CN102932374A - Method for communication among network devices in local area network - Google Patents
Method for communication among network devices in local area network Download PDFInfo
- Publication number
- CN102932374A CN102932374A CN2012104781152A CN201210478115A CN102932374A CN 102932374 A CN102932374 A CN 102932374A CN 2012104781152 A CN2012104781152 A CN 2012104781152A CN 201210478115 A CN201210478115 A CN 201210478115A CN 102932374 A CN102932374 A CN 102932374A
- Authority
- CN
- China
- Prior art keywords
- management server
- device management
- network equipment
- password
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a method for communication among network devices in a local area network. The method comprises the following steps: a device management sever randomly distributes IP addresses, user names and passwords to the network devices and sets user operation permissions; users input the distributed user names and passwords to the network devices to perform identity authentication; after the identity authentication is successful, the network devices sends out data communication requests to the device management sever; the device management sever checks the operation permissions of log in users; and if the operation is permitted, data communication is started. According to the invention, the device management sever sets the user operation permissions for the network devices, so that data communication among the network devices can be controlled according to the user operation permissions. If the operation permissions of the network devices need to be changed, the users only need to re-set the operation permissions at the device management sever terminal, so that the management of access permissions among network devices is facilitated, and the data interaction mode among the network devices is more flexible.
Description
Technical field
The present invention relates to a kind of technical field of the computer network, specifically, relate to the means of communication of LA Management Room in a kind of local area network (LAN).
Background technology
The operating right of conventional network equipment is relevant with equipment itself, and after the network equipment networking, general operating right with equipment itself reports to device management server to be put on record.When LA Management Room need to carry out data communication, then the network equipment sent request to device management server, and the operating right that device management server is put on record to equipment checks, if allow operation, then carries out data communication.Like this, in actual application, the operating right such as the needs change network equipment then needs change equipment, is not easy to the rights management of equipment, and the data interaction pattern is dumb.
Summary of the invention
The object of the present invention is to provide the LA Management Room means of communication in a kind of local area network (LAN), solved the present network equipment interconnected after, could revise its operating right by changing the network equipment, cause the rights management complexity of equipment, the technical problem such as the data interaction pattern of equipment room is dumb.
For solving the problems of the technologies described above, the present invention is achieved by the following technical solutions:
The LA Management Room means of communication in a kind of local area network (LAN), described method comprises the steps:
(1) device management server is network equipment Random assignment IP address, user name and password and sets user's operating right;
(2) user carries out authentication with the user name and the Password Input network equipment that distribute;
(3) after the authentication success, the network equipment sends the data communication request to device management server;
(4) device management server checks the operating right of login user;
(5) if allow operation, then begin data communication.
Preferably, in described step (1), device management server is in net devices allocation IP address, and records the MAC Address at net equipment of obtaining the IP address.
Preferably, in described step (1), device management server is network equipment distributing user name and the password that gets access to the IP address, and is stored in the database of device management server.
Device management server repeats for fear of the user name of distributing for the network equipment that networks, in described step (1), when device management server is network equipment distributing user name and password, already present user name compares in the database of elder generation and device management server, if repeat, then regenerate username and password.
Preferably, in the described step (2), the method for authentication is:
(1) network equipment user inputs user name and the password of MAC Address take inquiry as its distribution in device management server;
(2) network equipment sends device management server to after username and password is encrypted, and device management server is verified password;
(3) password authentification is passed through, the Authentication of network device success;
(4) network equipment is behind net, and device management server is deleted username and password corresponding to this network equipment.
In order to guarantee authentication information safety, the described network equipment comprises the PKI that is encrypted for to user name and password, and device management server comprises the private key that is decrypted for to the user name of encrypting and password.
Preferably, in the step (3) of the method for authentication, if password authentification is not passed through, then equipment control affair device sends user name and password error message to the network equipment.
