CN104486322A - Terminal access authentication authorization method and terminal access authentication authorization system - Google Patents
Terminal access authentication authorization method and terminal access authentication authorization system Download PDFInfo
- Publication number
- CN104486322A CN104486322A CN201410755407.5A CN201410755407A CN104486322A CN 104486322 A CN104486322 A CN 104486322A CN 201410755407 A CN201410755407 A CN 201410755407A CN 104486322 A CN104486322 A CN 104486322A
- Authority
- CN
- China
- Prior art keywords
- hardware
- terminal equipment
- certificate server
- identification
- feedback
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 claims description 21
- 238000012795 verification Methods 0.000 claims description 11
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 241000931705 Cicada Species 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a terminal access authentication authorization method and a terminal access authentication authorization system, which are applied to terminal equipment. The method comprises the following steps of carrying out hardware authentication on the terminal equipment; if the terminal equipment is authenticated by the hardware authentication, sending an authorization application to an authentication server; receiving a software authentication feedback sent by the authentication server, wherein the software authentication feedback is generated aiming at the authorization application by the authentication server and the terminal equipment obtains business operation authorization from the authentication server when the received software authentication feedback shows that the terminal equipment is allowed to access.
Description
Technical field
The invention belongs to technical field of network security, particularly relate to terminal access authentication authorization method and terminal access authentication authoring system.
Background technology
Traditional or existing terminal access control concentrates on terminal authentication, and mainly verifies client software, realizes the identification certification to client by the local encryption and decryption process of client certificate word string; Next is the login authentication mode adopting terminal user name password to carry out, and this authentication mode is mostly is the authentications carried out for terminal account number; Other carry out verifying and identifying as U-KEY etc. also rests on software view mostly by the terminal software application encipher certification etc. that external hardware equipment carries out, or are encrypted transmission data, or are encrypted transmission etc. to client terminals message.
And at present, go beyond one's commission for such as pseudo-terminal access and terminal, bypass the immediate leadership and access unauthorized information etc., then existing single terminal authentication mode has been difficult to the general safety of guarantee system self.
Summary of the invention
The object of the present invention is to provide a kind of terminal access authentication authorization method and terminal access authentication authoring system, the single terminal authentication mode in prior art that solves has been difficult to the problem of the general safety of guarantee system self.
First aspect, the invention provides a kind of terminal access authentication authorization method, be applied to a terminal equipment, described method comprises: carry out hardware identification to described terminal equipment; If described terminal equipment is by described hardware identification, then initiate authorized application to certificate server; Receive the soft ware authorization feedback that described certificate server sends, wherein, described soft ware authorization is fed back to that described certificate server generates for described authorized application; When the described soft ware authorization feedback sign received allows the access of described terminal equipment, described terminal equipment obtains service operation mandate from described certificate server.
Preferably, described hardware identification is carried out to described terminal equipment, comprising: hardware ID verification is carried out to described terminal equipment, to judge to initiate hardware system certification the need of to described certificate server; If when judged result shows that needs initiate hardware system certification to described certificate server, gather the hardware attributes information of described terminal equipment; By authentication logic, described hardware attributes information is processed, generate the hardware ID corresponding with described hardware attributes information; Described hardware ID is sent to described certificate server, and described hardware ID is used for described certificate server and carries out hardware identification to described terminal equipment; Receive the hardware identification feedback of described certificate server feedback, described hardware identification feedback is for confirming that described hardware ID is legal hardware ID or illegal hardware ID, and described hardware ID is that legal hardware ID characterizes described terminal equipment and passes through hardware identification.
Preferably, judge whether to need to after described certificate server initiates hardware system certification described, described method also comprises: if when judged result shows not need to initiate hardware system certification to described certificate server, then determine that the hardware ID of described terminal equipment is legal hardware ID.
Preferably, if described terminal equipment passes through hardware identification, then initiate authorized application to certificate server, comprise: if described terminal equipment passes through hardware identification, then carry out software merit rating to described terminal equipment, the software systems of described terminal equipment are confirmed, and whether described hardware ID is legal hardware ID; When described software systems confirm that described hardware ID is legal hardware ID, initiate described authorized application to described certificate server.
