CN111314384A - Terminal authentication method, device and equipment - Google Patents
Terminal authentication method, device and equipment Download PDFInfo
- Publication number
- CN111314384A CN111314384A CN202010207249.5A CN202010207249A CN111314384A CN 111314384 A CN111314384 A CN 111314384A CN 202010207249 A CN202010207249 A CN 202010207249A CN 111314384 A CN111314384 A CN 111314384A
- Authority
- CN
- China
- Prior art keywords
- terminal
- address
- uuid
- authenticated
- corresponding relation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000004044 response Effects 0.000 claims description 17
- 230000008859 change Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 4
- 239000000463 material Substances 0.000 abstract description 6
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a terminal authentication method, a device and equipment, wherein the method comprises the following steps: acquiring an IP address and a universal unique identifier UUID of a terminal to be authenticated; the UUID is used for uniquely identifying the terminal to be authenticated; matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list; and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is successfully matched, determining that the terminal to be authenticated passes the authentication. The method and the device can automatically authenticate the terminal to determine whether the terminal is illegally replaced, and finally reduce the risk of the terminal being utilized by a hacker. The professional personnel do not need to go to the terminal to deploy field patrol at regular intervals, so that the labor and material cost and the time cost are saved, illegal counterfeit terminals can be found more timely, and the consequences that core services in the network cannot run normally, privacy information is stolen and the like are avoided timely.
Description
Technical Field
The present application relates to the field of data processing, and in particular, to a method, an apparatus, and a device for authenticating a terminal.
Background
With the rapid development of the internet of things, a large number of terminals of the internet of things are deployed in all corners of a city, such as video terminals like cameras. However, most terminals are deployed in an unattended environment with relatively low security, and are easily utilized by hackers, so that the terminals penetrate into the whole network, and finally, core services in the network cannot normally operate, privacy information is stolen, and other consequences may be caused.
At present, a professional usually goes to a terminal deployment field regularly to perform patrol, and the purpose is to check whether the phenomenon that the terminal is illegally replaced or the like occurs, so that the risk that the terminal is utilized by a hacker is reduced.
However, the current method is time-consuming and labor-consuming, and especially when the number of terminals is large and the distribution is wide, it is difficult to check whether all the terminals are illegally replaced. Therefore, there is a need for a time-saving and labor-saving method to determine whether a terminal is illegally replaced in time, so as to reduce the risk of using the terminal by a hacker.
Disclosure of Invention
In view of this, the present application provides a terminal authentication method, device and apparatus, which can automatically authenticate a terminal to determine whether the terminal is illegally replaced, and finally reduce the risk of the terminal being utilized by a hacker.
In a first aspect, to achieve the above object, the present application provides a terminal authentication method, where the method includes:
acquiring an IP address and a universal unique identifier UUID of a terminal to be authenticated; the UUID is used for uniquely identifying the terminal to be authenticated;
matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list;
and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is successfully matched, determining that the terminal to be authenticated passes the authentication.
In an optional embodiment, the method further comprises:
and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched, adding the IP address into a black list so as to block the flow corresponding to the IP address.
In an optional embodiment, the method further comprises:
and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched, determining that the terminal to be authenticated is not authenticated, and sending change warning information of the terminal to be authenticated to a platform server.
In an optional implementation manner, the acquiring an IP address and a UUID of a terminal to be authenticated includes:
after the terminal to be authenticated is determined to be on-line, sending a preset discovery message to the terminal to be authenticated;
and after receiving the response message from the terminal to be authenticated, analyzing the response message to obtain the IP address and the UUID of the terminal to be authenticated.
In an optional implementation manner, the terminal to be authenticated includes a video terminal;
after the terminal to be authenticated is determined to be online, before the preset discovery message is sent to the video terminal, the method further includes:
sending an ICMP message to the video terminal in a preset period, and determining whether the video terminal is on line or not based on a response message of the ICMP message;
correspondingly, after the terminal to be authenticated is determined to be online, sending a preset discovery message to the video terminal includes:
and after the video terminal is determined to be online, sending an ONVIF discovery message to the video terminal so as to acquire the IP address and the UUID of the video terminal based on a response message of the ONVIF discovery message.
