云端装置500可以藉由GPS坐标讯息来判断出产品目前运送至何处。Next, please refer to FIG. 9 , which is a schematic diagram of the second location area in the first embodiment of the IoT product logistics management system of the present invention. In the second location area 2, at least one third read-write device 51/52/53 that can be used as the client device 100 is further configured (for example: the security identification codes of the three third read-write devices are G007 and G008 respectively. and G009), wherein each third read-write device 51/52/53 is composed of at least one third antenna 320, a third control module 310, a positioning device 150 and a third wireless transmission module 340. These third read-write devices 51/52/53 are used to scan or monitor the products 10 placed in the second location 2, so as to ensure that the quantity of products stored in the second location area 2 is safely placed in the second location area 2; obviously, in this embodiment, the second location area 2 is a transport container for transporting products, so that the entire product 10 is in the process of transport, and these third read-write devices 51/52/53 will all After continuously sending messages to the electronic tag 12 on the product 10 through the third antenna 320, the electronic tag 12 will be triggered to transmit the product information stored inside, and then the third read-write device 51/52/53 The antenna 320 receives the message transmitted by the electronic tag 12, passes it to the controller 110 for processing through the input/output interface 130, and uses the client_share_key to encode the client_uuid and the message data of the electronic tag 12, and then transmits the encoded message by the wireless transmission module 140 to the proxy server device 700; and the proxy server device 700 does not do any processing after receiving the data string transmitted by the client device, but directly sends the received data string out; the reception/transmission of the cloud device 500 After the interface module 510 receives the data string from the proxy server device 700, it will be decoded by the data processing module 520. At this time, the information inside the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, storing To the storage space set by a specific company; or the information inside the electronic tag 12 can be transmitted to the display module 600 to display the information synchronously; or after the data processing module 520 has processed the information inside the multiple electronic tags 12 , and then sent to the display module 600 to display the set information status; so that the cloud device 500 can judge where the product is currently being delivered to by using the GPS coordinate information.

此外，要强调的是，上述实施例所述的电子标签可以包括NFC、RFID、ID stamp或ID贴纸等其中一种；其中，如果放置在第二位置(货柜)2中的产品10上的电子标签12是RFID时，则配置在第二位置(货柜)2中的第三读写装置51/52/53可以固定在一个位置上；而若当放置在第二位置(货柜)2中的产品10上的电子标签12是NFC、ID stamp或ID贴纸时，则配置在第二位置2中的第三读写装置51/52/53就必须要能在第二位置(货柜)2中移动，以确定能扫描到每一个产品10。再者，系统上的电子标签12与第一天线120、第二天线220及第三天线320的频率是相互匹配。In addition, it should be emphasized that the electronic tag described in the above embodiments may include one of NFC, RFID, ID stamp or ID sticker; wherein, if the electronic tag placed on the product 10 in the second position (container) When the tag 12 is an RFID, the third read-write device 51/52/53 configured in the second position (container) 2 can be fixed in one position; and if the product placed in the second position (container) 2 When the electronic tag 12 on the 10 is NFC, ID stamp or ID sticker, then the third read-write device 51/52/53 configured in the second position 2 must be able to move in the second position (container) 2 to Make sure that every product 10 can be scanned. Furthermore, the frequencies of the electronic tags 12 on the system and the first antenna 120 , the second antenna 220 and the third antenna 320 are matched with each other.