Second aspect, the invention provides a kind of terminal access authentication authoring system, comprising: hardware identification module, soft ware authorization module, and communication module; Described hardware identification module, for carrying out hardware identification to described terminal equipment; Described soft ware authorization module, if for described terminal equipment by described hardware identification, then call described communication module and initiate authorized application to certificate server; Described communication module, also for receiving the soft ware authorization feedback that described certificate server sends, wherein, described soft ware authorization is fed back to that described certificate server generates for described authorized application; When the described soft ware authorization feedback sign received allows the access of described terminal equipment, described terminal equipment obtains service operation mandate from described certificate server.
Preferably, described system also comprises parameter acquisition module, described hardware identification module specifically for carrying out hardware ID verification to described terminal equipment, to judge to initiate hardware system certification the need of to described certificate server; If when described parameter acquisition module shows that needs initiate hardware system certification to described certificate server specifically for judged result, gather the hardware attributes information of described terminal equipment; Described hardware identification module, also for being processed described hardware attributes information by authentication logic, generates the hardware ID corresponding with described hardware attributes information; Call described communication module, described hardware ID is sent to described certificate server, described hardware ID is used for described certificate server and carries out hardware identification to described terminal equipment;
Described communication module, concrete also for receiving the hardware identification feedback of described certificate server feedback, described hardware identification feedback is for confirming that described hardware ID is legal hardware ID or illegal hardware ID, and described hardware ID is that legal hardware ID characterizes described terminal equipment and passes through hardware identification.
Preferably, described hardware identification module, if when specifically also showing not need to initiate hardware system certification to described certificate server for judged result, then determine that the hardware ID of described terminal equipment is legal hardware ID.
Preferably, described soft ware authorization module, if specifically for described terminal equipment by hardware identification, then carry out software merit rating to described terminal equipment, the software systems of described terminal equipment are confirmed, and whether described hardware ID is legal hardware ID; And when described software systems confirm that described hardware ID is legal hardware ID, call described communication module and initiate described authorized application to described certificate server.
The technical scheme that the embodiment of the present invention provides at least has following technique effect:
Owing to have passed the combination of hardware identification and soft ware authorization: first, based on the ardware feature of terminal equipment, as the identification of equipment CPU sequence number, mainboard sequence number, MAC (Media access control media access control layer) address information and operating system version information etc., carry out the hardware identification by certificate server, the hardware identity of assert terminal equipment, hardware system provides the access security of ground floor: secondly, carry out soft ware authorization, realize the broadcasting territory rights management of media playback software self.Visible, effectively integrating of hardware identification and soft ware authorization two kinds of modes, better ensure that the fail safe in terminal access, effectively stop the various attack for terminal hardware or software access, make terminal equipment really carry out access control management as a complete entity.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to the accompanying drawing provided;
Fig. 1 is the flow chart of the terminal access authentication authorization method in the embodiment of the present invention;
Fig. 2 is the mutual schematic diagram of the terminal access authentication authorization method in the embodiment of the present invention;
Fig. 3 is the module map of the terminal access authentication authoring system in the embodiment of the present invention.
Embodiment
Embodiments provide a kind of terminal access authentication authorization method and terminal access authentication authoring system, solve the problem that single terminal authentication mode of the prior art has been difficult to the general safety of guarantee system self, total thinking is as follows:
First be type and the attribute of identification terminal equipment, certification is carried out to the entity identities of terminal equipment, rational soft ware authorization is carried out subsequently according to authentication result, realize at the correct media information of correct terminal plays, solve the problem of " partially soft " or " partially hard " in terminal equipment access control, make terminal equipment carry out access control management as a complete entity.
In order to better understand technique scheme, below in conjunction with Figure of description and concrete execution mode, technique scheme is described in detail, the specific features being to be understood that in the embodiment of the present application and embodiment is the detailed description to technical scheme, instead of the restriction to technical scheme, when not conflicting, the technical characteristic in the embodiment of the present application and embodiment can combine mutually.