In a second aspect, the present application further provides a terminal authentication apparatus, including:
the acquisition module is used for acquiring the IP address and the universal unique identifier UUID of the terminal to be authenticated; the UUID is used for uniquely identifying the terminal to be authenticated;
the matching module is used for matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list;
and the first determining module is used for determining that the terminal to be authenticated passes the authentication when the corresponding relation between the IP address and the UUID and the corresponding relation between any IP address and the UUID in the preset white list are successfully matched.
In an alternative embodiment, the apparatus further comprises:
and the adding module is used for adding the IP address into a blacklist when the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset whitelist is not successfully matched so as to block the flow corresponding to the IP address.
In an alternative embodiment, the apparatus further comprises:
and the second determining module is used for determining that the terminal to be authenticated does not pass the authentication and sending change warning information of the terminal to be authenticated to a platform server when the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched.
In a third aspect, the present application also provides a computer-readable storage medium having stored therein instructions that, when run on a terminal device, cause the terminal device to perform the method according to any one of the above.
In a fourth aspect, the present application further provides an apparatus comprising: a memory, a processor, and a computer program stored on the memory and executable on the processor, when executing the computer program, implementing the method as in any one of the above.
In the terminal authentication method provided by the embodiment of the application, the successfully matched terminal to be authenticated is finally determined to pass authentication by acquiring the IP address and the UUID of the terminal to be authenticated and matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in the preset white list. Therefore, the terminal can be automatically authenticated by the embodiment of the application to determine whether the terminal is illegally replaced, and finally the risk that the terminal is utilized by a hacker is reduced. The professional personnel do not need to go to the terminal to deploy field patrol at regular intervals, so that the labor and material cost and the time cost are saved, illegal counterfeit terminals can be found more timely, and the consequences that core services in the network cannot run normally, privacy information is stolen and the like are avoided timely.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a flowchart of a terminal authentication method according to an embodiment of the present application;
fig. 2 is a flowchart of a video terminal authentication method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a terminal authentication device according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a terminal authentication device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, in the field of internet of things, the deployment environment security of the internet of things terminal is relatively low, and the internet of things terminal is easily utilized by hackers, so that the terminal penetrates into the whole network, and finally, the core service in the network cannot normally run, privacy information is stolen, and other consequences may be caused.
In order to avoid the consequences caused by the utilization of the terminal by a hacker, the application provides a terminal authentication method, the terminal is authenticated in a mode of actively detecting the terminal information so as to determine whether the terminal is utilized by the hacker, and the phenomenon that the core service in the network cannot normally run and the privacy information is stolen due to the fact that the terminal is illegally counterfeited is avoided.
Specifically, in the terminal authentication method provided by the present application, first, an IP address and a UUID that is a universal unique identifier of a terminal to be authenticated are obtained. And then, matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list. And if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is successfully matched, determining that the terminal to be authenticated passes the authentication. The method and the device determine whether the terminal to be authenticated passes the authentication or not by matching the IP address of the terminal to be authenticated and the UUID capable of uniquely identifying the terminal to be authenticated with the corresponding relation between the IP address and the UUID in the preset report list. Compared with the prior art, the method and the device can automatically complete terminal authentication, automatically determine whether the terminal is utilized by a hacker or not, avoid illegal counterfeiting of the terminal, avoid the need of regular terminal deployment field patrol by professionals, save manpower and material cost and time cost, find the illegal counterfeiting terminal more timely, and avoid consequences such as incapability of normal operation of core services in the network, stealing of privacy information and the like.
Before describing embodiments of the present application, a brief introduction to related terms is first made to facilitate understanding of the embodiments of the present application:
UUID: the universal Unique Identifier (Uniqueidentifier) is a standard for software construction, and is part of the open software foundation organization in the field of distributed computing environments. The aim is to enable all elements in the distributed system to have unique identification information without specifying the identification information through a central control end. In this way, everyone can create a UUID that does not conflict with others. In such a case, the name duplication problem at the time of database creation does not need to be considered.
ONVIF: in 2008, in 5 months, the three parties of the company Ancishi, Boshi and Sony, declare that the carriers jointly form an international Open network video product standard network Interface development Forum, which is named as ONVIF (Open network video Interface Forum, Chinese), and jointly establish an Open industry standard according to the Open and Open principle.
