CN108848057A - A kind of method and device of remote secure access - Google Patents
A kind of method and device of remote secure access Download PDFInfo
- Publication number
- CN108848057A CN108848057A CN201810421121.1A CN201810421121A CN108848057A CN 108848057 A CN108848057 A CN 108848057A CN 201810421121 A CN201810421121 A CN 201810421121A CN 108848057 A CN108848057 A CN 108848057A
- Authority
- CN
- China
- Prior art keywords
- target device
- account
- code
- character
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application discloses a kind of method and device of remote secure access, this method includes:After target device receives the account of character terminal transmission, the characteristic information of itself is encrypted, and it is compressed the encrypted characteristic information to obtain the first dynamic code, and two dimensional code is generated using the encrypted characteristic information and the account, the two dimensional code is sent to the character terminal, mobile terminal is enabled to scan the two dimensional code of the character terminal output and obtain the second dynamic code fed back based on the two dimensional code, target device is based on received second dynamic code and first dynamic code carries out matching verifying, if matching is verified, the character terminal is then allowed to remotely access the target device, otherwise do not allow to remotely access the target device.Solves the not high technical problem of safety during remote access network equipment in the prior art.
Description
Technical field
This application involves computer network security technology field more particularly to the methods and dress of a kind of remote secure access
It sets.
Background technique
In current computer techno-stress, usually pass through containment agreement (Secure Shell, SSH) in a local network
It is remotely logged into the network equipment, checks the operation shape of the network equipment, although SSH agreement can encrypt the data of transmission,
But during data transmission, attacker can be by forging the login password of public key acquisition user, and is stepped on using described
It records password and carries out the Telnet network equipment, therefore, be possible to that there are quilts during user's remote access network equipment
Attacker cracks the risk of login password, causes remote access network device security not high.
Summary of the invention
The application provides a kind of remote secure access method and device, sets to solve remote access network in the prior art
The not high technical problem of safety in standby process.
In a first aspect, the embodiment of the present application provides a kind of method of remote secure access, this method includes:Target device with
Character terminal connection encrypts the characteristic information of itself when target device receives the account of character terminal transmission,
In, the characteristic information includes the identification information of the target device, and the encrypted characteristic information compress
To the first dynamic code, two dimensional code is generated using the encrypted characteristic information and the account, the two dimensional code is sent
To the character terminal, mobile terminal is enabled to scan the two dimensional code of the character terminal output and obtain based on institute
The second dynamic code of two dimensional code feedback is stated, then, the target device receives the institute for user's input that the character terminal is sent
The second dynamic code is stated, and second dynamic code and first dynamic code are subjected to matching verifying, if matching is verified,
Allow the character terminal to remotely access the target device, otherwise the character terminal is not allowed to set the target
It is standby to be remotely accessed.
In scheme provided by the embodiments of the present application, target device based on itself characteristic information generate the first dynamic code and
It is generated based on the account that the characteristic information and the character terminal received are sent, output two dimensional code, mobile terminal passes through scanning
The two dimensional code obtain target device the characteristic information and the account, and obtain the fed back based on the two dimensional code
Two dynamic codes, then, target device receive second dynamic code of character terminal user input, and based on second dynamic
Code matches verifying with the dynamic code of first dynamic code, to determine that can the character terminal remotely visit target device
It asks.Therefore, the dynamic code that target device can obtain the characteristic information based on itself verifies, and whether determines character terminal
There is the permission of access target equipment, avoid dynamic code check obstructed out-of-date, character terminal accesses to target device, improves word
Terminal is accorded in the safety of the process remotely accessed to target device.
Second aspect, the embodiment of the present application provide a kind of device of remote secure access, which includes:
Encryption unit, for when receiving the account of character terminal, the characteristic information of itself to be encrypted, wherein
The characteristic information includes the identification information of the target device;
Processing unit, for being compressed the encrypted characteristic information to obtain the first dynamic code, after encryption
The characteristic information and the account generate two dimensional code, and the two dimensional code is sent to the character terminal so that
Mobile terminal can scan the two dimensional code of the character terminal output and obtain second fed back based on the two dimensional code
Dynamic code;
Verification unit, for receiving second dynamic code for user's input that the character terminal is sent, and will be described
Second dynamic code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to institute
It states target device to be remotely accessed, otherwise the character terminal is not allowed to remotely access the target device.
The third aspect, the embodiment of the present application provide a kind of method of remote secure access, and this method includes:Target device with
Character terminal connection, character terminal receive the account of user's input, and the account is sent to target device, so that described
Target device encrypts the characteristic information of itself, then, receives the characteristic information of the target device based on encryption
And the two dimensional code that the account generates, so that mobile terminal obtains the characteristic information and institute by scanning the two dimensional code
Account is stated, then receives the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and dynamically by described second
Code is sent to the target device, finally, receiving the matching verifying knot that the target device is fed back based on second dynamic code
Fruit determines whether the character terminal can access the target device according to the matching verification result.