Fig. 1 is the flow chart of the terminal access authentication authorization method in the invention process, this terminal access authentication authorization method is applied to a terminal equipment, this terminal equipment can be media termination, or other need the terminal equipment being linked into service equipment, the type of terminal equipment is not specifically limited herein.
Shown in figure 1, this terminal access authentication authorization method comprises the steps:
S101, hardware identification is carried out to terminal equipment.
Concrete, S101 specifically comprises the steps: when terminal equipment is started shooting, (identity writes to carry out hardware ID to terminal equipment, identify label number) verification, to judge to initiate hardware system certification the need of to certificate server, hardware ID check results proves whether the hardware ID of this terminal equipment is legal hardware ID; When the hardware ID that check results determines this terminal equipment is legal hardware ID, then do not need to initiate hardware system certification to certificate server, the hardware ID determining this terminal equipment when check results is not legal hardware ID, then need to initiate hardware system certification to certificate server.Such as: this terminal equipment equipment is the new equipment do not accessed, or in preset time period, do not have the terminal equipment etc. of access, the hardware ID that all can verify out this terminal equipment is illegal hardware ID.But in specific implementation process, that the hardware ID of the new equipment do not accessed is confirmed as illegal hardware ID, or confirm as illegal hardware ID by there is no the hardware ID of the terminal equipment accessed in preset time period, those skilled in the art can be arranged according to actual needs, do not limit herein.
Specifically, again initiate hardware system certification to certificate server, terminal equipment needs to perform following flow process successively:
The hardware attributes information of step 1, acquisition terminal equipment.
Concrete, by the attribute information of parameter acquisition module acquires terminal equipment.The hardware attributes information gathered comprises the CPU parameter, mainboard parameter, mac address information, OS operating system parameter etc. of terminal equipment.
For example, the CPU sequence number of terminal equipment, mainboard sequence number, MAC Address and operating system version information can be comprised.
Step 2, by authentication logic, hardware attributes information to be processed, generate the hardware ID corresponding with hardware attributes information; Concrete, authentication logic can select existing any one based on the algorithm generating hardware ID, succinct in order to specification, repeats no more herein.
Step 3, hardware ID is sent to certificate server, send to the hardware ID of certificate server to carry out hardware identification for certificate server to described terminal equipment.
Concrete, terminal equipment is encrypted the hardware ID generated, and then by calling communication module, is complained to by hardware ID to certificate server, to initiate hardware system certification to certificate server.Certificate server receives the authentication information that terminal equipment sends, wherein, authentication information comprises the hardware ID of complaining to, and certificate server carries out certification based on the hardware ID of complaining to terminal equipment, judge whether this terminal equipment is legal hardware device, generate hardware identification feedack.Concrete, hardware identification feedack is " certification is passed through " or " certification is not passed through ".
The hardware identification feedback of step 4, terminal equipment reception certificate server feedback, hardware identification feedback is for confirming that hardware ID is legal hardware ID or illegal hardware ID, and hardware ID is that legal hardware ID sign terminal equipment passes through hardware identification.
If, continue to use the mode of step 3, if the hardware identification received is fed back to " certification is passed through ", be then indicated as legal hardware ID; If the hardware identification received is fed back to " certification is not passed through ", be then indicated as illegal hardware ID (i.e. illegal hardware ID).
Preferably, in order to improve fail safe, after generating the hardware ID corresponding with hardware attributes information, by encrypting module, hardware ID is encrypted, and then send to certificate server by communication module, after server receives the enciphered message comprising hardware ID, be decrypted to obtain the hardware ID needing to carry out certification.
Further, in conjunction with any one execution mode above-mentioned, if terminal equipment is by hardware identification, then carry out software merit rating to terminal equipment, the software systems of terminal equipment are confirmed, and whether hardware ID is legal hardware ID; When software systems upon configuration confirm that hardware ID is legal hardware ID, then, S102 is performed.
If S102 terminal equipment is by hardware identification, then initiate authorized application to certificate server.