另外，还要强调的是，云端装置500是一种固定式域名系统(DNS)，其具有服务器(sever)的功能并且具有与客户端装置100通信的功能，是由一个接收/发射接口模块510、数据处理模块520与内存模块530所组成，并且可以通过接收/发射接口模块510与显示模块600连接；数据处理模块520已经将配置在第一位置区域1的第一出入口上的至少一个第一读写装置31/32/33(例如配置3个第一读写装置)的安全辨识码、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等讯息纪录并储存在内存模块530的内存中；同样的，数据处理模块520也已经将配置在第二位置区域2的第二出入口上的至少一个第二读写装置41/42/43的安全辨识码(例如配置3个第二读写装置)、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等讯息纪录并储存在内存模块530的的内存中；而配置在第二位置2中的至少一个第三读写装置51/52/53，其安全辨识码、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等讯息，也会被纪录并储存在内存模块530的内存中，如图7B及图7C所示，其中，图7C本发明储存在内存模块内的仓储数据示意图。当数据处理模块520判断所收到的client_uuid及数据串正确时，就可以将这些讯息储存至内存模块530所设定的特定储存空间；当判断所收到的client_uuid及数据串不正确时或是错误时，表示所收到的读写装置并非物流管理系统所传送，可能有黑客讯息要入侵或客户端数据异常，故云端装置500的数据处理模块520就会依据判别结果来决定是忽略此讯息又或者可以选择关闭此代理伺服装置700或者发出警告通知，不进行后续的处理。In addition, it should also be emphasized that the cloud device 500 is a fixed domain name system (DNS), which has the function of a server (sever) and has the function of communicating with the client device 100, and is controlled by a receiving/transmitting interface module 510 , a data processing module 520 and a memory module 530, and can be connected to the display module 600 through the receiving/transmitting interface module 510; the data processing module 520 has configured at least one first Information records such as the security identification code of the read-write device 31/32/33 (for example, configuring 3 first read-write devices), the name or number of the warehouse, and the coordinates (including latitude and longitude) of its location are recorded and stored in the memory module 530. In the internal memory; similarly, the data processing module 520 has also configured the security identification code of at least one second read-write device 41/42/43 on the second entrance and exit of the second location area 2 (for example, three second read-write devices are configured write device), the name or number of the warehouse, and the coordinates (including latitude and longitude) of its location are recorded and stored in the internal memory of the memory module 530; and at least one third read-write device configured in the second position 2 51/52/53, information such as its security identification code, the name or number of the warehouse where it is located, and the coordinates (including latitude and longitude) of its location will also be recorded and stored in the internal memory of the memory module 530, as shown in Figure 7B and Figure 7C As shown, among them, FIG. 7C is a schematic diagram of storage data stored in the memory module of the present invention. When the data processing module 520 judges that the received client_uuid and the data string are correct, these messages can be stored in the specific storage space set by the memory module 530; when it is judged that the received client_uuid and the data string are incorrect or When an error occurs, it means that the received read-write device is not sent by the logistics management system, there may be a hacker message to invade or the client data is abnormal, so the data processing module 520 of the cloud device 500 will decide whether to ignore this message according to the judgment result Or you can choose to shut down the proxy server 700 or issue a warning notification without performing subsequent processing.

此外，在第一位置区域1中的产品10讯息可以在产品10进入第一位置区域1之前就已经记录在云端装置500在数据处理模块520或内存模块530中；其也可以选择在将复数个产品10都经过第一位置区域1的第一读写装置31/32/33后，将通过第一位置区域1的产品10数量以及每一个产品的品名及识别编码都记录后，再建立产品在第一位置区域1中的产品数量以及每一个产品的品名及识别编码数据，并也记录在云端装置500在数据处理模块520或内存模块530中，如图7C所示；此时，云端装置500在数据处理模块520执行储存至内存模块530的过程中，还会增加一个数据储存的时间记录，以做为后续比对的数据之一。而选择以前述何种方式记录第一位置区域1中的产品数量以及每一个产品的品名及识别编码数据，本发明并不加以限制。In addition, the product 10 information in the first location area 1 can be recorded in the cloud device 500 in the data processing module 520 or the memory module 530 before the product 10 enters the first location area 1; After all the products 10 have passed through the first read-write device 31/32/33 of the first location area 1, the quantity of the products 10 passing through the first location area 1 and the product name and identification code of each product are all recorded, and then the product is established in the The number of products in the first location area 1 and the product name and identification code data of each product are also recorded in the cloud device 500 in the data processing module 520 or the memory module 530, as shown in Figure 7C; at this time, the cloud device 500 When the data processing module 520 executes storing to the memory module 530, a time record of data storage is also added as one of the data for subsequent comparison. The present invention does not limit the selection of the aforementioned method for recording the quantity of products in the first location area 1 and the product name and identification code data of each product.