Based on this, the present application provides a terminal authentication method, and with reference to fig. 1, is a flowchart of a terminal authentication method provided in an embodiment of the present application, where the method includes:
s101: acquiring an IP address and a universal unique identifier UUID of a terminal to be authenticated; and the UUID is used for uniquely identifying the terminal to be authenticated.
In the embodiment of the application, the IP address is allocated by the server after the terminal is deployed, and the corresponding terminal can be identified to a certain extent through the IP address. The universal unique identifier UUID is set before the terminal leaves the factory, and can uniquely identify the terminal.
The terminal is authenticated based on the IP address and the UUID of the terminal, so that the IP address and the UUID of the terminal to be authenticated are required to be acquired before the terminal is authenticated, and the terminal is authenticated later.
In practical application, there are many ways to obtain the IP address and UUID of the terminal, and the way provided in the embodiment of the present application does not limit this. Specifically, the IP address and UUID of the terminal to be authenticated may be obtained by sending a preset discovery packet to the terminal to be authenticated.
In an optional implementation manner, first, after it is determined that the terminal to be authenticated is online, a preset discovery message is sent to the terminal to be authenticated. Secondly, after receiving the response message from the terminal to be authenticated, analyzing the response message to obtain the IP address and the UUID of the terminal to be authenticated.
In practical application, after the terminal to be authenticated is determined to be online, a preset discovery message is sent to the terminal to be authenticated, in a possible implementation manner, a response message from the terminal to be authenticated is not received within a certain time, which indicates that the terminal to be authenticated may be abnormal, and it can be determined that the terminal to be authenticated fails to authenticate. Or, after the preset discovery message is sent to the terminal to be authenticated for multiple times, the response message from the terminal to be authenticated is not received, which also indicates that the terminal to be authenticated may be abnormal, so that the authentication failure of the terminal to be authenticated can be determined.
In another possible implementation manner, after sending the preset discovery message to the terminal to be authenticated, the response message from the terminal to be authenticated is received, and after analyzing the response message, the UUID of the terminal to be authenticated is not obtained, which indicates that the terminal to be authenticated may be abnormal, and it may be determined that the terminal to be authenticated fails to authenticate.
S102: and matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list.
In the embodiment of the application, after the IP address and the UUID of the terminal to be authenticated are obtained, the IP address and the UUID of the terminal to be authenticated are matched with the corresponding relation between the IP address and the UUID stored in the preset white list, so that whether the terminal to be authenticated passes authentication or not is determined.
In practical application, the corresponding relation between the IP address and the UUID of each terminal is pre-stored in a preset white list and used for authenticating the terminal to be authenticated. In an optional implementation manner, a correspondence between IP addresses and UUIDs of terminals obtained in advance may be established, and then the established correspondences are directly stored in a white list. In another optional embodiment, the IP addresses of the terminals may be stored in a white list in advance, corresponding UUIDs may be obtained from the terminals based on the IP addresses of the terminals, and a correspondence between the obtained UUIDs and the corresponding IP addresses may be established and stored in the white list together.
It should be noted that the embodiment of the present application is not limited to other ways of constructing the white list.
S103: and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is successfully matched, determining that the terminal to be authenticated passes the authentication.
In the embodiment of the application, after the IP address and the UUID of the terminal to be authenticated are matched with the preset white list, if the corresponding relationship between the IP address and the UUID of the terminal to be authenticated and any pair of IP address and UUID in the preset white list is successfully matched, it is indicated that the terminal to be authenticated is not illegally damaged, and it can be determined that the terminal to be authenticated passes authentication.
In an optional implementation manner, after the IP address and the UUID of the terminal to be authenticated are matched with the preset white list, if the correspondence between the IP address and the UUID of the terminal to be authenticated and any pair of IP address and UUID in the preset white list is not successfully matched, it indicates that the authentication of the terminal to be authenticated fails, and the IP address of the terminal to be authenticated may be added to the black list, so as to block the traffic corresponding to the IP address and protect the background server from illegal infringement.
In another optional embodiment, after the IP address and the UUID of the terminal to be authenticated are matched with the preset white list, if the IP address and the UUID of the terminal to be authenticated are not successfully matched with any pair of IP addresses and UUIDs in the preset white list, it may be determined that the terminal to be authenticated fails to be authenticated, and at this time, change warning information of the terminal to be authenticated may be sent to the platform server, so that a worker may know that the terminal to be authenticated is abnormal by changing the warning information, and perform further verification processing on the terminal to be authenticated in time.