Concrete, if terminal equipment is by hardware identification, then carry out software I D verification, to judge whether to need to obtain the authorization from certificate server, in specific implementation process, have and carry out software I D and verify two kinds of judged results:
The first: software I D check results shows not need to authorize, then directly allow terminal equipment to access.
The second: software I D check results shows the mandate needing certificate server, then terminal equipment initiates authorized application to certificate server.Concrete, what initiate authorized application can be Authentication Client program in terminal equipment, and send password to be certified to certificate server, certificate server carries out certification to password, generates soft ware authorization feedback.
S103, receive the soft ware authorization feedback that certificate server sends, wherein, soft ware authorization is fed back to that certificate server generates for authorized application.
Concrete, if password authentication passes through, then the actual soft ware authorization feedback generated can be access token, and access token is sent to terminal equipment by certificate server, obtains service operation mandate according to access token.If password authentication does not pass through, then the actual soft ware authorization feedback generated can be the mark etc. of refusal access.
S104, when receive soft ware authorization feedback characterize allow terminal equipment access time, terminal equipment obtains service operation mandate from certificate server.
By above-mentioned S102 ~ S104, technical scheme in the embodiment of the present invention can realize initialization according to the software systems of soft ware authorization feedback result to terminal equipment, for terminal software system is stamped " authenticating water-mark ", client software is authorized, realizes the broadcasting territory rights management of media playback software self.
Below with reference to Fig. 2, for media termination access, the mutual embodiment of terminal access authentication authorization method provided by the present invention is described.
S1: media termination is started shooting;
S2: media termination carries out hardware ID verification, whether checking is legal hardware ID;
S3: media termination judges whether to need to initiate hardware system certification to certificate server according to hardware ID verification, if so, then performs S4, otherwise shows to need first certificate server to initiate hardware system certification, then perform S5 ~ S10 successively.
S4: media termination carries out software I D verification.
S5: media termination call parameters acquisition module, gathers the hardware attributes information of media termination;
S6: media termination generates the generation hardware ID corresponding with hardware attributes information;
S7: media termination encryption hardware ID;
S8: media termination initiates hardware system certification to certificate server;
S9: certificate server is decrypted process to authentication information, obtains hardware ID;
S10: whether certificate server certification hardware ID passes through, wherein, certification is by performing S11; Otherwise forbid that media termination accesses, Certificate Authority process terminates.
S11: media termination judges whether to need to initiate authorized application to certificate server according to software I D verification.If so, then S12 ~ S14 is performed successively; If not perform S14, media termination directly accesses..
S12: media termination initiates authorized application;
S13: certificate server receives authorized application, carries out password authentication.Password authentication success, then to media termination feedback access token, perform S14; Password authentication is unsuccessful, then forbid that media termination accesses, and Certificate Authority process terminates;
S14: media termination accesses successfully, obtains service authorization, plays correct media information.
Based on same inventive concept, the embodiment of the present invention additionally provides a kind of terminal access authentication authoring system, shown in figure 3, comprising: hardware identification module 10, soft ware authorization module 20, and communication module 30.
Hardware identification module 10, for carrying out hardware identification to terminal equipment;
Soft ware authorization module 20, if for terminal equipment by hardware identification, then calling communication module 30 initiates authorized application to certificate server;
Communication module 30, also for receiving the soft ware authorization feedback that certificate server sends, wherein, soft ware authorization is fed back to that certificate server generates for described authorized application; When the soft ware authorization feedback received characterizes the access of permission terminal equipment, terminal equipment obtains service operation mandate from certificate server.
Preferably, described system also comprises parameter acquisition module 40, then hardware identification module 10 is specifically for carrying out hardware ID verification to terminal equipment, to judge to initiate hardware system certification the need of to certificate server;
If when parameter acquisition module 40 specifically also shows that needs initiate hardware system certification to certificate server for judged result, the hardware attributes information of acquisition terminal equipment;
Hardware identification module 10, also for being processed described hardware attributes information by authentication logic, generates the hardware ID corresponding with described hardware attributes information; Calling communication module 30, sends to certificate server by hardware ID, and hardware ID is used for certificate server and carries out hardware identification to terminal equipment;
Communication module 30, specifically also for receiving the hardware identification feedback of certificate server feedback, hardware identification feedback is for confirming that hardware ID is legal hardware ID or illegal hardware ID, and hardware ID is that legal hardware ID sign terminal equipment passes through hardware identification.
