CN108848057A - A kind of method and device of remote secure access - Google Patents

A kind of method and device of remote secure access Download PDF

Info

Publication number
CN108848057A
CN108848057A CN201810421121.1A CN201810421121A CN108848057A CN 108848057 A CN108848057 A CN 108848057A CN 201810421121 A CN201810421121 A CN 201810421121A CN 108848057 A CN108848057 A CN 108848057A
Authority
CN
China
Prior art keywords
target device
account
code
character
characteristic information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810421121.1A
Other languages
Chinese (zh)
Inventor
康国炼
王鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN201810421121.1A priority Critical patent/CN108848057A/en
Publication of CN108848057A publication Critical patent/CN108848057A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This application discloses a kind of method and device of remote secure access, this method includes:After target device receives the account of character terminal transmission, the characteristic information of itself is encrypted, and it is compressed the encrypted characteristic information to obtain the first dynamic code, and two dimensional code is generated using the encrypted characteristic information and the account, the two dimensional code is sent to the character terminal, mobile terminal is enabled to scan the two dimensional code of the character terminal output and obtain the second dynamic code fed back based on the two dimensional code, target device is based on received second dynamic code and first dynamic code carries out matching verifying, if matching is verified, the character terminal is then allowed to remotely access the target device, otherwise do not allow to remotely access the target device.Solves the not high technical problem of safety during remote access network equipment in the prior art.