In practical application, through further verification processing of the terminal to be authenticated by the staff, it may be determined that the terminal to be authenticated does not actually have the counterfeit problem, and at this time, the IP address of the terminal to be authenticated may be deleted from the blacklist without blocking the traffic from the IP address. Meanwhile, the white list can be updated by using the IP address and the UUID acquired by the staff from the terminal to be authenticated, so that the accuracy of subsequent terminal authentication is improved.
In the terminal authentication method provided by the embodiment of the application, the successfully matched terminal to be authenticated is finally determined to pass authentication by acquiring the IP address and the UUID of the terminal to be authenticated and matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in the preset white list. Therefore, the terminal can be automatically authenticated by the embodiment of the application to determine whether the terminal is illegally replaced, and finally the risk that the terminal is utilized by a hacker is reduced. The professional personnel do not need to go to the terminal to deploy field patrol at regular intervals, so that the labor and material cost and the time cost are saved, illegal counterfeit terminals can be found more timely, and the consequences that core services in the network cannot run normally, privacy information is stolen and the like are avoided timely.
The terminal authentication method provided by the present application can be applied to various fields, which is not limited in the present application, and for facilitating understanding of the present application, the following takes a scheme of authenticating a video terminal as an example, and further introduces the terminal authentication method provided by the embodiment of the present application.
Referring to fig. 2, a flowchart of a video terminal authentication method provided in an embodiment of the present application is shown, where the method includes:
s201: the authentication equipment sends an ICMP message to a video terminal in a preset period, and determines whether the video terminal is on line or not based on a response message of the ICMP message.
The video terminal in the embodiment of the application can be terminals such as a camera, and the camera is generally deployed in various environments, so that a large potential safety hazard exists, and therefore the video terminal needs to be authenticated to prevent the video terminal such as the camera from being illegally copied.
In the embodiment of the application, before the IP address and the UUID of the video terminal are acquired, the authentication device needs to determine whether the video terminal is online. Specifically, the authentication device may periodically send an ICMP (Internet Control Message Protocol, english) Message to the video terminal, and determine whether the video terminal is online through a response Message of the video terminal.
S202: and after the video terminal is determined to be online, the authentication equipment sends an ONVIF discovery message to the video terminal so as to acquire the IP address and the UUID of the video terminal based on a response message of the ONVIF discovery message.
In the embodiment of the application, the ONVIF discovery message is a preset message based on a UDP protocol, and the IP address and the UUID can be acquired from the video terminal by utilizing the characteristics that the existing preset message can acquire the IP address and the UUID of the video terminal, so that the authentication of the video terminal is realized. The UUID is used for uniquely identifying the video terminal, and may be an identification code with a length of 36 bytes, and the UUIDs of different video terminals are all different, so that the UUID of the video terminal may be used as a basis for whether the video terminal is counterfeited.
S203: and the authentication equipment matches the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list.
S204: and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is successfully matched, determining that the video terminal passes the authentication.
S203 and S204 in the embodiment of the present application can be understood by referring to the above embodiments, and are not described herein again.
S205: and if the corresponding relation between the IP address and the UUID and any one of the IP address and the UUID in the preset white list is not successfully matched, determining that the video terminal is not authenticated, adding the IP address into a black list by the authentication equipment so as to block the flow corresponding to the IP address, and sending change alarm information of the video terminal to a platform server by the authentication equipment.
In the embodiment of the application, after the authentication device determines that the video terminal fails to be authenticated, the IP address of the video terminal is added to the blacklist, and the subsequent authentication device can block the traffic corresponding to the IP address in the blacklist.
In an optional implementation manner, the authentication device may be deployed between the video terminal and the background server, and traffic between the video terminal and the background server passes through the authentication device, so that the authentication device may block traffic between the video terminal and the background server based on an IP address in a blacklist, and prevent the background server from being illegally damaged by an illegally copied video server.
In addition, in order to inform the staff of further verification processing of the video terminal which is not authenticated, the authentication device in the embodiment of the application may further send change warning information of the video terminal which is not authenticated to the platform server, so that the staff can verify the video terminal which is not authenticated.