In order to allow the network equipment upgrade in time at the net facility information, in the step (3) of the method for authentication, after device management server is registered the network equipment, the message feedback that will succeed in registration at net equipment, receives that the network equipment of the message that succeeds in registration is updated in the net list of devices to all.
Preferably, in local area network (LAN) in the step of the LA Management Room means of communication (3), after the authentication success, the network equipment sends the request of revising user's operating right to device management server, device management server judges whether user's operating right is made amendment, and result of determination is fed back to the network equipment.
Preferably, the network topology structure of described device management server and the network equipment is hub-and-spoke configuration.This kind structure control is simple, easy, the convenient service of failure diagnosis and isolation.
Compared with prior art, advantage of the present invention and good effect are: after the network equipment networking of the present invention, device management server is that the network equipment is set user's operating right, and LA Management Room is that user's operating right that the network equipment is set is controlled data communication according to network management server.If want to change the operating right of the network equipment, only need reset its operating right at the device management server end and get final product, and have made things convenient for the management of LA Management Room access rights, so that the data interaction pattern of LA Management Room is more flexible.Simultaneously, identity identifying method when the network equipment of the present invention networks has guaranteed that username and password is merely able to use once, the user obtains by MAC Address from device management server and gets final product when equipment networks, do not worry that fingerprint can not gather, password loss etc. is former thereby equipment that cause can not network, and the uneasy congruent problem of the network information that causes of the reasons such as password leakage, loss.
After reading by reference to the accompanying drawings the detailed description of embodiment of the present invention, other characteristics of the present invention and advantage will become clearer.
Description of drawings
Fig. 1 is the flow chart of the interconnected rear means of communication of the network equipment in the prior art.
Fig. 2 is the flow chart of the interconnected rear means of communication of the specific embodiment of the invention network equipment.
Fig. 3 is the topological structure schematic diagram of specific embodiment of the invention device management server and the network equipment.
The flow chart of authentication when Fig. 4 is the networking of the specific embodiment of the invention network equipment.
The flow chart of authentication when Fig. 5 is the networking of the specific embodiment of the invention network equipment.
The flow chart of Fig. 6 authentication when to be the specific embodiment of the invention network equipment network behind the net again.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described in detail.
As shown in Figure 1, briefly introduce the present network equipment interconnected after, the means of communication between the network equipment.Behind the network equipment connecting network, at first the operating right with self is sent to device management server, device management server is put on record to the operating right that the network equipment sends, when LA Management Room need to carry out data communication, at first send request to network management server, network management server checks the operating right of the network equipment, if allow operation, then LA Management Room begins data communication, if do not allow operation, then need change equipment, thereby after changing operating right, operating right is sent to network management server puts on record.This kind mode causes network equipment operating right complex management, and the data interaction pattern is dumb.
Given this, the present invention proposes a kind of device management server is every log equipment distributing user type, i.e. equipment operation authority, and can be according to the request of the network equipment, user type to the network equipment is changed, thereby can control flexibly the method for network equipment data communication.As shown in Figure 2, behind the network equipment connecting network, device management server at first generates user name and password and sets the login user authority, the network equipment by authentication after logging in network, when LA Management Room need to carry out data communication, at first send request to network equipment management server, network equipment management server checks user's operating right, if allow operation, then LA Management Room begins data communication, if do not allow operation, then the network equipment management server end resets user's operating right.Thereby, changing user's operating right such as need, the user type that then only needs to change login account from the network equipment management server end gets final product, and makes things convenient for the management of access rights, and the data interaction pattern is more flexible.
The below carries out in detail concrete introduction to content of the present invention.
The concrete steps of the LA Management Room means of communication are as follows in the local area network (LAN) of present embodiment:
(1) device management server is log equipment distributing IP address, and records the MAC Address of the network equipment that obtains the IP address.Device management server is network equipment distributing user name and the password that gets access to the IP address, and is stored in the database of device management server.Device management server repeats for fear of the user name of distributing for the network equipment that networks, when being network equipment distributing user name and password, already present user name compares in the database of elder generation and device management server, if repeat, then regenerates username and password.