Description

A kind of method and device of remote secure access
Technical field
This application involves computer network security technology field more particularly to the methods and dress of a kind of remote secure access It sets.
Background technique
In current computer techno-stress, usually pass through containment agreement (Secure Shell, SSH) in a local network It is remotely logged into the network equipment, checks the operation shape of the network equipment, although SSH agreement can encrypt the data of transmission, But during data transmission, attacker can be by forging the login password of public key acquisition user, and is stepped on using described It records password and carries out the Telnet network equipment, therefore, be possible to that there are quilts during user's remote access network equipment Attacker cracks the risk of login password, causes remote access network device security not high.
Summary of the invention
The application provides a kind of remote secure access method and device, sets to solve remote access network in the prior art The not high technical problem of safety in standby process.
In a first aspect, the embodiment of the present application provides a kind of method of remote secure access, this method includes:Target device with Character terminal connection encrypts the characteristic information of itself when target device receives the account of character terminal transmission, In, the characteristic information includes the identification information of the target device, and the encrypted characteristic information compress To the first dynamic code, two dimensional code is generated using the encrypted characteristic information and the account, the two dimensional code is sent To the character terminal, mobile terminal is enabled to scan the two dimensional code of the character terminal output and obtain based on institute The second dynamic code of two dimensional code feedback is stated, then, the target device receives the institute for user's input that the character terminal is sent The second dynamic code is stated, and second dynamic code and first dynamic code are subjected to matching verifying, if matching is verified, Allow the character terminal to remotely access the target device, otherwise the character terminal is not allowed to set the target It is standby to be remotely accessed.
In scheme provided by the embodiments of the present application, target device based on itself characteristic information generate the first dynamic code and It is generated based on the account that the characteristic information and the character terminal received are sent, output two dimensional code, mobile terminal passes through scanning The two dimensional code obtain target device the characteristic information and the account, and obtain the fed back based on the two dimensional code Two dynamic codes, then, target device receive second dynamic code of character terminal user input, and based on second dynamic Code matches verifying with the dynamic code of first dynamic code, to determine that can the character terminal remotely visit target device It asks.Therefore, the dynamic code that target device can obtain the characteristic information based on itself verifies, and whether determines character terminal There is the permission of access target equipment, avoid dynamic code check obstructed out-of-date, character terminal accesses to target device, improves word Terminal is accorded in the safety of the process remotely accessed to target device.
Second aspect, the embodiment of the present application provide a kind of device of remote secure access, which includes:
Encryption unit, for when receiving the account of character terminal, the characteristic information of itself to be encrypted, wherein The characteristic information includes the identification information of the target device;
Processing unit, for being compressed the encrypted characteristic information to obtain the first dynamic code, after encryption The characteristic information and the account generate two dimensional code, and the two dimensional code is sent to the character terminal so that Mobile terminal can scan the two dimensional code of the character terminal output and obtain second fed back based on the two dimensional code Dynamic code;
Verification unit, for receiving second dynamic code for user's input that the character terminal is sent, and will be described Second dynamic code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to institute It states target device to be remotely accessed, otherwise the character terminal is not allowed to remotely access the target device.
The third aspect, the embodiment of the present application provide a kind of method of remote secure access, and this method includes:Target device with Character terminal connection, character terminal receive the account of user's input, and the account is sent to target device, so that described Target device encrypts the characteristic information of itself, then, receives the characteristic information of the target device based on encryption And the two dimensional code that the account generates, so that mobile terminal obtains the characteristic information and institute by scanning the two dimensional code Account is stated, then receives the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and dynamically by described second Code is sent to the target device, finally, receiving the matching verifying knot that the target device is fed back based on second dynamic code Fruit determines whether the character terminal can access the target device according to the matching verification result.
In the scheme that embodiment provided by the present application provides, mobile terminal passes through characteristic information of the scanning based on target device The account that the two dimensional code of generation obtains the characteristic information of target device and target device receives, and obtain and be based on the feature Second dynamic code of information feedback, realizes the conversion by two dimensional code to dynamic code, so that target device can be obtained from character terminal The second dynamic code of family input is taken, and dynamic code check is carried out according to second dynamic code, determines whether character terminal has The permission of access target equipment avoids dynamic code check obstructed out-of-date, and character terminal accesses to target device, improves movement Safety of the terminal in the process remotely accessed to target device.
Optionally, character terminal the second dynamic code for receiving the acquisition for mobile terminal and being fed back based on the two dimensional code it Before, further include:The character terminal receives whether the acquisition for mobile terminal is had based on the account that the account is fed back Access the verification result of server permission, wherein the server stores with the account for accessing the server permission;If The verification result shows that the account has the permission for accessing the server, then the character terminal receives described mobile whole End obtains the second dynamic code fed back based on the two dimensional code.
In the scheme that embodiment provided by the present application provides, mobile terminal can be based on account feedback by receiving The account whether have access server permission verification result, determine whether mobile terminal can obtain based on the two dimension Second dynamic code of code feedback, and then determine that can character terminal obtain second dynamic code, by the pre- of the account It first verifies, the characteristic information of the account for not accessing server permission and target device is avoided to generate the second dynamic code, reduce dynamic The workload of state code verifying, saves the working time.