In the scheme that embodiment provided by the present application provides, mobile terminal passes through characteristic information of the scanning based on target device
The account that the two dimensional code of generation obtains the characteristic information of target device and target device receives, and obtain and be based on the feature
Second dynamic code of information feedback, realizes the conversion by two dimensional code to dynamic code, so that target device can be obtained from character terminal
The second dynamic code of family input is taken, and dynamic code check is carried out according to second dynamic code, determines whether character terminal has
The permission of access target equipment avoids dynamic code check obstructed out-of-date, and character terminal accesses to target device, improves movement
Safety of the terminal in the process remotely accessed to target device.
Optionally, character terminal the second dynamic code for receiving the acquisition for mobile terminal and being fed back based on the two dimensional code it
Before, further include:The character terminal receives whether the acquisition for mobile terminal is had based on the account that the account is fed back
Access the verification result of server permission, wherein the server stores with the account for accessing the server permission;If
The verification result shows that the account has the permission for accessing the server, then the character terminal receives described mobile whole
End obtains the second dynamic code fed back based on the two dimensional code.
In the scheme that embodiment provided by the present application provides, mobile terminal can be based on account feedback by receiving
The account whether have access server permission verification result, determine whether mobile terminal can obtain based on the two dimension
Second dynamic code of code feedback, and then determine that can character terminal obtain second dynamic code, by the pre- of the account
It first verifies, the characteristic information of the account for not accessing server permission and target device is avoided to generate the second dynamic code, reduce dynamic
The workload of state code verifying, saves the working time.
Optionally, character terminal the second dynamic code for receiving the acquisition for mobile terminal and being fed back based on the two dimensional code it
Before, further include:The character terminal is received the acquisition for mobile terminal and is set based on the target that the characteristic information is fed back
The standby verification result whether with legitimacy;If the verification result shows that the target device has legitimacy, the word
Symbol terminal receives the second dynamic code of the two dimensional code feedback that the mobile terminal obtains.
In the scheme that embodiment provided by the present application provides, mobile terminal can be based on the characteristic information by receiving
Whether the target device of feedback has the verification result of legitimacy, to determine whether mobile terminal can obtain based on described
Second dynamic code of two dimensional code feedback, and then determine that can character terminal obtain second dynamic code, by target device
Legitimacy verified in advance, avoid character terminal receive the characteristic information of itself based on illegal target device and
The second dynamic code that the account received generates reduces the workload of dynamic code verifying, saves the working time.
Fourth aspect, the embodiment of the present application provide a kind of device of remote secure access, which includes:
The account for receiving the account of user's input, and is sent to target device, so that described by Transmit-Receive Unit
Target device encrypts the characteristic information of itself;
The Transmit-Receive Unit is also used to receive the characteristic information and the account of the target device based on encryption
The two dimensional code of generation, so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The Transmit-Receive Unit is also used to receive the second dynamic that the acquisition for mobile terminal is fed back based on the two dimensional code
Code, and second dynamic code is sent to the target device;
Determination unit, the matching verification result fed back for receiving the target device based on second dynamic code, root
Determine whether the character terminal can access the target device according to the matching verification result.
Optionally, the Transmit-Receive Unit is also used to:Receiving what the acquisition for mobile terminal was fed back based on the two dimensional code
Whether before second dynamic code, receiving the mobile terminal based on the account that the account is fed back has access server power
The verification result of limit, wherein the server stores with the account for accessing the server permission;If the verification result
Show that the account has the permission for accessing the server, then the character terminal receives the described of the mobile terminal acquisition
Second dynamic code of two dimensional code feedback.
Optionally, the Transmit-Receive Unit is also used to:Receiving what the acquisition for mobile terminal was fed back based on the two dimensional code
Whether before second dynamic code, receiving the mobile terminal based on the target device that the characteristic information is fed back has conjunction
The verification result of method;If the verification result shows that the target device has legitimacy, the character terminal receives institute
State the second dynamic code of the two dimensional code feedback of mobile terminal acquisition.
5th aspect, the embodiment of the present application provide a kind of system of remote secure access, which includes:Character terminal,
Mobile terminal, target device;
The account for receiving the account of user's input, and is sent to the target device by the character terminal;
The target device, the account sent for receiving the character terminal, and by the target device itself
Characteristic information encrypted, compressed the characteristic information of encrypted target device to obtain the first dynamic code, with
And two dimensional code is generated using the encrypted characteristic information and the account, and export the two dimensional code;
The mobile terminal is also used to the feature obtained by the two dimensional code for scanning the target device output
The characteristic information of acquisition and the account are sent to server, receive the server by information and the account
Based on the second dynamic code that the characteristic information generates, and second dynamic code is sent to the character terminal;
The character terminal, is also used to receive second dynamic code that the mobile terminal is sent, and by described second
Dynamic code is sent to the target device;
The target device is also used to receive second dynamic that the character terminal is sent, and according to described second
Dynamic code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to the mesh
Marking device accesses, and otherwise the character terminal is not allowed to access the target device.
6th aspect, the embodiment of the present application provide a kind of communication equipment, which includes:
Memory, for storing computer instruction;
Communication interface, for being communicated with the network equipment;
Processor is communicated to connect with the memory and the communication interface, by executing based in the memory
Calculation machine instruction, to execute any one possibility of method or first aspect described in first aspect when executing the computer instruction
Method described in the method and the third aspect of realization or the third aspect any one method in the cards.