很明显的，当第一位置区域1中的产品数量以及每一个产品的品名及识别编码等数据已经建立在云端装置500的内存模块530后，即会通过云端装置500内的数据处理模块520进行处理及比对；当数据处理模块520经过安全判断及讯息处理后，即会知道通过第一位置区域1的产品数量以及每一个产品的品名及识别编码，可以进一步与内存模块530内的仓储数据(如图7C所示)进行比对，使得云端装置500可以掌握有哪些产品及数量已经移出第一位置区域1。此时，云端装置500可以通过接收/发射接口模块510与显示器就600连接，用以将原储存在第一位置区域1的产品数量、产品的品名以及记录的时间都显示出来；或是显示出在何时已经有哪些产品及数量已经移出第一位置区域1，及还有多少产品及数量还存放在第一位置区域1中；可以使得管理者能够掌握第一位置区域1中的产品数量及产品的品名；当然，管理者也可以透过云端装置500查询的方式，知道存放在第一位置区域1的产品品名及其识别编码。Obviously, when the data such as the number of products in the first location area 1 and the product name and identification code of each product have been established in the memory module 530 of the cloud device 500, they will be processed by the data processing module 520 in the cloud device 500. Processing and comparison; after the data processing module 520 has passed the security judgment and information processing, it will know the number of products passing through the first location area 1 and the product name and identification code of each product, which can be further compared with the storage data in the memory module 530 (As shown in FIG. 7C ) comparison is performed, so that the cloud device 500 can grasp which products and quantities have been moved out of the first location area 1 . At this time, the cloud device 500 can be connected to the display 600 through the receiving/transmitting interface module 510, so as to display the product quantity, product name and recorded time originally stored in the first location area 1; or display What products and quantities have been moved out of the first location area 1 when, and how many products and quantities are still stored in the first location area 1; it can enable the manager to grasp the product quantity and quantity in the first location area 1 The name of the product; of course, the manager can also know the name of the product and its identification code stored in the first location area 1 by querying the cloud device 500 .

最后，经过本发明的产品物流管理系统第一实施例的运作后，管理者可以在与云端装置500连接的显示模块600上看到目前在仓库中还存放着多少产品、目前有多少产品正在运送途中、目前已运送至何处及预定何时会到达目的地(王府井大街)等讯息；同时，管理者也可以通过云端装置500对管理系统中的产品查询其产品的品名及识别编码。同样的，在本发明的另一较佳实施例中，配置在第二位置1中的第一读写装置31/32/33也可以如第三读写装置51/52/53就必须要能在第一位置1中移动，以确定能扫描到每一个产品10。Finally, after the operation of the first embodiment of the product logistics management system of the present invention, the manager can see on the display module 600 connected to the cloud device 500 how many products are still stored in the warehouse and how many products are currently being transported On the way, where it has been transported and when it is scheduled to arrive at the destination (Wangfujing Street); at the same time, the manager can also query the product name and identification code of the product in the management system through the cloud device 500 . Similarly, in another preferred embodiment of the present invention, the first read-write device 31/32/33 arranged in the second position 1 can also be as the third read-write device 51/52/53 must be able Move in the first position 1 to make sure that each product 10 can be scanned.

在本发明的物品管理系统可以进一步与物品仓储及销售管理系统整合成为一个完整的系统，其详细的运作过程说明如下。The article management system of the present invention can be further integrated with the article storage and sales management system to form a complete system, and its detailed operation process is described as follows.

请参考图10，是本发明物联网产品物流管理系统第二实施例的物品仓储管理示意图。首先，当多个贴有电子标签12的产品10已经放置于第一仓储区域1，例如在第一实施例中，已将产品(一万双运动鞋)运送到王府井大街的第一仓储区域1中存放，并且放置于第一仓储区域1中的产品数量、产品品名及识别编码也已经储存在云端装置的记忆装置中；很明显的，第一仓储区域1具有一个出入口，且此出入口上配置有至少一个第一读写装置，每一个第一读写装置均有一个编号31/32/33(例如:三个第一读写装置的安全辨识码分别为A001、A002及A003)、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等讯息，并且也都已经纪录或储存在云端装置的记忆装置中。接着，当管理者要将放置于第一仓储区域(1)中的产品分别送到不同的销售据点时，即可以由本发明的物品仓储及销售管理系统来达成。Please refer to FIG. 10 , which is a schematic diagram of item warehouse management in the second embodiment of the IoT product logistics management system of the present invention. First, when a plurality of products 10 with electronic labels 12 have been placed in the first storage area 1, for example, in the first embodiment, the products (10,000 pairs of sports shoes) have been transported to the first storage area of Wangfujing Street 1, and the product quantity, product name and identification code placed in the first storage area 1 have also been stored in the memory device of the cloud device; obviously, the first storage area 1 has an entrance, and the entrance Configure with at least one first read-write device, each first read-write device has a number 31/32/33 (for example: the security identification codes of the three first read-write devices are A001, A002 and A003 respectively), where Information such as the name or number of the warehouse and the coordinates (including latitude and longitude) of its location have also been recorded or stored in the memory device of the cloud device. Then, when the manager wants to send the products placed in the first storage area (1) to different sales locations, it can be achieved by the article storage and sales management system of the present invention.