Optionally, character terminal the second dynamic code for receiving the acquisition for mobile terminal and being fed back based on the two dimensional code it Before, further include:The character terminal is received the acquisition for mobile terminal and is set based on the target that the characteristic information is fed back The standby verification result whether with legitimacy;If the verification result shows that the target device has legitimacy, the word Symbol terminal receives the second dynamic code of the two dimensional code feedback that the mobile terminal obtains.
In the scheme that embodiment provided by the present application provides, mobile terminal can be based on the characteristic information by receiving Whether the target device of feedback has the verification result of legitimacy, to determine whether mobile terminal can obtain based on described Second dynamic code of two dimensional code feedback, and then determine that can character terminal obtain second dynamic code, by target device Legitimacy verified in advance, avoid character terminal receive the characteristic information of itself based on illegal target device and The second dynamic code that the account received generates reduces the workload of dynamic code verifying, saves the working time.
Fourth aspect, the embodiment of the present application provide a kind of device of remote secure access, which includes:
The account for receiving the account of user's input, and is sent to target device, so that described by Transmit-Receive Unit Target device encrypts the characteristic information of itself;
The Transmit-Receive Unit is also used to receive the characteristic information and the account of the target device based on encryption The two dimensional code of generation, so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The Transmit-Receive Unit is also used to receive the second dynamic that the acquisition for mobile terminal is fed back based on the two dimensional code Code, and second dynamic code is sent to the target device;
Determination unit, the matching verification result fed back for receiving the target device based on second dynamic code, root Determine whether the character terminal can access the target device according to the matching verification result.
Optionally, the Transmit-Receive Unit is also used to:Receiving what the acquisition for mobile terminal was fed back based on the two dimensional code Whether before second dynamic code, receiving the mobile terminal based on the account that the account is fed back has access server power The verification result of limit, wherein the server stores with the account for accessing the server permission;If the verification result Show that the account has the permission for accessing the server, then the character terminal receives the described of the mobile terminal acquisition Second dynamic code of two dimensional code feedback.
Optionally, the Transmit-Receive Unit is also used to:Receiving what the acquisition for mobile terminal was fed back based on the two dimensional code Whether before second dynamic code, receiving the mobile terminal based on the target device that the characteristic information is fed back has conjunction The verification result of method;If the verification result shows that the target device has legitimacy, the character terminal receives institute State the second dynamic code of the two dimensional code feedback of mobile terminal acquisition.
5th aspect, the embodiment of the present application provide a kind of system of remote secure access, which includes:Character terminal, Mobile terminal, target device;
The account for receiving the account of user's input, and is sent to the target device by the character terminal;
The target device, the account sent for receiving the character terminal, and by the target device itself Characteristic information encrypted, compressed the characteristic information of encrypted target device to obtain the first dynamic code, with And two dimensional code is generated using the encrypted characteristic information and the account, and export the two dimensional code;
The mobile terminal is also used to the feature obtained by the two dimensional code for scanning the target device output The characteristic information of acquisition and the account are sent to server, receive the server by information and the account Based on the second dynamic code that the characteristic information generates, and second dynamic code is sent to the character terminal;
The character terminal, is also used to receive second dynamic code that the mobile terminal is sent, and by described second Dynamic code is sent to the target device;
The target device is also used to receive second dynamic that the character terminal is sent, and according to described second Dynamic code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to the mesh Marking device accesses, and otherwise the character terminal is not allowed to access the target device.
6th aspect, the embodiment of the present application provide a kind of communication equipment, which includes:
Memory, for storing computer instruction;
Communication interface, for being communicated with the network equipment;
Processor is communicated to connect with the memory and the communication interface, by executing based in the memory Calculation machine instruction, to execute any one possibility of method or first aspect described in first aspect when executing the computer instruction Method described in the method and the third aspect of realization or the third aspect any one method in the cards.
7th aspect, the embodiment of the present application provide a kind of computer readable storage medium, deposit in the readable storage medium storing program for executing Computer instruction is contained, when described instruction is run on computers, so that computer executes method described in first aspect or the On the one hand method or the third aspect described in any one method and the third aspect in the cards any one can be able to achieve Method.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of communication system provided by the embodiment of the present application;
Fig. 2 is a kind of method flow diagram of remote secure access provided by the embodiments of the present application;
Fig. 3 is a kind of structural schematic diagram of the device of remote secure access provided by the embodiments of the present application;
Fig. 4 is a kind of method flow diagram of remote secure access provided by the embodiments of the present application;
Fig. 5 is a kind of structural schematic diagram of the device of remote secure access provided by the embodiments of the present application;
Fig. 6 is a kind of structural schematic diagram of the system of remote secure access provided by the embodiments of the present application;
Fig. 7 is a kind of structural schematic diagram of mobile terminal provided by the embodiments of the present application.
Specific embodiment
In order to keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application make into One step it is described in detail.
Fig. 1 shows the communication system 100 in the embodiment of the present application, which can be real based on SSH network protocol It now communicates, but the embodiment of the present application not limits.The system include character terminal 101, target device 102, mobile terminal 103 with And server 104.Character terminal 101 is used for, and receives the read/write data of user's input, and the read/write data of user's input is sent out Give target device 102.Target device 102 is used for, and by the data of itself and receives user's input that character terminal is sent Read/write data is sent to character terminal.Mobile terminal 103 is used for, and obtains the data of character terminal output.Server 104 is used for, Storing data, and the data sent to received mobile terminal are analyzed and are handled.Character terminal 101 in the embodiment of the present invention It is attached between target device 102, for example, character terminal can be the desktop computer with communication capacity, the present invention is real Apply target device involved in example can there are many implementation, such as the monitoring device with radio function, handheld device, Calculate equipment etc..