7th aspect, the embodiment of the present application provide a kind of computer readable storage medium, deposit in the readable storage medium storing program for executing
Computer instruction is contained, when described instruction is run on computers, so that computer executes method described in first aspect or the
On the one hand method or the third aspect described in any one method and the third aspect in the cards any one can be able to achieve
Method.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of communication system provided by the embodiment of the present application;
Fig. 2 is a kind of method flow diagram of remote secure access provided by the embodiments of the present application;
Fig. 3 is a kind of structural schematic diagram of the device of remote secure access provided by the embodiments of the present application;
Fig. 4 is a kind of method flow diagram of remote secure access provided by the embodiments of the present application;
Fig. 5 is a kind of structural schematic diagram of the device of remote secure access provided by the embodiments of the present application;
Fig. 6 is a kind of structural schematic diagram of the system of remote secure access provided by the embodiments of the present application;
Fig. 7 is a kind of structural schematic diagram of mobile terminal provided by the embodiments of the present application.
Specific embodiment
In order to keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application make into
One step it is described in detail.
Fig. 1 shows the communication system 100 in the embodiment of the present application, which can be real based on SSH network protocol
It now communicates, but the embodiment of the present application not limits.The system include character terminal 101, target device 102, mobile terminal 103 with
And server 104.Character terminal 101 is used for, and receives the read/write data of user's input, and the read/write data of user's input is sent out
Give target device 102.Target device 102 is used for, and by the data of itself and receives user's input that character terminal is sent
Read/write data is sent to character terminal.Mobile terminal 103 is used for, and obtains the data of character terminal output.Server 104 is used for,
Storing data, and the data sent to received mobile terminal are analyzed and are handled.Character terminal 101 in the embodiment of the present invention
It is attached between target device 102, for example, character terminal can be the desktop computer with communication capacity, the present invention is real
Apply target device involved in example can there are many implementation, such as the monitoring device with radio function, handheld device,
Calculate equipment etc..
The embodiment of the present application one provides a kind of method of remote secure access, and flow chart is as shown in Fig. 2, this method can answer
For communication system shown in FIG. 1.The process of this method is described below.
Step 201, when target device receives the account of character terminal transmission, the characteristic information of itself is added
It is close, wherein the characteristic information includes the identification information of the target device.
Encryption Algorithm is store in the database of target device, which is, for example, Message Digest Algorithm 5
(Message Digest Algorithm5, MD5), certain unlimited specific Encryption Algorithm of system of the embodiment of the present application.When target is set
When the user account that standby reception user is inputted by character terminal, target device is according to md5 encryption algorithm to the spy of target device
Reference breath is encrypted, wherein identification information of the characteristic information of target device for example including target device, the mark of target device
Know information sequence number, physical address and the address Internet protocol (internet protocol, IP) for example including target device
At least one of.
Step 202, target device is compressed the encrypted characteristic information to obtain the first dynamic code, utilizes encryption
The characteristic information and the account afterwards generates two dimensional code.
Target device is after obtaining the encrypted characteristic information, by MD5 algorithm by the encrypted feature
Information is compressed, generate the first dynamic code, wherein first dynamic code can be with time correlation, it is uncertain
Random digit combination, is also possible to the password of dynamic token form.Target device is by the encrypted characteristic information and institute
It states account and is converted to binary data, by the binary data storage to the storage region pre-set, wherein described to deposit
The rectangular area that storage area domain is made of the matrix of multiple particular sizes, such as particular matrix can be the matrix of 21*21 size,
Target device carries out mask process to the rectangular area, obtains chequered with black and white two-dimension code pattern, two dimensional code is, for example, rectangle
The form of figure.
Step 203, the two dimensional code is sent to the character terminal by target device, and mobile terminal is enabled to scan institute
It states the two dimensional code of character terminal output and obtains the second dynamic code fed back based on the two dimensional code.
The character terminal being connected with target device has display screen, and target device is being based on unique characteristics information and is connecing
After the account received generates two dimensional code, which is sent to coupled character terminal, the character terminal can pass through
The two dimensional code is shown that then, mobile terminal passes through the two dimensional code on scanning character terminal display screen by display screen
The account that the characteristic information and user for obtaining the target device that the two dimensional code is included are inputted in character terminal,
The information of the two dimensional code of acquisition is sent to server by the mobile terminal, and the server will be obtained by md5 encryption algorithm
The characteristic information of the target device encrypted, then compressed, generate the second dynamic code, and by second dynamic
Code is sent to the mobile terminal, and the mobile terminal has display screen, and second dynamic code can directly on the screen
Display.
Step 204, target device receives second dynamic code for user's input that the character terminal is sent, and by institute
It states the second dynamic code and first dynamic code carries out matching verifying, if matching is verified, allow the character terminal pair
The target device is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
There is input equipment that can receive the data, such as keyboard, touch display screen etc. of user's input, user on character terminal
The second dynamic code for showing of mobile terminal is inputted on the input equipment of character terminal, described in the character terminal will receive
Second dynamic code is sent to target device, and is store in the target device database based on the generation of unique characteristics information
First dynamic code, when the target device receives second dynamic code for user's input that the character terminal is sent,
The target device matches first dynamic code with second dynamic code, if first dynamic code and described the
Two dynamic codes are identical, then dynamic code matching is verified, and the target device allows the character terminal to carry out target device
Remote access, otherwise, dynamic code matching verifying does not pass through, the target device do not allow the character terminal to target device into
Row remote access.