Preferably, hardware identification module 10, if when specifically also showing not need to initiate hardware system certification to certificate server for judged result, then determine that the hardware ID of terminal equipment is legal hardware ID.
Preferably, in order to improve fail safe, after generating the hardware ID corresponding with hardware attributes information, be encrypted by encrypting module 50 pairs of hardware IDs, and then send to certificate server by communication module 30, after server receives the enciphered message comprising hardware ID, be decrypted to obtain the hardware ID needing to carry out certification.
Preferably, soft ware authorization module 20, if specifically for terminal equipment by hardware identification, then carry out software merit rating to terminal equipment, the software systems of terminal equipment are confirmed, and whether hardware ID is legal hardware ID; And when software systems confirm that hardware ID is legal hardware ID, calling communication module 30 initiates authorized application to certificate server.
Due to the terminal access authentication authoring system in the embodiment of the present invention, in order to implement, aforementioned terminals access authentication authorization method adopts, so based on the terminal access authentication authorization method introduced in the embodiment of the present invention, those skilled in the art can understand embodiment and its various version of the terminal access authentication authoring system of the present embodiment, so introduce no longer in detail for this terminal access authentication authoring system at this.As long as those skilled in the art implement the high pressure switchgear that terminal access authentication authoring system in the embodiment of the present invention adopts, all belong to the present invention for protection scope.
The technical scheme that the embodiment of the present invention provides at least has following technique effect:
Owing to have passed the combination of hardware identification and soft ware authorization: first, based on the ardware feature of terminal equipment, as the identification of equipment CPU sequence number, mainboard sequence number, MAC (Media access control media access control layer) address information and operating system version information etc., carry out the hardware identification by certificate server, the hardware identity of assert terminal equipment, hardware system provides the access security of ground floor: secondly, carry out soft ware authorization, realize the broadcasting territory rights management of media playback software self.Visible, effectively integrating of hardware identification and soft ware authorization two kinds of modes, better ensure that the fail safe in terminal access, effectively stop the various attack for terminal hardware or software access, make terminal equipment really carry out access control management as a complete entity.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (8)
1. a terminal access authentication authorization method, is applied to a terminal equipment, it is characterized in that, described method comprises:
Hardware identification is carried out to described terminal equipment;
If described terminal equipment is by described hardware identification, then initiate authorized application to certificate server;
Receive the soft ware authorization feedback that described certificate server sends, wherein, described soft ware authorization is fed back to that described certificate server generates for described authorized application;
When the described soft ware authorization feedback sign received allows the access of described terminal equipment, described terminal equipment obtains service operation mandate from described certificate server.
2. the method for claim 1, is characterized in that, describedly carries out hardware identification to described terminal equipment, comprising:
Hardware ID verification is carried out to described terminal equipment, to judge to initiate hardware system certification the need of to described certificate server;
If when judged result shows that needs initiate hardware system certification to described certificate server, gather the hardware attributes information of described terminal equipment;
By authentication logic, described hardware attributes information is processed, generate the hardware ID corresponding with described hardware attributes information;
Described hardware ID is sent to described certificate server, and described hardware ID is used for described certificate server and carries out hardware identification to described terminal equipment;
Receive the hardware identification feedback of described certificate server feedback, described hardware identification feedback is for confirming that described hardware ID is legal hardware ID or illegal hardware ID, and described hardware ID is that legal hardware ID characterizes described terminal equipment and passes through hardware identification.
3. method as claimed in claim 2, is characterized in that, judge whether to need to after described certificate server initiates hardware system certification described, described method also comprises:
If when judged result shows not need to initiate hardware system certification to described certificate server, then determine that the hardware ID of described terminal equipment is legal hardware ID.