当管理者要将放置于第一仓储区域1中的产品(一万双运动鞋)分别送五千双运动鞋到第一销售据点、三千双运动鞋到第二销售据点及一千双运动鞋到第三销售据点；此时，当产品编号1至编号5000的运动鞋要运送到第一销售据点时，这些编号1至编号5000的运动鞋会通过第一仓储区域1的出入口，而出入口上配置有至少一个第一读写装置，其中，每一个第一读写装置31/32/33上的第一天线120会发射出讯号，使得每一个通过第一读写装置31/32/33的电子标签12在接收到第一天线120会发射出的讯号后，即会触发电子标签12将储存于内部的产品讯息发射出来，再由第一读写装置31/32/33的第一天线120接收电子标签12发射的讯息，经过输出入接口130传递至控制器110处理后，并在使用client_share_key将client_uuid及电子标签12讯息数据进行编码后，由无线传输模块140将编码后的讯息传送到代理伺服装置700；而代理伺服装置700在收到客户端装置所传送的数据串后，不做任何处理，而是直接将接收到的资料串直接传送出去；在云端装置500的接收/发射接口模块510收到代理伺服装置700的数据串后，会再经过数据处理模块520译码，此时，可以将电子标签12内部的讯息储存至内存模块530所设定的储存空间，例如，储存至特定公司所设定的储存空间；其中，第一读写装置31/32/33所传送的讯息包括其编号、所在仓库的名称或编号、其所在位置的坐标(包括经纬度)、电子标签中的产品品名及识别编码；当编号1至编号5000的运动鞋都经过第一仓储区域1的第一读写装置31/32/33后，很明显的，云端装置500的数据处理模块520处理后，即会知道编号1至编号5000的运动鞋已经移出第一仓储区域1，而云端装置500内的数据处理模块520就会将编号1至编号5000的运动鞋移出第一仓储区域1的时间记录，例如:早上9点。而在云端装置500的数据处理模块520进行处理的过程中，数据处理模块520会先确认这些收到的讯息，是否为管理系统的第一读写装置31/32/33所发出；例如，数据处理模块520至少会确认每一个送进来的第一读写装置的编号、所在仓库的名称或编号以及其所在位置的坐标(包括经纬度)等讯息，是否与储存在内存模块530内的记录讯息相同；当判断所收到的讯息正确时，就可以将这些第一读写装置31/32/33所传送的讯息储存至内存模块530所设定的特定储存空间或者可以同步将电子标签12内部的讯息传送到显示模块600上显示出信息；也或者待数据处理模块520将多笔电子标签12内部的讯息经过特定处理后，再传送到显示模块600上显示出设定的信息状况；使得云端装置500；当判断所收到的讯息不正确时，表示可能有黑客讯息要入侵，故数据处理模块就会忽略此讯息，不进行后续的处理又或者可以选择关闭此代理伺服装置700或者进一步发出警告至云端装置。When the manager wants to send 5,000 pairs of sports shoes to the first sales site, 3,000 pairs of sports shoes to the second sales site, and 1,000 pairs of sports shoes to the product (10,000 pairs of sports shoes) placed in the first storage area 1 Shoes to the third sales site; at this time, when the sports shoes with product numbers 1 to 5000 are to be transported to the first sales site, these sports shoes with numbers 1 to 5000 will pass through the entrance and exit of the first storage area 1, and the entrance and exit There is at least one first read-write device configured on it, wherein, the first antenna 120 on each first read-write device 31/32/33 will emit a signal, so that each pass through the first read-write device 31/32/33 After receiving the signal emitted by the first antenna 120, the electronic tag 12 will trigger the electronic tag 12 to transmit the product information stored inside, and then the first antenna of the first read-write device 31/32/33 120 receives the message transmitted by the electronic tag 12, passes it to the controller 110 for processing through the input/output interface 130, and uses the client_share_key to encode the client_uuid and the message data of the electronic tag 12, and then the wireless transmission module 140 transmits the encoded message to The proxy server device 700; and the proxy server device 700 does not do any processing after receiving the data string transmitted by the client device, but directly transmits the received data string directly; the receiving/transmitting interface of the cloud device 500 After the module 510 receives the data string from the proxy server device 700, it will be decoded by the data processing module 520. At this time, the information inside the electronic tag 12 can be stored in the storage space set by the memory module 530, for example, stored in The storage space set by a specific company; wherein, the information transmitted by the first read-write device 31/32/33 includes its number, the name or number of the warehouse where it is located, the coordinates (including latitude and longitude) of its location, and the information in the electronic tag. Product name and identification code; when the sports shoes numbered 1 to 5000 all pass through the first reading and writing device 31/32/33 in the first storage area 1, obviously, after the data processing module 520 of the cloud device 500 processes, That is, it will be known that the sports shoes numbered 1 to 5000 have been removed from the first storage area 1, and the data processing module 520 in the cloud device 500 will record the time when the sports shoes numbered 1 to 5000 have been removed from the first storage area 1, For example: 9 am. In the process of processing by the data processing module 520 of the cloud device 500, the data processing module 520 will first confirm whether these received messages are sent by the first read-write device 31/32/33 of the management system; for example, the data The processing module 520 will at least confirm whether the serial number of each incoming first read-write device, the name or serial number of the warehouse, and the coordinates (including latitude and longitude) of its location are the same as the recorded information stored in the memory module 530 ; When it is judged that the received message is correct, the message sent by these first read-write devices 31/32/33 can be stored in the specific storage space set by the memory module 530 or can be synchronously stored in the electronic tag 12. The message is sent to the display module 600 to display the information; or after the data processing module 520 has processed the internal messages of multiple electronic tags 12 for specific processing, it is then sent to the display module 600 to display the set information status; so that the cloud device 500; when it is judged that the received message is incorrect, it means that there may be a hacker message to invade, so the data processing module will ignore this message, do not perform subsequent processing, or you can choose to close this proxy server device 700 or send a further warning to the cloud device.