In scheme provided by the embodiments of the present application, target device receives second dynamic of character terminal user input
Code, and verifying is matched with the dynamic code of first dynamic code based on second dynamic code, to determine the character terminal energy
It is no that the target device is remotely accessed.Therefore, the dynamic that target device can obtain the characteristic information based on itself
Code is verified, and is determined whether character terminal has the permission of access target equipment, is avoided dynamic code check obstructed out-of-date, and character is whole
End accesses to target device, improves character terminal in the safety of the process remotely accessed to target device.
Based on the same inventive concept with embodiment one, the embodiment of the present application two provides a kind of dress of remote secure access
It sets, structural schematic diagram is as shown in figure 3, include:Encryption unit 301, processing unit 302 and verification unit 303, wherein:
Encryption unit 301, for when receiving the account of character terminal, the characteristic information of itself to be encrypted,
In, the characteristic information includes the identification information of target device.
Processing unit 302 utilizes encryption for being compressed the encrypted characteristic information to obtain the first dynamic code
The characteristic information and the account afterwards generates two dimensional code, and the two dimensional code is sent to the character terminal, makes
Mobile terminal can scan the two dimensional code of character terminal output and obtain the fed back based on the two dimensional code
Two dynamic codes.
Verification unit 303, for receiving second dynamic code for user's input that the character terminal is sent, and by institute
It states the second dynamic code and first dynamic code carries out matching verifying, if matching is verified, allow the character terminal pair
The target device is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
The embodiment of the present application three provides a kind of method of remote secure access, and flow chart is as shown in figure 4, this method is specific
Implementation may comprise steps of:
Step 401, character terminal receives the account of user's input, and the account is sent to target device, so that
The target device encrypts the characteristic information of itself.
Such as character terminal has touch display screen or keyboard, then user can directly input account in touch display screen,
Alternatively, user can input account by input units such as keyboards.After the completion of user's input, character terminal account hair ready to receive
Target device is given, after target device receives the account, is encrypted the characteristic information of itself by Encryption Algorithm,
In, about the introduction of Encryption Algorithm, it can refer to embodiment shown in Fig. 2, seldom repeat.
Step 402, it is raw to receive the characteristic information and the account of the target device based on encryption for character terminal
At two dimensional code so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code.
Target device generates two dimensional code based on the characteristic information of itself and the account of the character terminal transmission received, and
The two dimensional code being sent to character terminal, such as character terminal has display screen, then the two dimensional code is directly shown on a display screen,
Mobile terminal can scan the two dimensional code that target device is generated based on the characteristic information of target device by scanning function, to pass through
The two dimensional code obtains the characteristic information of target device and the account of character terminal user input.Wherein, about target device
Characteristic information introduction, can refer to embodiment shown in Fig. 2, seldom repeat.
Step 403, character terminal receives the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and
Second dynamic code is sent to the target device.
The characteristic information of the target device of acquisition is sent to server by mobile terminal, and server will connect according to MD5 algorithm
The characteristic information of the target device received is encrypted, and encrypted characteristic information is carried out compression and generates the second dynamic
Second dynamic code can be sent to mobile device by code, server.Such as mobile terminal has display screen, then second dynamic code
It can show on a display screen, user can directly input second dynamic by touching display screen on character terminal or keyboard
Second dynamic code is sent to target device after second dynamic code for receiving user's input by code, character terminal.
Step 404, character terminal receives the matching verification result that the target device is fed back based on second dynamic code,
Determine whether the character terminal can access the target device according to the matching verification result.
Target device receive character terminal transmission the second dynamic code, and by received second dynamic code be locally stored
The first dynamic code carry out matching verifying, and matching verification result is sent to character terminal in the form of notification message, wherein
If the first identifying code is identical as the second identifying code, matches verification result and be verified for matching, character terminal is tested according to matching
Card result is determined to access target equipment.
In the scheme that embodiment provided by the present application provides, mobile terminal can by scanning target device based on itself
The two dimensional code that characteristic information generates obtains the characteristic information of target device, and is based on the characteristic information by the server and obtains
The second dynamic code is obtained, realizes the conversion by two dimensional code to dynamic code, obtains second so that target device can pass through character terminal
Dynamic code is verified by the matching of dynamic code, to determine whether target device allows character terminal to remotely access it, is mentioned
Safety of the high character terminal in the process remotely accessed to target device.
In addition, in the embodiment of the present application, character terminal receives the acquisition for mobile terminal and is based in order to reduce workload
Before second dynamic code of the two dimensional code feedback, further include:The character terminal receives the mobile terminal based on described
Whether the account of account feedback has the verification result of access server permission, wherein the server stores to have and visit
Ask the account of the server permission;If the verification result shows that the account has the permission for accessing the server, institute
State the second dynamic code that character terminal receives the two dimensional code feedback that the mobile terminal obtains.