4. method as claimed in claim 2 or claim 3, is characterized in that, if described terminal equipment is by hardware identification, then initiates authorized application to certificate server, comprising:
If described terminal equipment is by hardware identification, then carry out software merit rating to described terminal equipment, the software systems of described terminal equipment are confirmed, and whether described hardware ID is legal hardware ID;
When described software systems confirm that described hardware ID is legal hardware ID, initiate described authorized application to described certificate server.
5. a terminal access authentication authoring system, is characterized in that, comprising: hardware identification module, soft ware authorization module, and communication module;
Described hardware identification module, for carrying out hardware identification to described terminal equipment;
Described soft ware authorization module, if for described terminal equipment by described hardware identification, then call described communication module and initiate authorized application to certificate server;
Described communication module, also for receiving the soft ware authorization feedback that described certificate server sends, wherein, described soft ware authorization is fed back to that described certificate server generates for described authorized application; When the described soft ware authorization feedback sign received allows the access of described terminal equipment, described terminal equipment obtains service operation mandate from described certificate server.
6. system as claimed in claim 5, it is characterized in that, described system also comprises parameter acquisition module, described hardware identification module specifically for carrying out hardware ID verification to described terminal equipment, to judge to initiate hardware system certification the need of to described certificate server;
Described parameter acquisition module, if when showing that needs initiate hardware system certification to described certificate server specifically for judged result, gather the hardware attributes information of described terminal equipment;
Described hardware identification module, also for being processed described hardware attributes information by authentication logic, generates the hardware ID corresponding with described hardware attributes information; Call described communication module, described hardware ID is sent to described certificate server, described hardware ID is used for described certificate server and carries out hardware identification to described terminal equipment;
Described communication module, concrete also for receiving the hardware identification feedback of described certificate server feedback, described hardware identification feedback is for confirming that described hardware ID is legal hardware ID or illegal hardware ID, and described hardware ID is that legal hardware ID characterizes described terminal equipment and passes through hardware identification.
7. system as claimed in claim 6, is characterized in that, described hardware identification module, if when specifically also showing not need to initiate hardware system certification to described certificate server for judged result, then determine that the hardware ID of described terminal equipment is legal hardware ID.
8. system as claimed in claims 6 or 7, it is characterized in that, described soft ware authorization module, if pass through hardware identification specifically for described terminal equipment, then carry out software merit rating to described terminal equipment, the software systems of described terminal equipment are confirmed, and whether described hardware ID is legal hardware ID; And when described software systems confirm that described hardware ID is legal hardware ID, call described communication module and initiate described authorized application to described certificate server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410755407.5A CN104486322B (en) | 2014-12-10 | 2014-12-10 | Terminal access authentication authorization method and terminal access authentication authoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410755407.5A CN104486322B (en) | 2014-12-10 | 2014-12-10 | Terminal access authentication authorization method and terminal access authentication authoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104486322A true CN104486322A (en) | 2015-04-01 |
| CN104486322B CN104486322B (en) | 2017-12-26 |
Family
ID=52760826
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410755407.5A Active CN104486322B (en) | 2014-12-10 | 2014-12-10 | Terminal access authentication authorization method and terminal access authentication authoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104486322B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108595939A (en) * | 2018-03-15 | 2018-09-28 | 北京雷石天地电子技术有限公司 | A kind of method and system authorizing external equipment permission |
| CN109756509A (en) * | 2019-01-24 | 2019-05-14 | 太仓红码软件技术有限公司 | A kind of network authentication system and its working method based on information receipt |
| CN112149067A (en) * | 2020-09-29 | 2020-12-29 | 济南博观智能科技有限公司 | Software authorization method, terminal equipment, authorization server and storage medium |
| CN112956156A (en) * | 2021-03-08 | 2021-06-11 | 华为技术有限公司 | Certificate application method and device |
| CN115021936A (en) * | 2022-06-10 | 2022-09-06 | 中国南方电网有限责任公司 | Terminal equipment safety access authentication authorization method and system of remote station |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296240A (en) * | 2008-06-20 | 2008-10-29 | 中国移动通信集团北京有限公司 | Authentication method and system for access to wireless network |