The embodiment of the present application one provides a kind of method of remote secure access, and flow chart is as shown in Fig. 2, this method can answer For communication system shown in FIG. 1.The process of this method is described below.
Step 201, when target device receives the account of character terminal transmission, the characteristic information of itself is added It is close, wherein the characteristic information includes the identification information of the target device.
Encryption Algorithm is store in the database of target device, which is, for example, Message Digest Algorithm 5 (Message Digest Algorithm5, MD5), certain unlimited specific Encryption Algorithm of system of the embodiment of the present application.When target is set When the user account that standby reception user is inputted by character terminal, target device is according to md5 encryption algorithm to the spy of target device Reference breath is encrypted, wherein identification information of the characteristic information of target device for example including target device, the mark of target device Know information sequence number, physical address and the address Internet protocol (internet protocol, IP) for example including target device At least one of.
Step 202, target device is compressed the encrypted characteristic information to obtain the first dynamic code, utilizes encryption The characteristic information and the account afterwards generates two dimensional code.
Target device is after obtaining the encrypted characteristic information, by MD5 algorithm by the encrypted feature Information is compressed, generate the first dynamic code, wherein first dynamic code can be with time correlation, it is uncertain Random digit combination, is also possible to the password of dynamic token form.Target device is by the encrypted characteristic information and institute It states account and is converted to binary data, by the binary data storage to the storage region pre-set, wherein described to deposit The rectangular area that storage area domain is made of the matrix of multiple particular sizes, such as particular matrix can be the matrix of 21*21 size, Target device carries out mask process to the rectangular area, obtains chequered with black and white two-dimension code pattern, two dimensional code is, for example, rectangle The form of figure.
Step 203, the two dimensional code is sent to the character terminal by target device, and mobile terminal is enabled to scan institute It states the two dimensional code of character terminal output and obtains the second dynamic code fed back based on the two dimensional code.
The character terminal being connected with target device has display screen, and target device is being based on unique characteristics information and is connecing After the account received generates two dimensional code, which is sent to coupled character terminal, the character terminal can pass through The two dimensional code is shown that then, mobile terminal passes through the two dimensional code on scanning character terminal display screen by display screen The account that the characteristic information and user for obtaining the target device that the two dimensional code is included are inputted in character terminal, The information of the two dimensional code of acquisition is sent to server by the mobile terminal, and the server will be obtained by md5 encryption algorithm The characteristic information of the target device encrypted, then compressed, generate the second dynamic code, and by second dynamic Code is sent to the mobile terminal, and the mobile terminal has display screen, and second dynamic code can directly on the screen Display.
Step 204, target device receives second dynamic code for user's input that the character terminal is sent, and by institute It states the second dynamic code and first dynamic code carries out matching verifying, if matching is verified, allow the character terminal pair The target device is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
There is input equipment that can receive the data, such as keyboard, touch display screen etc. of user's input, user on character terminal The second dynamic code for showing of mobile terminal is inputted on the input equipment of character terminal, described in the character terminal will receive Second dynamic code is sent to target device, and is store in the target device database based on the generation of unique characteristics information First dynamic code, when the target device receives second dynamic code for user's input that the character terminal is sent, The target device matches first dynamic code with second dynamic code, if first dynamic code and described the Two dynamic codes are identical, then dynamic code matching is verified, and the target device allows the character terminal to carry out target device Remote access, otherwise, dynamic code matching verifying does not pass through, the target device do not allow the character terminal to target device into Row remote access.
In scheme provided by the embodiments of the present application, target device receives second dynamic of character terminal user input Code, and verifying is matched with the dynamic code of first dynamic code based on second dynamic code, to determine the character terminal energy It is no that the target device is remotely accessed.Therefore, the dynamic that target device can obtain the characteristic information based on itself Code is verified, and is determined whether character terminal has the permission of access target equipment, is avoided dynamic code check obstructed out-of-date, and character is whole End accesses to target device, improves character terminal in the safety of the process remotely accessed to target device.
Based on the same inventive concept with embodiment one, the embodiment of the present application two provides a kind of dress of remote secure access It sets, structural schematic diagram is as shown in figure 3, include:Encryption unit 301, processing unit 302 and verification unit 303, wherein:
Encryption unit 301, for when receiving the account of character terminal, the characteristic information of itself to be encrypted, In, the characteristic information includes the identification information of target device.
Processing unit 302 utilizes encryption for being compressed the encrypted characteristic information to obtain the first dynamic code The characteristic information and the account afterwards generates two dimensional code, and the two dimensional code is sent to the character terminal, makes Mobile terminal can scan the two dimensional code of character terminal output and obtain the fed back based on the two dimensional code Two dynamic codes.
Verification unit 303, for receiving second dynamic code for user's input that the character terminal is sent, and by institute It states the second dynamic code and first dynamic code carries out matching verifying, if matching is verified, allow the character terminal pair The target device is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
The embodiment of the present application three provides a kind of method of remote secure access, and flow chart is as shown in figure 4, this method is specific Implementation may comprise steps of:
Step 401, character terminal receives the account of user's input, and the account is sent to target device, so that The target device encrypts the characteristic information of itself.
Such as character terminal has touch display screen or keyboard, then user can directly input account in touch display screen, Alternatively, user can input account by input units such as keyboards.After the completion of user's input, character terminal account hair ready to receive Target device is given, after target device receives the account, is encrypted the characteristic information of itself by Encryption Algorithm, In, about the introduction of Encryption Algorithm, it can refer to embodiment shown in Fig. 2, seldom repeat.