同样的，当编号5001至编号8000的运动鞋通过第一仓储区域1的出入口上的至少一个第一读写装置31/32/33后，通过相同的系统运作，云端装置500即会知道编号5001至编号8000的运动鞋已经移出第一仓储区域1，而云端装置500内的数据处理模块520就会将编号5001至编号8000的运动鞋移出第一仓储区域1的时间记录，例如:早上10点。当编号8001至编号9000的运动鞋通过第一仓储区域1的出入口上的至少一个第一读写装置31/32/33后，通过相同的系统运作，云端装置500即会知道编号8001至编号9000的运动鞋已经移出第一仓储区域1，而云端装置500内的数据处理模块520就会将编号8001至编号9000的运动鞋移出第一仓储区域1的时间记录，例如:早上11点。当第二实施例运作到此时，管理者可以在与云端装置500连接的显示模块600上看到目前在仓库中还存放着编号9001至编号10000的运动鞋；而编号1至编号5000的运动鞋、编号5001至编号8000的运动鞋及编号8001至编号9000的运动鞋则显示在不同的时间已经移出第一仓储区域1。Similarly, when the sports shoes numbered 5001 to 8000 pass through at least one first read-write device 31/32/33 on the entrance and exit of the first storage area 1, the cloud device 500 will know the number 5001 through the same system operation The sports shoes numbered 8000 have been moved out of the first storage area 1, and the data processing module 520 in the cloud device 500 will move the time records of the sports shoes numbered 5001 to 8000 out of the first storage area 1, for example: 10 o'clock in the morning . After the sports shoes numbered 8001 to 9000 pass through at least one first read-write device 31/32/33 on the entrance and exit of the first storage area 1, the cloud device 500 will know the numbers 8001 to 9000 through the same system operation The sports shoes have been moved out of the first storage area 1, and the data processing module 520 in the cloud device 500 will record the time when the sports shoes numbered 8001 to 9000 have been moved out of the first storage area 1, for example: 11 o'clock in the morning. When the second embodiment operates to this point, the manager can see on the display module 600 connected with the cloud device 500 that there are currently sports shoes with numbers 9001 to 10000 in the warehouse; and sports shoes with numbers 1 to 5000 Shoes, sports shoes with numbers 5001 to 8000 and sports shoes with numbers 8001 to 9000 are shown to have been moved out of the first storage area 1 at different times.