| CN101299727A (en) * | 2008-06-30 | 2008-11-05 | 中兴通讯股份有限公司 | Traffic mirroring method and system based on user |
| CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
-
2014
- 2014-12-10 CN CN201410755407.5A patent/CN104486322B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296240A (en) * | 2008-06-20 | 2008-10-29 | 中国移动通信集团北京有限公司 | Authentication method and system for access to wireless network |
| CN101299727A (en) * | 2008-06-30 | 2008-11-05 | 中兴通讯股份有限公司 | Traffic mirroring method and system based on user |
| CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108595939A (en) * | 2018-03-15 | 2018-09-28 | 北京雷石天地电子技术有限公司 | A kind of method and system authorizing external equipment permission |
| CN109756509A (en) * | 2019-01-24 | 2019-05-14 | 太仓红码软件技术有限公司 | A kind of network authentication system and its working method based on information receipt |
| CN109756509B (en) * | 2019-01-24 | 2021-08-06 | 金润方舟科技股份有限公司 | Network authentication system based on information receipt and working method thereof |
| CN112149067A (en) * | 2020-09-29 | 2020-12-29 | 济南博观智能科技有限公司 | Software authorization method, terminal equipment, authorization server and storage medium |
| CN112149067B (en) * | 2020-09-29 | 2022-10-18 | 济南博观智能科技有限公司 | Software authorization method, terminal equipment, authorization server and storage medium |
| CN112956156A (en) * | 2021-03-08 | 2021-06-11 | 华为技术有限公司 | Certificate application method and device |
| CN115021936A (en) * | 2022-06-10 | 2022-09-06 | 中国南方电网有限责任公司 | Terminal equipment safety access authentication authorization method and system of remote station |
| CN115021936B (en) * | 2022-06-10 | 2023-10-27 | 中国南方电网有限责任公司 | Terminal equipment safety access authentication and authorization method and system of remote site |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104486322B (en) | 2017-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309565B (en) | Security authentication method and device | |
| CN109787988B (en) | Identity strengthening authentication and authorization method and device | |
| CN108390851B (en) | Safe remote control system and method for industrial equipment | |
| CN108684041B (en) | System and method for login authentication | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| CN103995991B (en) | Method for binding hardware information and secret keys in software copyright protection | |
| US9219607B2 (en) | Provisioning sensitive data into third party | |
| CN108123795B (en) | Quantum key chip issuing method, application method, issuing platform and system | |
| CN103079200B (en) | The authentication method of a kind of wireless access, system and wireless router | |
| CN105072125B (en) | A kind of http communication system and method | |
| CN106100836B (en) | A kind of method and system of industrial user's authentication and encryption | |
| CN106452764B (en) | Method for automatically updating identification private key and password system | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN108282779B (en) | Space-ground integrated space information network low-delay anonymous access authentication method | |
| CN101841525A (en) | Secure access method, system and client | |
| CN102438044A (en) | Digital content trusted usage control method based on cloud computing | |
| CN106027251A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
| CN104869102A (en) | Authorization method, device and system based on xAuth protocols | |
| CN104486322A (en) | Terminal access authentication authorization method and terminal access authentication authorization system | |
| CN102281143B (en) | Remote unlocking system of intelligent card | |
| CN106506161A (en) | Method for secret protection and privacy protection device in vehicle communication | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN103634265A (en) | Method, device and system for security authentication | |
| CN107040501B (en) | Authentication method and device based on platform as a service | |
| CN106027473A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Jiang Yimin Inventor before: Fan Xianchang |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication authorization method and terminal access authentication authorization system Effective date of registration: 20181225 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2018420000074 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20200102 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2018420000074 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication authorization method and terminal access authentication authorization system Effective date of registration: 20200528 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2020420000025 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210603 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2020420000025 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication and authorization method and terminal access authentication and authorization system Effective date of registration: 20210611 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2021420000035 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20220615 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2021420000035 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication and authorization method and terminal access authentication and authorization system Effective date of registration: 20220617 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2022420000164 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230615 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2022420000164 |