Step 402, it is raw to receive the characteristic information and the account of the target device based on encryption for character terminal At two dimensional code so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code.
Target device generates two dimensional code based on the characteristic information of itself and the account of the character terminal transmission received, and The two dimensional code being sent to character terminal, such as character terminal has display screen, then the two dimensional code is directly shown on a display screen, Mobile terminal can scan the two dimensional code that target device is generated based on the characteristic information of target device by scanning function, to pass through The two dimensional code obtains the characteristic information of target device and the account of character terminal user input.Wherein, about target device Characteristic information introduction, can refer to embodiment shown in Fig. 2, seldom repeat.
Step 403, character terminal receives the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and Second dynamic code is sent to the target device.
The characteristic information of the target device of acquisition is sent to server by mobile terminal, and server will connect according to MD5 algorithm The characteristic information of the target device received is encrypted, and encrypted characteristic information is carried out compression and generates the second dynamic Second dynamic code can be sent to mobile device by code, server.Such as mobile terminal has display screen, then second dynamic code It can show on a display screen, user can directly input second dynamic by touching display screen on character terminal or keyboard Second dynamic code is sent to target device after second dynamic code for receiving user's input by code, character terminal.
Step 404, character terminal receives the matching verification result that the target device is fed back based on second dynamic code, Determine whether the character terminal can access the target device according to the matching verification result.
Target device receive character terminal transmission the second dynamic code, and by received second dynamic code be locally stored The first dynamic code carry out matching verifying, and matching verification result is sent to character terminal in the form of notification message, wherein If the first identifying code is identical as the second identifying code, matches verification result and be verified for matching, character terminal is tested according to matching Card result is determined to access target equipment.
In the scheme that embodiment provided by the present application provides, mobile terminal can by scanning target device based on itself The two dimensional code that characteristic information generates obtains the characteristic information of target device, and is based on the characteristic information by the server and obtains The second dynamic code is obtained, realizes the conversion by two dimensional code to dynamic code, obtains second so that target device can pass through character terminal Dynamic code is verified by the matching of dynamic code, to determine whether target device allows character terminal to remotely access it, is mentioned Safety of the high character terminal in the process remotely accessed to target device.
In addition, in the embodiment of the present application, character terminal receives the acquisition for mobile terminal and is based in order to reduce workload Before second dynamic code of the two dimensional code feedback, further include:The character terminal receives the mobile terminal based on described Whether the account of account feedback has the verification result of access server permission, wherein the server stores to have and visit Ask the account of the server permission;If the verification result shows that the account has the permission for accessing the server, institute State the second dynamic code that character terminal receives the two dimensional code feedback that the mobile terminal obtains.
Store the account with access server permission, character of the server based on acquisition in the database of server The account of terminal user's input, judges whether the account number of user's input is weighed with what is stored in server with access server The account of limit is identical, and the result is sent to mobile terminal in the form of notification message.If notification message shows the account number Have the access account of server permission identical with what is stored in server, it is determined that the account has the power of access server Limit, server can generate the second dynamic code based on the characteristic information of target device, and second dynamic code is sent to movement Terminal, then, user input second dynamic code by the input equipment of character end terminal.If notification message shows the account Number with stored in server have access server permission account it is not identical, it is determined that the account do not have access service The permission of device, server will not generate the second dynamic code based on the characteristic information of target device, and process terminates.
In the scheme that embodiment provided by the present application provides, character terminal receives the mobile terminal and is based on the account Whether the account of feedback has the verification result of access server permission, if verification result shows that the account does not have access The permission of server, then the process of character terminal remote access target device terminates, and server is not needed upon target device Characteristic information generates the second dynamic code, avoids character terminal that second dynamic code is sent to target device and carries out dynamic code With verification process, it is possible to reduce workload saves the working time.
In consideration of it, the character terminal receives the acquisition for mobile terminal and is based on the two dimensional code in the embodiment of the present application Before second dynamic code of feedback, further include:It is anti-based on the characteristic information that the character terminal receives the mobile terminal Whether the target device of feedback has the verification result of legitimacy;If the verification result shows that the target device has and closes Method, then the character terminal receives the second dynamic code of the two dimensional code feedback that the mobile terminal obtains.
Store the sequence number of target device manufacturer announcement in the database of server, server passes through to target device Characteristic information be decrypted acquisition target device sequence number, and judge the target device sequence number whether with target The sequence number that device manufacturer announces is identical, and the result is sent to mobile terminal in the form of notification message.If notification message Indicate that the sequence number is identical as the sequence number that target device manufacturer announces, then server determine target device be put on record it is legal Equipment, server can generate the second dynamic code based on the characteristic information of target device, and second dynamic code is sent to Mobile terminal, then, user input second dynamic code by the input equipment of character end terminal.If notification message indicates institute State that sequence number is not identical as predetermined sequence number, then server determines that target device is the illegal equipment that do not put on record, service Device will not generate the second dynamic code based on the characteristic information of target device, and process terminates.