接着，当编号1至编号5000的运动鞋已经运送到第一销售据点后，即会通过配置在第一销售据点中的读写装置61(例如:安全辨识码为S010)，因此，透过系统前述相同的运作后，管理者可以在与云端装置500连接的显示模块600上看到目前在仓库中还存放着编号9001至编号10000的运动鞋；而编号1至编号5000的运动鞋在早上11点已经存放在第一销售据点中，而管理者也可以通过云端装置500进行产品讯息的查询，例如查询编号1至编号5000运动鞋的尺寸讯息。同样的，当编号5001至编号8000的运动鞋已经运送到第二销售据点后，即会通过配置在第二销售据点中的读写装置62(例如:安全辨识码为S011)，因此，透过系统前述相同的运作后，管理者可以在与云端装置500连接的显示模块600上看到目前在仓库中还存放着编号9001至编号10000的运动鞋、编号1至编号5000的运动鞋在早上11点已经存放在第一销售据点、以及编号5001至编号8000的运动鞋在早上11点30分已经存放在第二销售据点中，而管理者也可以通过云端装置500进行产品讯息的查询，例如查询编号5001至编号8000运动鞋的尺寸讯息。再接着，当编号8001至编号9000的运动鞋已经运送到第三销售据点后，即会通过配置在第三销售据点中的读写装置63(例如:安全辨识码为S012)，因此，透过系统前述相同的运作后，管理者可以在与云端装置500连接的显示模块600上看到目前在仓库中还存放着编号9001至编号10000的运动鞋，编号1至编号5000的运动鞋在早上11点已经存放在第一销售据点、编号5001至编号8000的运动鞋在早上11点30分已经存放在第二销售据点、以及编号8001至编号9000的运动鞋在早上12点已经存放在第三销售据点中，而管理者也可以通过云端装置500进行产品讯息的查询，例如查询编号8001至编号9000运动鞋的尺寸讯息。Then, after the sports shoes numbered 1 to 5000 have been transported to the first sales site, they will pass through the read-write device 61 configured in the first sales site (for example: the security identification code is S010), therefore, through the system After the aforementioned same operation, the manager can see on the display module 600 connected with the cloud device 500 that there are currently sports shoes with numbers 9001 to 10000 in the warehouse; Points have been stored in the first sales office, and the manager can also query product information through the cloud device 500, such as querying the size information of sports shoes numbered 1 to 5000. Similarly, after the sports shoes numbered 5001 to 8000 have been transported to the second point of sale, they will pass through the read-write device 62 configured in the second point of sale (for example: the security identification code is S011), therefore, through After the above-mentioned same operation of the system, the manager can see on the display module 600 connected to the cloud device 500 that there are currently sports shoes with numbers 9001 to 10000 in the warehouse, and sports shoes with numbers 1 to 5000. point has been stored in the first sales site, and sports shoes numbered 5001 to 8000 have been stored in the second sales site at 11:30 in the morning, and the manager can also query product information through the cloud device 500, such as query Size information for sneakers No. 5001 to No. 8000. Then, after the sports shoes numbered 8001 to 9000 have been transported to the third sales site, they will pass through the read-write device 63 configured in the third sales site (for example: the security identification code is S012), therefore, through After the above-mentioned same operation of the system, the manager can see on the display module 600 connected to the cloud device 500 that there are currently sports shoes with numbers 9001 to 10000 stored in the warehouse, and sports shoes with numbers 1 to 5000 are stored at 11 in the morning. point has been stored at the first sales site, the sports shoes numbered 5001 to 8000 have been stored at the second sales site at 11:30 am, and the sports shoes numbered 8001 to 9000 have been stored at the third sales site at 12 am In the base, the manager can also query product information through the cloud device 500, such as querying the size information of sports shoes numbered 8001 to 9000.