Store the account with access server permission, character of the server based on acquisition in the database of server
The account of terminal user's input, judges whether the account number of user's input is weighed with what is stored in server with access server
The account of limit is identical, and the result is sent to mobile terminal in the form of notification message.If notification message shows the account number
Have the access account of server permission identical with what is stored in server, it is determined that the account has the power of access server
Limit, server can generate the second dynamic code based on the characteristic information of target device, and second dynamic code is sent to movement
Terminal, then, user input second dynamic code by the input equipment of character end terminal.If notification message shows the account
Number with stored in server have access server permission account it is not identical, it is determined that the account do not have access service
The permission of device, server will not generate the second dynamic code based on the characteristic information of target device, and process terminates.
In the scheme that embodiment provided by the present application provides, character terminal receives the mobile terminal and is based on the account
Whether the account of feedback has the verification result of access server permission, if verification result shows that the account does not have access
The permission of server, then the process of character terminal remote access target device terminates, and server is not needed upon target device
Characteristic information generates the second dynamic code, avoids character terminal that second dynamic code is sent to target device and carries out dynamic code
With verification process, it is possible to reduce workload saves the working time.
In consideration of it, the character terminal receives the acquisition for mobile terminal and is based on the two dimensional code in the embodiment of the present application
Before second dynamic code of feedback, further include:It is anti-based on the characteristic information that the character terminal receives the mobile terminal
Whether the target device of feedback has the verification result of legitimacy;If the verification result shows that the target device has and closes
Method, then the character terminal receives the second dynamic code of the two dimensional code feedback that the mobile terminal obtains.
Store the sequence number of target device manufacturer announcement in the database of server, server passes through to target device
Characteristic information be decrypted acquisition target device sequence number, and judge the target device sequence number whether with target
The sequence number that device manufacturer announces is identical, and the result is sent to mobile terminal in the form of notification message.If notification message
Indicate that the sequence number is identical as the sequence number that target device manufacturer announces, then server determine target device be put on record it is legal
Equipment, server can generate the second dynamic code based on the characteristic information of target device, and second dynamic code is sent to
Mobile terminal, then, user input second dynamic code by the input equipment of character end terminal.If notification message indicates institute
State that sequence number is not identical as predetermined sequence number, then server determines that target device is the illegal equipment that do not put on record, service
Device will not generate the second dynamic code based on the characteristic information of target device, and process terminates.
In a communications system, the sequence number of each equipment is unique, is just provided before factory, therefore,
Can also judge whether the equipment is legal equipment that target device manufacturer puts on record by the sequence number of target device.
In the scheme that embodiment provided by the present application provides, server obtains target from the identification information of target device and sets
Standby sequence number, and whether as sequence number that target device manufacturer announce identical, and the verifying is tied if verifying the sequence number
Fruit is sent to mobile terminal in the form of notification message, if verification result displaying target equipment is illegal, character terminal
The process of remote access target device terminates, and the characteristic information that server is not needed upon target device generates the second dynamic code,
It avoids character terminal that second dynamic code is sent to target device and carries out dynamic code matching verification process, it is possible to reduce work
Amount saves the working time.
Based on the same inventive concept with embodiment three, the embodiment of the present application four provides a kind of dress of remote secure access
It sets, structural schematic diagram is as shown in figure 5, include:Transmit-Receive Unit 501 and determination unit 502, wherein:
The account for receiving the account of user's input, and is sent to target device by Transmit-Receive Unit 501, so that
The target device encrypts the characteristic information of itself;
The Transmit-Receive Unit 501 is also used to receive the characteristic information of the target device based on encryption and described
The two dimensional code that account generates, so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The Transmit-Receive Unit 501 is also used to receive the acquisition for mobile terminal and moves based on the two dimensional code is fed back second
State code, and second dynamic code is sent to the target device;
Determination unit 502, the matching verification result fed back for receiving the target device based on second dynamic code,
Determine whether the character terminal can access the target device according to the matching verification result.
Optionally, the Transmit-Receive Unit 501 is in receive that the acquisition for mobile terminal fed back based on the two dimensional code second
Before dynamic code, it is also used to:Whether receive the mobile terminal has access to service based on the account that the account is fed back
The verification result of device permission, wherein the server stores with the account for accessing the server permission;If the verifying
The account has the permission for accessing the server as the result is shown, then the character terminal receives what the mobile terminal obtained
Second dynamic code of the two dimensional code feedback.
Optionally, the receiving unit 501 is in receive that the acquisition for mobile terminal fed back based on the two dimensional code second
Before dynamic code, it is also used to:Receive whether the mobile terminal is had based on the target device that the characteristic information is fed back
There is the verification result of legitimacy;If the verification result shows that the target device has legitimacy, the character terminal is connect
Receive the second dynamic code of the two dimensional code feedback that the mobile terminal obtains.
The method of corresponding one of the embodiment of the present invention one or embodiment three remote secure access, the embodiment of the present invention is also
A kind of system of remote secure access is provided, referring to Fig. 6, which includes character terminal 601, target device 602 and movement
Terminal 603.