In a communications system, the sequence number of each equipment is unique, is just provided before factory, therefore, Can also judge whether the equipment is legal equipment that target device manufacturer puts on record by the sequence number of target device.
In the scheme that embodiment provided by the present application provides, server obtains target from the identification information of target device and sets Standby sequence number, and whether as sequence number that target device manufacturer announce identical, and the verifying is tied if verifying the sequence number Fruit is sent to mobile terminal in the form of notification message, if verification result displaying target equipment is illegal, character terminal The process of remote access target device terminates, and the characteristic information that server is not needed upon target device generates the second dynamic code, It avoids character terminal that second dynamic code is sent to target device and carries out dynamic code matching verification process, it is possible to reduce work Amount saves the working time.
Based on the same inventive concept with embodiment three, the embodiment of the present application four provides a kind of dress of remote secure access It sets, structural schematic diagram is as shown in figure 5, include:Transmit-Receive Unit 501 and determination unit 502, wherein:
The account for receiving the account of user's input, and is sent to target device by Transmit-Receive Unit 501, so that The target device encrypts the characteristic information of itself;
The Transmit-Receive Unit 501 is also used to receive the characteristic information of the target device based on encryption and described The two dimensional code that account generates, so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The Transmit-Receive Unit 501 is also used to receive the acquisition for mobile terminal and moves based on the two dimensional code is fed back second State code, and second dynamic code is sent to the target device;
Determination unit 502, the matching verification result fed back for receiving the target device based on second dynamic code, Determine whether the character terminal can access the target device according to the matching verification result.
Optionally, the Transmit-Receive Unit 501 is in receive that the acquisition for mobile terminal fed back based on the two dimensional code second Before dynamic code, it is also used to:Whether receive the mobile terminal has access to service based on the account that the account is fed back The verification result of device permission, wherein the server stores with the account for accessing the server permission;If the verifying The account has the permission for accessing the server as the result is shown, then the character terminal receives what the mobile terminal obtained Second dynamic code of the two dimensional code feedback.
Optionally, the receiving unit 501 is in receive that the acquisition for mobile terminal fed back based on the two dimensional code second Before dynamic code, it is also used to:Receive whether the mobile terminal is had based on the target device that the characteristic information is fed back There is the verification result of legitimacy;If the verification result shows that the target device has legitimacy, the character terminal is connect Receive the second dynamic code of the two dimensional code feedback that the mobile terminal obtains.
The method of corresponding one of the embodiment of the present invention one or embodiment three remote secure access, the embodiment of the present invention is also A kind of system of remote secure access is provided, referring to Fig. 6, which includes character terminal 601, target device 602 and movement Terminal 603.
The account for receiving the account of user's input, and is sent to the target device 602 by character terminal 601;
Target device 602, the account sent for receiving the character terminal 601, and by the target device 602 The characteristic information of itself is encrypted, and the encrypted characteristic information is compressed to obtain the first dynamic code, and utilize The encrypted characteristic information and the account generate two dimensional code, and the two dimensional code is sent to the character terminal 601;
Character terminal 601 is also used to receive the two dimensional code that the target device 602 is sent, and exports the two dimension Code;
Mobile terminal 603 is also used to the spy obtained by scanning the two dimensional code that the character terminal 601 exports Reference breath and the account, are sent to server for the characteristic information and account of acquisition, receive the server base In the second dynamic code that the characteristic information generates, and second dynamic code is sent to the character terminal 601;
Character terminal 601, is also used to receive second dynamic code that the mobile terminal 603 is sent, and by described the Two dynamic codes are sent to the target device 602;
Target device 602, is also used to receive second dynamic that the character terminal 601 is sent, and according to described the Two dynamic codes and first dynamic code carry out matching verifying, if matching is verified, allow 601 pairs of institutes of the character terminal It states target device 602 to access, the character terminal 601 is not otherwise allowed to access the target device 602.
Optionally, which can also include server 604, please refer to Fig. 6.
Server 604, the characteristic information sent for receiving the mobile terminal 603, and believed based on the feature Breath verifies whether the target device 602 has legitimacy, however, it is determined that the target device 602 has legitimacy, then is based on institute State the second dynamic code of characteristic information generation;And/or the identification information judgment of the target device obtained based on the characteristic information It is whether identical as preset identification information, however, it is determined that the identification information of target device 602 is identical as preset identification information, The second dynamic code then generated based on the characteristic information, and second dynamic code is sent to the mobile terminal 603.
Fig. 7 is referred to, the embodiment of the present application six provides a kind of communication equipment, which includes:
Memory 701, for storing computer instruction;
Communication interface 702, for being communicated with the network equipment;
Processor 703 is communicated to connect with the memory and the communication interface, for executing in the memory Computer instruction, to execute method or embodiment one described in embodiment one when executing the computer instruction, any one can Method described in the method and embodiment three being able to achieve or embodiment three any one method in the cards.
Wherein, receiving unit 303 can be real by communication interface 702 in a kind of device of remote secure access shown in Fig. 3 It is existing.
Receiving unit 501 and transmission unit 503 can be connect by communication in a kind of device of remote secure access shown in fig. 5 Mouthfuls 702 realize, the scanning element 502 and processing unit 504 in a kind of device of remote secure access shown in Fig. 5 can pass through processing Device 703 is realized.
Based on the same inventive concept of embodiment six, the embodiment of the present application seven provides a kind of computer readable storage medium, institute It states and is stored with computer instruction in readable storage medium storing program for executing, when described instruction is run on computers, so that computer executes Fig. 2 institute The method that the method or Fig. 4 the embodiment described that the embodiment shown provides provide.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.) Formula.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