最后，说明本第二实施例的销售运作，请参考图11，是本发明的物联网产品物流管理系统第二实施例的销售管理示意图。如图11所示，当客户已经确定所要购买的产品(例如:运动鞋编号第999)后，服务人员会携带产品10至柜台进行结账。此时，销售人员会将产品10上的电子标签12拿至配置在柜台上的读写装置71(例如:编号为CS0100)，其中，配置在柜台上的读写装置71除了与一般读写装置有相同的结构外，还进一步有消磁模块170；当确定客户已经完成付款后，即由柜台通知读写装置71发出编号第999的运动鞋已经售出的讯息，由于配置在柜台上的读写装置71的编号、所在销售点的名称或编号及其所在位置的坐标(包括经纬度)等讯息已经储存在云端装置中，故当配置在柜台上的读写装置71将已完成产品销售的讯息送出后，经过云端装置500的数据处理模块520处理后，就会通过接收/发射接口模块510在显示模块600上显示出原先存放在第一销售点的编号第999的运动鞋已经售出的讯息。因此，透过系统前述相同的运作后，管理者可以在与云端装置500连接的显示模块600上看到存放在第一销售点的编号第999的运动鞋已经售出的讯息。同样的，当存放在第二销售点的读写装置(未显示于图中)送出编号第5999的运动鞋已经售出的讯息及存放在第三销售点的读写装置(未显示于图中)送出编号第8999的运动鞋已经售出的讯息后，经过云端装置500的数据处理模块520处理后，就会通过接收/发射接口模块510在显示模块600上显示第一销售点的编号第999的运动鞋已经售出的讯息、第二销售点的编号第5999的运动鞋已经售出的讯息以及第三销售点的编号第8999的运动鞋已经售出的讯息；其最后显示在显示模块600上，其销售讯息的显示结果，如图12所示，系本发明中的管理者讯息显示的示意图。Finally, to describe the sales operation of the second embodiment, please refer to FIG. 11 , which is a schematic diagram of the sales management of the second embodiment of the IoT product logistics management system of the present invention. As shown in Figure 11, when the customer has determined the product to be purchased (for example: sports shoes number 999), the service personnel will carry the product 10 to the counter to check out. At this time, the salesperson will take the electronic tag 12 on the product 10 to the read-write device 71 (for example: the serial number is CS0100) arranged on the counter, wherein, the read-write device 71 arranged on the counter is different from the general read-write device In addition to the same structure, there is further a degaussing module 170; when it is determined that the customer has completed the payment, the counter notifies the read-write device 71 to send a message that the 999th sports shoe has been sold. Information such as the number of the device 71, the name or number of the sales point and the coordinates (including latitude and longitude) of its location have been stored in the cloud device, so when the read-write device 71 configured on the counter sends the message that the product sales have been completed Afterwards, after being processed by the data processing module 520 of the cloud device 500, it will be displayed on the display module 600 through the receiving/transmitting interface module 510 that the 999th sports shoe originally stored at the first point of sale has been sold. Therefore, after the above-mentioned same operation of the system, the manager can see on the display module 600 connected to the cloud device 500 that the sports shoes with the number 999 stored at the first point of sale have been sold. Similarly, when the read-write device (not shown in the figure) stored in the second point of sale sends the message that the sports shoes numbered 5999 have been sold and the read-write device (not shown in the figure) stored in the third point of sale ) after sending the message that the sports shoes with the number 8999 have been sold, after being processed by the data processing module 520 of the cloud device 500, the number 999 of the first point of sale will be displayed on the display module 600 through the receiving/transmitting interface module 510 The information that the sports shoes of the second sales point have been sold, the information that the sports shoes with the number 5999 of the second sales point have been sold, and the information that the sports shoes with the number 8999 of the third sales point have been sold; it is finally displayed on the display module 600 Above, the display result of the sales information, as shown in FIG. 12 , is a schematic diagram of the manager information display in the present invention.

此外，当配置在产品10上的电子标签是使用RFID时，则此RFID可以回收再使用；当然这些配置在产品上的电子标签12也可以使用其他型式，例如:包括NFC、ID stamp或ID贴纸等。而本第二实施例的电子标签12与系统中的每一天线120/220/320的频率是相互匹配的。In addition, when the electronic tag configured on the product 10 uses RFID, the RFID can be recycled; of course, these electronic tags 12 configured on the product can also use other types, for example: including NFC, ID stamp or ID sticker Wait. However, the frequencies of the electronic tag 12 in the second embodiment and each antenna 120/220/320 in the system are mutually matched.