The account for receiving the account of user's input, and is sent to the target device 602 by character terminal 601;
Target device 602, the account sent for receiving the character terminal 601, and by the target device 602
The characteristic information of itself is encrypted, and the encrypted characteristic information is compressed to obtain the first dynamic code, and utilize
The encrypted characteristic information and the account generate two dimensional code, and the two dimensional code is sent to the character terminal
601;
Character terminal 601 is also used to receive the two dimensional code that the target device 602 is sent, and exports the two dimension
Code;
Mobile terminal 603 is also used to the spy obtained by scanning the two dimensional code that the character terminal 601 exports
Reference breath and the account, are sent to server for the characteristic information and account of acquisition, receive the server base
In the second dynamic code that the characteristic information generates, and second dynamic code is sent to the character terminal 601;
Character terminal 601, is also used to receive second dynamic code that the mobile terminal 603 is sent, and by described the
Two dynamic codes are sent to the target device 602;
Target device 602, is also used to receive second dynamic that the character terminal 601 is sent, and according to described the
Two dynamic codes and first dynamic code carry out matching verifying, if matching is verified, allow 601 pairs of institutes of the character terminal
It states target device 602 to access, the character terminal 601 is not otherwise allowed to access the target device 602.
Optionally, which can also include server 604, please refer to Fig. 6.
Server 604, the characteristic information sent for receiving the mobile terminal 603, and believed based on the feature
Breath verifies whether the target device 602 has legitimacy, however, it is determined that the target device 602 has legitimacy, then is based on institute
State the second dynamic code of characteristic information generation;And/or the identification information judgment of the target device obtained based on the characteristic information
It is whether identical as preset identification information, however, it is determined that the identification information of target device 602 is identical as preset identification information,
The second dynamic code then generated based on the characteristic information, and second dynamic code is sent to the mobile terminal 603.
Fig. 7 is referred to, the embodiment of the present application six provides a kind of communication equipment, which includes:
Memory 701, for storing computer instruction;
Communication interface 702, for being communicated with the network equipment;
Processor 703 is communicated to connect with the memory and the communication interface, for executing in the memory
Computer instruction, to execute method or embodiment one described in embodiment one when executing the computer instruction, any one can
Method described in the method and embodiment three being able to achieve or embodiment three any one method in the cards.
Wherein, receiving unit 303 can be real by communication interface 702 in a kind of device of remote secure access shown in Fig. 3
It is existing.
Receiving unit 501 and transmission unit 503 can be connect by communication in a kind of device of remote secure access shown in fig. 5
Mouthfuls 702 realize, the scanning element 502 and processing unit 504 in a kind of device of remote secure access shown in Fig. 5 can pass through processing
Device 703 is realized.
Based on the same inventive concept of embodiment six, the embodiment of the present application seven provides a kind of computer readable storage medium, institute
It states and is stored with computer instruction in readable storage medium storing program for executing, when described instruction is run on computers, so that computer executes Fig. 2 institute
The method that the method or Fig. 4 the embodiment described that the embodiment shown provides provide.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.)
Formula.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Claims (11)
1. a kind of method of remote secure access, which is characterized in that target device is connect with character terminal, the method includes:
When target device receives the account of character terminal transmission, the characteristic information of itself is encrypted, wherein the spy
Reference breath includes the identification information of the target device;
The target device is compressed the encrypted characteristic information to obtain the first dynamic code, using encrypted described
Characteristic information and the account generate two dimensional code;
The two dimensional code is sent to the character terminal by the target device, enables mobile terminal to scan the character whole
It holds the two dimensional code of output and obtains the second dynamic code fed back based on the two dimensional code;
The target device receives second dynamic code for user's input that the character terminal is sent, and described second is moved
State code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to the target
Equipment is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
2. a kind of device of remote secure access, which is characterized in that described device includes:
Encryption unit, for when receiving the account of character terminal transmission, the characteristic information of itself to be encrypted, wherein
The characteristic information includes the identification information of target device;
Processing unit utilizes encrypted institute for being compressed the encrypted characteristic information to obtain the first dynamic code
It states characteristic information and the account generates two dimensional code, and the two dimensional code is sent to the character terminal, so that mobile
Terminal can scan the two dimensional code of the character terminal output and obtain the second dynamic fed back based on the two dimensional code
Code;
Verification unit, for receiving second dynamic code for user's input that the character terminal is sent, and by described second
Dynamic code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to the mesh
Marking device is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
3. a kind of method of remote secure access, which is characterized in that target device is connect with character terminal, the method includes:
Character terminal receives the account of user's input, and the account is sent to target device, so that the target device
The characteristic information of itself is encrypted;
The character terminal receives the two dimension that the characteristic information and the account of the target device based on encryption generate
Code, so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The character terminal receives the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and by described
Two dynamic codes are sent to the target device;
The character terminal receives the matching verification result that the target device is fed back based on second dynamic code, according to described
Matching verification result determines whether the character terminal can access the target device.
4. method as claimed in claim 3, which is characterized in that the character terminal receives the acquisition for mobile terminal and is based on institute
Before the second dynamic code for stating two dimensional code feedback, further include:
Whether the character terminal receives the mobile terminal has access server based on the account that the account is fed back
The verification result of permission, wherein the server stores with the account for accessing the server permission;
If the verification result shows that the account has the permission for accessing the server, the character terminal receives described
The second dynamic code based on two dimensional code feedback that mobile terminal obtains.