Record format in database is as follows:
| ID | MAC | IPADDR | User name | Password | Whether authentication is passed through |
| ? | ? | ? | ? | ? | ? |
Wherein, ID is sequence number; MAC is MAC Address; IPADDR is the IP address.
In order to guarantee the data security of each log equipment, must stipulate user's operating right, limit some user's access, so user's operating right is classified, comprise administrator, domestic consumer, casual user.Username and password is distributed by device management server, generates that the user can be each user's setting operation authority at the device management server end behind the username and password, if do not set then give tacit consent to into domestic consumer.
The user controls tag format:
| ID | MAC | IPADDR | User name | Password | Whether authentication is passed through | User's operating right 1,2,3 |
| ? | ? | ? | ? | ? | ? | ? |
Wherein, user's operating right is described as follows:
1: the authority of domestic consumer is the partial content that can access other equipment.
2: administrator's authority is the content that can access all devices in the net.
3: casual user's authority can only be by other device accesses.
Default conditions are 1, i.e. domestic consumer.
Wherein, the network topology structure of device management server and the network equipment is hub-and-spoke configuration in the present embodiment.As shown in Figure 3.
(2) user carries out authentication with the user name and the Password Input network equipment that distribute; Shown in Fig. 4,5, the method for authentication is as follows:
A, network equipment user input user name and the password of MAC Address take inquiry as its distribution in device management server; The user is with the login interface of the username and password that inquires input at net equipment.
B, the network equipment is encrypted operation to the username and password of input, and the data after then will encrypting send to device management server, and device management server is verified password.
Equipment is encrypted username and password, and the cryptographic algorithm of employing is RSA cryptographic algorithms.
When device management server end software and the issue of device clients software, utilize RSA Algorithm to generate a pair of PKI and private key, PKI writes the network equipment and is used for user name and password are encrypted, private key is stored in device management server end software and is used for user name and the password encrypted are decrypted, the enciphered data that device management server receives is decrypted into expressly then by doing contrast with the user name of distributing to before this equipment and password enciphered data by private key, contrast is consistent, then authentication success; Otherwise, the authentication failure.
Concrete management process is: the network equipment is encrypted by RSA Algorithm user name and password, and is sent to device management server.
The form that sends packet is as follows:
| 0x01 | Enciphered data | Crc32 |
| ? | ? | ? |
After device management server receives the authentication information of encryption, at first carry out the Crc verification, if the verification failure, then announcement apparatus authentication failure; If verification succeeds uses the RSA private key that authentication information is deciphered, carry out authentication after the deciphering, management success is the announcement apparatus management success then, otherwise announcement apparatus authentication failure.
C, password authentification is passed through, the Authentication of network device success; After device management server was registered equipment, the message feedback that will succeed in registration at net equipment, received that the renewal of the equipment of the message that succeeds in registration is at the net list of devices to all.
D, the network equipment is behind net, and device management server is deleted username and password corresponding to this network equipment.When the network equipment networked again, device management server regenerated username and password to it, carried out identity information management and got final product.
(3) after the authentication success, the network equipment sends the data communication request to device management server; The network equipment can also send the request of revising user's operating right to device management server, and device management server judges whether user's operating right is made amendment, and result of determination is fed back to the network equipment.If authentication is unsuccessful, then equipment control affair device transmission user name and password error message are to the network equipment.
(4) device management server checks the operating right of login user;
(5) if allow operation, then begin data communication.