根据上述的第一实施例与第二实施例的详细说明后，本发明可以将其进一步组合后，即会形成本发明完整的物品仓储、物流及销售管理系统，故不再详细说明。According to the detailed description of the first embodiment and the second embodiment above, the present invention can be further combined to form a complete article storage, logistics and sales management system of the present invention, so no detailed description will be given here.

虽然本发明以前述的较佳实施例揭露如上，然其并非用以限定本发明，任何熟习本领域技艺者，在不脱离本发明的精神和范围内，当可作些许更动与润饰，因此本发明的专利保护范围须视本说明书所附的权利要求书所界定者为准。Although the present invention is disclosed above with the foregoing preferred embodiments, it is not intended to limit the present invention. Any skilled person in the art may make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, The scope of patent protection of the present invention shall be defined by the appended claims of this specification.

Claims (10)

1. the connection framework of an Internet of Things, it is characterised in that including:

Client terminal device, has the device of radio communication function, and has particular user identifier；

High in the clouds device, has the function communicated with described client terminal device, identifies by described specific userSymbol confirms that described client terminal device is one of them client terminal device in described Internet of Things；

Act on behalf of servomechanism installation, there is network address and password, and can communicate with described high in the clouds device；And

Wherein, the described described network address acting on behalf of servomechanism installation and described password is provided to give in described high in the clouds device describedAfter described client terminal device in Internet of Things, described client terminal device can only lead to described servomechanism installation of acting on behalf ofLetter, and acted on behalf of servomechanism installation and the device communication of described high in the clouds by described again, in order to by described client terminal deviceOn message reach in the device of described high in the clouds.

2. the connection framework of an Internet of Things, it is characterised in that including:

Multiple client terminal devices, each client terminal device is the device with radio communication function, andEach client terminal device is respectively provided with specific user identifier；

High in the clouds device, has the function communicated with described client terminal device, identifies by described specific userSymbol confirms one of them client terminal device that described client terminal device is in described Internet of Things；

Multiple acting on behalf of servomechanism installation, each is acted on behalf of servomechanism installation and has network address and password, and can be with describedHigh in the clouds device communication；

Wherein, each described described network address acting on behalf of servomechanism installation and described is provided in described high in the clouds deviceAfter password gives the described client terminal device formation pairing at least one described Internet of Things, described client fillsPut and can only act on behalf of servomechanism installation communication with the described of pairing, and acted on behalf of servomechanism installation and described cloud by described againEnd device communicates, in order to the message on each described client terminal device reached in the device of described high in the clouds.

3. the connection framework of Internet of Things as claimed in claim 1 or 2, it is characterised in that described high in the clouds deviceThe described described network address acting on behalf of servomechanism installation and described password is provided to give the described client in described Internet of ThingsDuring device, it is can to select to obtain by several times.

4. the connection framework of Internet of Things as claimed in claim 1 or 2, it is characterised in that described client fillsPut between the device of described high in the clouds the security protocol of the https being use.

5. the connection framework of Internet of Things as claimed in claim 1 or 2, it is characterised in that described act on behalf of servoDevice is that MQTT (Message Queuing Telemetry Transport) communication standard transmits data.

6. the connection framework of Internet of Things as claimed in claim 1 or 2, it is characterised in that when described high in the clouds fillsPut after confirming that described client terminal device is the described client terminal device of one of them in described Internet of Things, instituteState high in the clouds device one dialectical code of client (client uuid) of transmission and the key that exclusive client is used(client_pub_key and client_pri_key) is to described client terminal device.

7. the connection framework of Internet of Things as claimed in claim 6, it is characterised in that described key is that RSM is non-Symmetric key (Asymmetric Key).

8. the connection framework of Internet of Things as claimed in claim 6, it is characterised in that described key is symmetrical expressionKey (Symmetric Key).

9. the connection framework of Internet of Things as claimed in claim 8, it is characterised in that in described be right to keyDuring title formula key, high in the clouds device sets time (the Share_key_expiry date of a variation furtherAnd be passed to this client terminal device time).

10. the connection framework of Internet of Things as claimed in claim 9, it is characterised in that described setting variationTime (Share_key_expiry date time) is periodicity or stochastic variable.