5. method as claimed in claim 3, which is characterized in that the character terminal receives the acquisition for mobile terminal and is based on institute
Before the second dynamic code for stating two dimensional code feedback, further include:
The character terminal receives whether the mobile terminal is had based on the target device that the characteristic information is fed back
The verification result of legitimacy;
If the verification result shows that the target device has legitimacy, the character terminal receives the mobile terminal and obtains
The second dynamic code based on two dimensional code feedback obtained.
6. a kind of device of remote secure access, which is characterized in that including:
The account for receiving the account of user's input, and is sent to target device, so that the target by Transmit-Receive Unit
Equipment encrypts the characteristic information of itself;
The Transmit-Receive Unit is also used to receive the characteristic information and the account of the target device based on encryption and generates
Two dimensional code so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The Transmit-Receive Unit is also used to receive the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and
Second dynamic code is sent to the target device;
Determination unit, the matching verification result fed back for receiving the target device based on second dynamic code, according to institute
It states matching verification result and determines whether the character terminal can access the target device.
7. device as claimed in claim 6, which is characterized in that the Transmit-Receive Unit is also used to:
Before receiving the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, receive described mobile whole
Whether end group has the verification result of access server permission in the account that the account is fed back, wherein the server is deposited
It stores up with the account for accessing the server permission;
If the verification result shows that the account has the permission for accessing the server, the character terminal receives described
The second dynamic code based on two dimensional code feedback that mobile terminal obtains.
8. device as claimed in claim 6, which is characterized in that the Transmit-Receive Unit is also used to:
Before receiving the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, receive described mobile whole
Whether end group has the verification result of legitimacy in the target device that the characteristic information is fed back;
If the verification result shows that the target device has legitimacy, the character terminal receives the mobile terminal and obtains
The second dynamic code based on two dimensional code feedback obtained.
9. a kind of system of remote secure access, which is characterized in that the system comprises:Character terminal, mobile terminal, target are set
It is standby;
The account for receiving the account of user's input, and is sent to the target device by the character terminal;
The target device, the account sent for receiving the character terminal, and by the spy of the target device itself
Reference breath is encrypted, and is compressed the characteristic information of encrypted target device to obtain the first dynamic code, Yi Jili
Two dimensional code is generated with the encrypted characteristic information and the account, and the two dimensional code is sent to the character end
End;
The character terminal is also used to receive the two dimensional code that the target device is sent, and exports the two dimensional code;
The mobile terminal is also used to the characteristic information obtained by the two dimensional code for scanning the character terminal output
And the account, the characteristic information of acquisition and the account are sent to server, the server is received and is based on
The second dynamic code that the characteristic information generates, and second dynamic code is sent to the character terminal;
The character terminal is also used to receive second dynamic code that the mobile terminal is sent, and dynamically by described second
Code is sent to the target device;
The target device is also used to receive second dynamic that the character terminal is sent, and according to second dynamic
Code carries out matching verifying with first dynamic code, if matching is verified, the character terminal is allowed to set the target
It is standby to access, otherwise the character terminal is not allowed to access the target device.
10. a kind of communication equipment, which is characterized in that including:
Memory, for storing computer instruction;
Communication interface, for being communicated with the network equipment;
Processor is communicated to connect with the memory and the communication interface, for executing the computer in the memory
Instruction, to execute the method as described in claim 1,3,4 or 5 when executing the computer instruction.
11. a kind of computer readable storage medium, which is characterized in that it is stored with computer instruction in the readable storage medium storing program for executing,
When described instruction is run on computers, so that computer executes the method as described in claim 1,3,4 or 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810421121.1A CN108848057A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of remote secure access |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810421121.1A CN108848057A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of remote secure access |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108848057A true CN108848057A (en) | 2018-11-20 |
Family
ID=64212833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810421121.1A Pending CN108848057A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of remote secure access |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108848057A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740137A (en) * | 2019-10-22 | 2020-01-31 | 福州汇思博信息技术有限公司 | Android equipment management method based on wifi direct connection without touch screen |
CN113127841A (en) * | 2021-04-23 | 2021-07-16 | 上海科华实验系统有限公司 | Method, device, equipment and storage medium for remotely managing software user |