Claims (11)

1. a kind of method of remote secure access, which is characterized in that target device is connect with character terminal, the method includes:
When target device receives the account of character terminal transmission, the characteristic information of itself is encrypted, wherein the spy Reference breath includes the identification information of the target device;
The target device is compressed the encrypted characteristic information to obtain the first dynamic code, using encrypted described Characteristic information and the account generate two dimensional code;
The two dimensional code is sent to the character terminal by the target device, enables mobile terminal to scan the character whole It holds the two dimensional code of output and obtains the second dynamic code fed back based on the two dimensional code;
The target device receives second dynamic code for user's input that the character terminal is sent, and described second is moved State code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to the target Equipment is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
2. a kind of device of remote secure access, which is characterized in that described device includes:
Encryption unit, for when receiving the account of character terminal transmission, the characteristic information of itself to be encrypted, wherein The characteristic information includes the identification information of target device;
Processing unit utilizes encrypted institute for being compressed the encrypted characteristic information to obtain the first dynamic code It states characteristic information and the account generates two dimensional code, and the two dimensional code is sent to the character terminal, so that mobile Terminal can scan the two dimensional code of the character terminal output and obtain the second dynamic fed back based on the two dimensional code Code;
Verification unit, for receiving second dynamic code for user's input that the character terminal is sent, and by described second Dynamic code and first dynamic code carry out matching verifying, if matching is verified, allow the character terminal to the mesh Marking device is remotely accessed, and otherwise the character terminal is not allowed to remotely access the target device.
3. a kind of method of remote secure access, which is characterized in that target device is connect with character terminal, the method includes:
Character terminal receives the account of user's input, and the account is sent to target device, so that the target device The characteristic information of itself is encrypted;
The character terminal receives the two dimension that the characteristic information and the account of the target device based on encryption generate Code, so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The character terminal receives the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and by described Two dynamic codes are sent to the target device;
The character terminal receives the matching verification result that the target device is fed back based on second dynamic code, according to described Matching verification result determines whether the character terminal can access the target device.
4. method as claimed in claim 3, which is characterized in that the character terminal receives the acquisition for mobile terminal and is based on institute Before the second dynamic code for stating two dimensional code feedback, further include:
Whether the character terminal receives the mobile terminal has access server based on the account that the account is fed back The verification result of permission, wherein the server stores with the account for accessing the server permission;
If the verification result shows that the account has the permission for accessing the server, the character terminal receives described The second dynamic code based on two dimensional code feedback that mobile terminal obtains.
5. method as claimed in claim 3, which is characterized in that the character terminal receives the acquisition for mobile terminal and is based on institute Before the second dynamic code for stating two dimensional code feedback, further include:
The character terminal receives whether the mobile terminal is had based on the target device that the characteristic information is fed back The verification result of legitimacy;
If the verification result shows that the target device has legitimacy, the character terminal receives the mobile terminal and obtains The second dynamic code based on two dimensional code feedback obtained.
6. a kind of device of remote secure access, which is characterized in that including:
The account for receiving the account of user's input, and is sent to target device, so that the target by Transmit-Receive Unit Equipment encrypts the characteristic information of itself;
The Transmit-Receive Unit is also used to receive the characteristic information and the account of the target device based on encryption and generates Two dimensional code so that mobile terminal obtains the characteristic information and the account by scanning the two dimensional code;
The Transmit-Receive Unit is also used to receive the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, and Second dynamic code is sent to the target device;
Determination unit, the matching verification result fed back for receiving the target device based on second dynamic code, according to institute It states matching verification result and determines whether the character terminal can access the target device.
7. device as claimed in claim 6, which is characterized in that the Transmit-Receive Unit is also used to:
Before receiving the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, receive described mobile whole Whether end group has the verification result of access server permission in the account that the account is fed back, wherein the server is deposited It stores up with the account for accessing the server permission;
If the verification result shows that the account has the permission for accessing the server, the character terminal receives described The second dynamic code based on two dimensional code feedback that mobile terminal obtains.
8. device as claimed in claim 6, which is characterized in that the Transmit-Receive Unit is also used to:
Before receiving the second dynamic code that the acquisition for mobile terminal is fed back based on the two dimensional code, receive described mobile whole Whether end group has the verification result of legitimacy in the target device that the characteristic information is fed back;
If the verification result shows that the target device has legitimacy, the character terminal receives the mobile terminal and obtains The second dynamic code based on two dimensional code feedback obtained.
9. a kind of system of remote secure access, which is characterized in that the system comprises:Character terminal, mobile terminal, target are set It is standby;
The account for receiving the account of user's input, and is sent to the target device by the character terminal;
The target device, the account sent for receiving the character terminal, and by the spy of the target device itself Reference breath is encrypted, and is compressed the characteristic information of encrypted target device to obtain the first dynamic code, Yi Jili Two dimensional code is generated with the encrypted characteristic information and the account, and the two dimensional code is sent to the character end End;
The character terminal is also used to receive the two dimensional code that the target device is sent, and exports the two dimensional code;
The mobile terminal is also used to the characteristic information obtained by the two dimensional code for scanning the character terminal output And the account, the characteristic information of acquisition and the account are sent to server, the server is received and is based on The second dynamic code that the characteristic information generates, and second dynamic code is sent to the character terminal;
The character terminal is also used to receive second dynamic code that the mobile terminal is sent, and dynamically by described second Code is sent to the target device;
The target device is also used to receive second dynamic that the character terminal is sent, and according to second dynamic Code carries out matching verifying with first dynamic code, if matching is verified, the character terminal is allowed to set the target It is standby to access, otherwise the character terminal is not allowed to access the target device.
10. a kind of communication equipment, which is characterized in that including:
Memory, for storing computer instruction;
Communication interface, for being communicated with the network equipment;
Processor is communicated to connect with the memory and the communication interface, for executing the computer in the memory Instruction, to execute the method as described in claim 1,3,4 or 5 when executing the computer instruction.
11. a kind of computer readable storage medium, which is characterized in that it is stored with computer instruction in the readable storage medium storing program for executing, When described instruction is run on computers, so that computer executes the method as described in claim 1,3,4 or 5.
CN201810421121.1A 2018-05-04 2018-05-04 A kind of method and device of remote secure access Pending CN108848057A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810421121.1A CN108848057A (en) 2018-05-04 2018-05-04 A kind of method and device of remote secure access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810421121.1A CN108848057A (en) 2018-05-04 2018-05-04 A kind of method and device of remote secure access