The below describes as an example of three network equipment A, B, C example, device management server be three network equipment A, B, C to have distributed 3 user names be respectively A1, B1, C1, dynamic assembly an interim local area network (LAN).Device management server is that three network equipments are set user's operating right, A1: administrator, B1: domestic consumer, C1: casual user.If A1 will access the film on B1 and the C1, A1 at first sends the data communication request to device management server, device management server is received user's operating right of checking A1 after the request of A1, finds unrestrictedly, offers A1 and uses so obtain film data from B1 and C1.If B1 will search the film on A1 and the C1, B1 send the data communication request to device management server equally, but the part film on the A1 only has administrator right to access, if will play, then can point out broadcast limited, please again apply for user's operating right.B1 can send the request of revising user's operating right to device management server, device management server judges whether B1 user's operating right is made amendment, if can revise, then device management server is modified to administrator right with the operating right of B1, the such film of B1 on just can normal play A1, if can not revise, then can not modification information feed back to the network equipment.Equally, also A1, B1 can be modified as casual user's authority according to concrete communication needs device management server, C1 is modified as domestic consumer or administrator's authority.The process of change user right comes into force, and does not need client again to login, so that data communication control method of the present invention is come the user is very flexible, uses to the user and to have brought very large convenience.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. the LA Management Room means of communication in the local area network (LAN), it is characterized in that: described method comprises the steps:
(1) device management server is network equipment Random assignment IP address, user name and password and sets user's operating right;
(2) user carries out authentication with the user name and the Password Input network equipment that distribute;
(3) after the authentication success, the network equipment sends the data communication request to device management server;
(4) device management server checks the operating right of login user;
(5) if allow operation, then begin data communication.
2. the LA Management Room means of communication in the local area network (LAN) according to claim 1, it is characterized in that: in described step (1), device management server is in net devices allocation IP address, and records the MAC Address at net equipment of obtaining the IP address.
3. the LA Management Room means of communication in the local area network (LAN) according to claim 1, it is characterized in that: in described step (1), device management server is network equipment distributing user name and the password that gets access to the IP address, and is stored in the database of device management server.
4. the LA Management Room means of communication in the local area network (LAN) according to claim 1, it is characterized in that: in described step (1), when device management server is network equipment distributing user name and password, already present user name compares in the database of elder generation and device management server, if repeat, then regenerate username and password.
5. the LA Management Room means of communication in the local area network (LAN) according to claim 2, it is characterized in that: in the described step (2), the method for authentication is:
(1) network equipment user inputs user name and the password of MAC Address take inquiry as its distribution in device management server;
(2) network equipment sends device management server to after username and password is encrypted, and device management server is verified password;
(3) password authentification is passed through, the Authentication of network device success;
(4) network equipment is behind net, and device management server is deleted username and password corresponding to this network equipment.
6. the LA Management Room means of communication in the local area network (LAN) according to claim 5, it is characterized in that: the described network equipment comprises the PKI that is encrypted for to user name and password, and device management server comprises the private key that is decrypted for to the user name of encrypting and password.
7. the LA Management Room means of communication in the local area network (LAN) according to claim 5 is characterized in that: in described step (3), if password authentification is not passed through, then equipment control affair device sends user name and password error message to the network equipment.
8. the LA Management Room means of communication in the local area network (LAN) according to claim 5, it is characterized in that: in described step (3), after device management server is registered the network equipment, the message feedback that will succeed in registration at net equipment, receives that the network equipment of the message that succeeds in registration is updated in the net list of devices to all.
9. the LA Management Room means of communication in the local area network (LAN) according to claim 1, it is characterized in that: in the described step (3), after the authentication success, the network equipment sends the request of revising user's operating right to device management server, device management server judges whether user's operating right is made amendment, and result of determination is fed back to the network equipment.