CN113312535A (en) * | 2021-05-28 | 2021-08-27 | 中铁十一局集团第五工程有限公司 | Engineering measurement intelligent management control cloud platform |
CN113792565A (en) * | 2021-11-15 | 2021-12-14 | 微晟(武汉)技术有限公司 | Two-dimensional code anti-theft method, device, equipment and medium |
CN114338146A (en) * | 2021-12-27 | 2022-04-12 | 中国民航信息网络股份有限公司 | Dynamic code-based crawler-resistant method, system, client and server |
CN117371017A (en) * | 2023-12-08 | 2024-01-09 | 山东三木众合信息科技股份有限公司 | Device management method based on encrypted two-dimension code |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102724299A (en) * | 2012-05-28 | 2012-10-10 | 上海斐讯数据通信技术有限公司 | Remote control system and method for network terminal equipment |
CN103729590A (en) * | 2013-12-27 | 2014-04-16 | 四川长虹电器股份有限公司 | Method, device and system for setting equipment access right |
US20140168344A1 (en) * | 2012-12-14 | 2014-06-19 | Biscotti Inc. | Video Mail Capture, Processing and Distribution |
CN103888436A (en) * | 2012-12-20 | 2014-06-25 | 伊姆西公司 | User authentication method and device |
CN104410813A (en) * | 2014-10-24 | 2015-03-11 | 浙江宇视科技有限公司 | Method and device for binding user account with monitoring equipment in video monitoring system |
CN105099692A (en) * | 2014-05-22 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Safety verification method, device, server and terminal |
CN105722089A (en) * | 2016-03-24 | 2016-06-29 | 浙江风向标科技有限公司 | Equipment authentication method |
CN106302448A (en) * | 2016-08-15 | 2017-01-04 | 中国联合网络通信集团有限公司 | remote access control method and device |
CN107911337A (en) * | 2017-10-11 | 2018-04-13 | 海信集团有限公司 | A kind of apparatus bound method, server and equipment |
-
2018
- 2018-05-04 CN CN201810421121.1A patent/CN108848057A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102724299A (en) * | 2012-05-28 | 2012-10-10 | 上海斐讯数据通信技术有限公司 | Remote control system and method for network terminal equipment |
US20140168344A1 (en) * | 2012-12-14 | 2014-06-19 | Biscotti Inc. | Video Mail Capture, Processing and Distribution |
CN103888436A (en) * | 2012-12-20 | 2014-06-25 | 伊姆西公司 | User authentication method and device |
CN103729590A (en) * | 2013-12-27 | 2014-04-16 | 四川长虹电器股份有限公司 | Method, device and system for setting equipment access right |
CN105099692A (en) * | 2014-05-22 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Safety verification method, device, server and terminal |
CN104410813A (en) * | 2014-10-24 | 2015-03-11 | 浙江宇视科技有限公司 | Method and device for binding user account with monitoring equipment in video monitoring system |
CN105722089A (en) * | 2016-03-24 | 2016-06-29 | 浙江风向标科技有限公司 | Equipment authentication method |
CN106302448A (en) * | 2016-08-15 | 2017-01-04 | 中国联合网络通信集团有限公司 | remote access control method and device |
CN107911337A (en) * | 2017-10-11 | 2018-04-13 | 海信集团有限公司 | A kind of apparatus bound method, server and equipment |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740137A (en) * | 2019-10-22 | 2020-01-31 | 福州汇思博信息技术有限公司 | Android equipment management method based on wifi direct connection without touch screen |
CN113127841A (en) * | 2021-04-23 | 2021-07-16 | 上海科华实验系统有限公司 | Method, device, equipment and storage medium for remotely managing software user |
CN113312535A (en) * | 2021-05-28 | 2021-08-27 | 中铁十一局集团第五工程有限公司 | Engineering measurement intelligent management control cloud platform |
CN113792565A (en) * | 2021-11-15 | 2021-12-14 | 微晟(武汉)技术有限公司 | Two-dimensional code anti-theft method, device, equipment and medium |
CN114338146A (en) * | 2021-12-27 | 2022-04-12 | 中国民航信息网络股份有限公司 | Dynamic code-based crawler-resistant method, system, client and server |
CN114338146B (en) * | 2021-12-27 | 2023-08-15 | 中国民航信息网络股份有限公司 | Anti-crawler method, system, client and server based on dynamic code |
CN117371017A (en) * | 2023-12-08 | 2024-01-09 | 山东三木众合信息科技股份有限公司 | Device management method based on encrypted two-dimension code |
CN117371017B (en) * | 2023-12-08 | 2024-03-01 | 山东三木众合信息科技股份有限公司 | Device management method based on encrypted two-dimension code |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108848057A (en) | A kind of method and device of remote secure access | |
CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
CN104468531B (en) | The authorization method of sensitive data, device and system | |
JP6548667B2 (en) | Method, apparatus and system for providing security checks | |
US20200387594A1 (en) | Graphic Pattern-Based Passcode Generation and Authentication | |
CN101527633B (en) | Method for intelligent key devices to obtain digital certificates | |
CN107040373A (en) | Inter-authentication method and authenticating device | |
CN111314069B (en) | Block chain-based shaking system and method, electronic device and storage medium | |
CN103929400A (en) | Two-dimension code obtaining method, generating method, validation method, device and system | |
CN101689236B (en) | Secure login protocol | |
CN109413096A (en) | A kind of login method and device more applied | |
CN106101159A (en) | Dynamic cipher generating method, dynamic cipher authentication method and device | |
CN104935435A (en) | Login methods, terminal and application server | |
CN109815659A (en) | Safety certifying method, device, electronic equipment and storage medium based on WEB project | |
CN108965324A (en) | A kind of anti-brush method of short message verification code, terminal, server, equipment and medium | |
CN103384249B (en) | Network access verifying method, Apparatus and system, certificate server | |
CN110659899A (en) | Offline payment method, device and equipment | |
CN107872315A (en) | Data processing method and intelligent terminal | |
CN105635164B (en) | The method and apparatus of safety certification | |
CN110135542A (en) | The method, apparatus and system of user's interactive mode Internet of Things verifying based on RF tag | |
CN109495500A (en) | A kind of double factor authentication method based on smart phone | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
KR20130134932A (en) | Method for producing an encrypted file and decrypting the encrypted file, computer readable recording medium a program for implementing the methods | |
CN107172718B (en) | Information processing method and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181120 |