Publications (1)

Publication Number Publication Date
CN108848057A true CN108848057A (en) 2018-11-20

Family

ID=64212833

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810421121.1A Pending CN108848057A (en) 2018-05-04 2018-05-04 A kind of method and device of remote secure access

Country Status (1)

Country Link
CN (1) CN108848057A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740137A (en) * 2019-10-22 2020-01-31 福州汇思博信息技术有限公司 Android equipment management method based on wifi direct connection without touch screen
CN113127841A (en) * 2021-04-23 2021-07-16 上海科华实验系统有限公司 Method, device, equipment and storage medium for remotely managing software user
CN113312535A (en) * 2021-05-28 2021-08-27 中铁十一局集团第五工程有限公司 Engineering measurement intelligent management control cloud platform
CN113792565A (en) * 2021-11-15 2021-12-14 微晟(武汉)技术有限公司 Two-dimensional code anti-theft method, device, equipment and medium
CN114338146A (en) * 2021-12-27 2022-04-12 中国民航信息网络股份有限公司 Dynamic code-based crawler-resistant method, system, client and server
CN117371017A (en) * 2023-12-08 2024-01-09 山东三木众合信息科技股份有限公司 Device management method based on encrypted two-dimension code

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724299A (en) * 2012-05-28 2012-10-10 上海斐讯数据通信技术有限公司 Remote control system and method for network terminal equipment
CN103729590A (en) * 2013-12-27 2014-04-16 四川长虹电器股份有限公司 Method, device and system for setting equipment access right
US20140168344A1 (en) * 2012-12-14 2014-06-19 Biscotti Inc. Video Mail Capture, Processing and Distribution
CN103888436A (en) * 2012-12-20 2014-06-25 伊姆西公司 User authentication method and device
CN104410813A (en) * 2014-10-24 2015-03-11 浙江宇视科技有限公司 Method and device for binding user account with monitoring equipment in video monitoring system
CN105099692A (en) * 2014-05-22 2015-11-25 阿里巴巴集团控股有限公司 Safety verification method, device, server and terminal
CN105722089A (en) * 2016-03-24 2016-06-29 浙江风向标科技有限公司 Equipment authentication method
CN106302448A (en) * 2016-08-15 2017-01-04 中国联合网络通信集团有限公司 remote access control method and device
CN107911337A (en) * 2017-10-11 2018-04-13 海信集团有限公司 A kind of apparatus bound method, server and equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102724299A (en) * 2012-05-28 2012-10-10 上海斐讯数据通信技术有限公司 Remote control system and method for network terminal equipment
US20140168344A1 (en) * 2012-12-14 2014-06-19 Biscotti Inc. Video Mail Capture, Processing and Distribution
CN103888436A (en) * 2012-12-20 2014-06-25 伊姆西公司 User authentication method and device
CN103729590A (en) * 2013-12-27 2014-04-16 四川长虹电器股份有限公司 Method, device and system for setting equipment access right
CN105099692A (en) * 2014-05-22 2015-11-25 阿里巴巴集团控股有限公司 Safety verification method, device, server and terminal
CN104410813A (en) * 2014-10-24 2015-03-11 浙江宇视科技有限公司 Method and device for binding user account with monitoring equipment in video monitoring system
CN105722089A (en) * 2016-03-24 2016-06-29 浙江风向标科技有限公司 Equipment authentication method
CN106302448A (en) * 2016-08-15 2017-01-04 中国联合网络通信集团有限公司 remote access control method and device
CN107911337A (en) * 2017-10-11 2018-04-13 海信集团有限公司 A kind of apparatus bound method, server and equipment

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740137A (en) * 2019-10-22 2020-01-31 福州汇思博信息技术有限公司 Android equipment management method based on wifi direct connection without touch screen
CN113127841A (en) * 2021-04-23 2021-07-16 上海科华实验系统有限公司 Method, device, equipment and storage medium for remotely managing software user
CN113312535A (en) * 2021-05-28 2021-08-27 中铁十一局集团第五工程有限公司 Engineering measurement intelligent management control cloud platform
CN113792565A (en) * 2021-11-15 2021-12-14 微晟(武汉)技术有限公司 Two-dimensional code anti-theft method, device, equipment and medium
CN114338146A (en) * 2021-12-27 2022-04-12 中国民航信息网络股份有限公司 Dynamic code-based crawler-resistant method, system, client and server
CN114338146B (en) * 2021-12-27 2023-08-15 中国民航信息网络股份有限公司 Anti-crawler method, system, client and server based on dynamic code
CN117371017A (en) * 2023-12-08 2024-01-09 山东三木众合信息科技股份有限公司 Device management method based on encrypted two-dimension code
CN117371017B (en) * 2023-12-08 2024-03-01 山东三木众合信息科技股份有限公司 Device management method based on encrypted two-dimension code

Similar Documents

Publication Publication Date Title
CN108848057A (en) A kind of method and device of remote secure access
CN110493261B (en) Verification code obtaining method based on block chain, client, server and storage medium
CN104468531B (en) The authorization method of sensitive data, device and system
JP6548667B2 (en) Method, apparatus and system for providing security checks
US20200387594A1 (en) Graphic Pattern-Based Passcode Generation and Authentication
CN101527633B (en) Method for intelligent key devices to obtain digital certificates
CN107040373A (en) Inter-authentication method and authenticating device
CN111314069B (en) Block chain-based shaking system and method, electronic device and storage medium
CN103929400A (en) Two-dimension code obtaining method, generating method, validation method, device and system
CN101689236B (en) Secure login protocol
CN109413096A (en) A kind of login method and device more applied
CN106101159A (en) Dynamic cipher generating method, dynamic cipher authentication method and device
CN104935435A (en) Login methods, terminal and application server
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
CN108965324A (en) A kind of anti-brush method of short message verification code, terminal, server, equipment and medium
CN103384249B (en) Network access verifying method, Apparatus and system, certificate server
CN110659899A (en) Offline payment method, device and equipment
CN107872315A (en) Data processing method and intelligent terminal
CN105635164B (en) The method and apparatus of safety certification
CN110135542A (en) The method, apparatus and system of user's interactive mode Internet of Things verifying based on RF tag
CN109495500A (en) A kind of double factor authentication method based on smart phone
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN106529216B (en) Software authorization system and software authorization method based on public storage platform
KR20130134932A (en) Method for producing an encrypted file and decrypting the encrypted file, computer readable recording medium a program for implementing the methods
CN107172718B (en) Information processing method and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181120