10. the LA Management Room means of communication in the described local area network (LAN) of any one according to claim 1-9, it is characterized in that: the network topology structure of described device management server and the network equipment is hub-and-spoke configuration.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104781152A CN102932374A (en) | 2012-11-22 | 2012-11-22 | Method for communication among network devices in local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104781152A CN102932374A (en) | 2012-11-22 | 2012-11-22 | Method for communication among network devices in local area network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102932374A true CN102932374A (en) | 2013-02-13 |
Family
ID=47647076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104781152A Pending CN102932374A (en) | 2012-11-22 | 2012-11-22 | Method for communication among network devices in local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102932374A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935572A (en) * | 2015-04-24 | 2015-09-23 | 普联技术有限公司 | Multilevel privilege management method and device |
| CN108011892A (en) * | 2017-12-26 | 2018-05-08 | 成都智库二八六信息技术有限公司 | A kind of database security management method based on security administration server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166163A (en) * | 2006-10-18 | 2008-04-23 | 浙江工业大学 | Secure intelligent home gateway based on mobile phone remote control |
| CN101369893A (en) * | 2008-10-06 | 2009-02-18 | 中国移动通信集团设计院有限公司 | Method for local area network access authentication of casual user |
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
| CN102611597A (en) * | 2012-04-10 | 2012-07-25 | 中山爱科数字家庭产业孵化基地有限公司 | Method for accessing internet through broadband in free of inputting account and password in different family environments |
-
2012
- 2012-11-22 CN CN2012104781152A patent/CN102932374A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166163A (en) * | 2006-10-18 | 2008-04-23 | 浙江工业大学 | Secure intelligent home gateway based on mobile phone remote control |
| CN101369893A (en) * | 2008-10-06 | 2009-02-18 | 中国移动通信集团设计院有限公司 | Method for local area network access authentication of casual user |
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
| CN102611597A (en) * | 2012-04-10 | 2012-07-25 | 中山爱科数字家庭产业孵化基地有限公司 | Method for accessing internet through broadband in free of inputting account and password in different family environments |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104935572A (en) * | 2015-04-24 | 2015-09-23 | 普联技术有限公司 | Multilevel privilege management method and device |
| CN104935572B (en) * | 2015-04-24 | 2018-07-31 | 普联技术有限公司 | Multi-layer right management method and device |
| CN108011892A (en) * | 2017-12-26 | 2018-05-08 | 成都智库二八六信息技术有限公司 | A kind of database security management method based on security administration server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107579958B (en) | Data management method, device and system | |
| US10469480B2 (en) | System and method for securing data transport between a non-IP endpoint device that is connected to a gateway device and a connected service | |
| US9867051B2 (en) | System and method of verifying integrity of software | |
| CN108964885B (en) | Authentication method, device, system and storage medium | |
| US10084790B2 (en) | Peer to peer enterprise file sharing | |
| EP2658207B1 (en) | Authorization method and terminal device | |
| US8196182B2 (en) | Distributed management of crypto module white lists | |
| WO2012100677A1 (en) | Identity management method and device for mobile terminal | |
| CN110933484A (en) | Management method and device of wireless screen projection equipment | |
| US20150039884A1 (en) | Secure Configuration of Authentication Servers | |
| CN104735087A (en) | Public key algorithm and SSL (security socket layer) protocol based method of optimizing security of multi-cluster Hadoop system | |
| US9571288B2 (en) | Peer to peer enterprise file sharing | |
| US9584508B2 (en) | Peer to peer enterprise file sharing | |
| CN112152778B (en) | Node management method and device and electronic equipment | |
| US20220070172A1 (en) | Methods and systems for enabling identity-based services using a random identifier | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN108289074B (en) | User account login method and device | |
| CN113285932B (en) | Method for acquiring edge service, server and edge device | |
| CN106535089B (en) | Machine-to-machine virtual private network | |
| CN102932219B (en) | The method of dynamic group net facility registration and cancellation | |
| US20050111668A1 (en) | Dynamic source authentication and encryption cryptographic scheme for a group-based secure communication environment | |
| CN107888615B (en) | Safety authentication method for node registration | |
| CN102916982A (en) | Network equipment identity authentication method | |
| US11258782B2 (en) | Peer-to-peer notification system | |
| CN102932374A (en) | Method for communication among network devices in local area network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130213 |