In the video terminal authentication method provided by the embodiment of the application, the successfully matched terminal to be authenticated is finally determined to pass the authentication by acquiring the IP address and the UUID of the video terminal and matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in the preset white list. Therefore, the video terminal can be automatically authenticated to determine whether the video terminal is illegally replaced, the risk of the video terminal being utilized by a hacker is finally reduced, a professional does not need to go to the video terminal to deploy on-site patrol, the cost of manpower and material resources and the cost of time are saved, the video terminal which is illegally copied can be found in time, and the consequences that core services in a network cannot normally run, privacy information is stolen and the like are avoided in time.
Based on the above method embodiment, the present application further provides a terminal authentication device, and referring to fig. 3, fig. 3 is a schematic structural diagram of a terminal authentication device provided in the embodiment of the present application, where the device includes:
an obtaining module 301, configured to obtain an IP address and a UUID of a terminal to be authenticated; the UUID is used for uniquely identifying the terminal to be authenticated;
a matching module 302, configured to match the IP address and the UUID with a corresponding relationship between IP addresses and UUIDs stored in a preset white list;
the first determining module 303 is configured to determine that the terminal to be authenticated passes authentication when the IP address and the UUID are successfully matched with the corresponding relationship between any IP address in the preset white list and the UUID.
In an optional embodiment, the apparatus may further include:
and the adding module is used for adding the IP address into a blacklist when the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset whitelist is not successfully matched so as to block the flow corresponding to the IP address.
In another optional embodiment, the apparatus may further include:
and the second determining module is used for determining that the terminal to be authenticated does not pass the authentication and sending change warning information of the terminal to be authenticated to a platform server when the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched.
In the terminal authentication device provided by the embodiment of the application, the successfully matched terminal to be authenticated is finally determined to pass authentication by acquiring the IP address and the UUID of the terminal to be authenticated and matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in the preset white list. Therefore, the terminal can be automatically authenticated by the embodiment of the application to determine whether the terminal is illegally replaced, and finally the risk that the terminal is utilized by a hacker is reduced. The professional personnel do not need to go to the terminal to deploy field patrol at regular intervals, so that the labor and material cost and the time cost are saved, illegal counterfeit terminals can be found more timely, and the consequences that core services in the network cannot run normally, privacy information is stolen and the like are avoided timely.
In addition, an embodiment of the present application further provides a terminal authentication device, as shown in fig. 4, where the terminal authentication device may include:
a processor 401, a memory 402, an input device 403, and an output device 404. The number of the processors 401 in the terminal authentication device may be one or more, and one processor is taken as an example in fig. 4. In some embodiments of the present invention, the processor 401, the memory 402, the input device 403, and the output device 404 may be connected by a bus or other means, wherein the connection by the bus is illustrated in fig. 4.
The memory 402 may be used to store software programs and modules, and the processor 401 executes various functional applications and data processing of the terminal authentication device by running the software programs and modules stored in the memory 402. The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. The input means 403 may be used to receive input numeric or character information and to generate signal inputs relating to user settings and function control of the terminal authentication device.
Specifically, in this embodiment, the processor 401 loads an executable file corresponding to a process of one or more application programs into the memory 402 according to the following instructions, and the processor 401 runs the application programs stored in the memory 402, thereby implementing various functions in the terminal authentication method.
In addition, the present application also provides a computer-readable storage medium, in which instructions are stored, and when the instructions are run on a terminal device, the terminal device is caused to execute the terminal authentication method described above.
It is understood that for the apparatus embodiments, since they correspond substantially to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The method, the apparatus, and the device for authenticating a terminal provided in the embodiments of the present application are described in detail above, and a specific example is applied in the description to explain the principle and the implementation of the present application, and the description of the embodiments above is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A terminal authentication method, characterized in that the method comprises:
acquiring an IP address and a universal unique identifier UUID of a terminal to be authenticated; the UUID is used for uniquely identifying the terminal to be authenticated;
matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list;
and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is successfully matched, determining that the terminal to be authenticated passes the authentication.
2. The method of claim 1, further comprising:
and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched, adding the IP address into a black list so as to block the flow corresponding to the IP address.
3. The method of claim 1, further comprising:
and if the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched, determining that the terminal to be authenticated is not authenticated, and sending change warning information of the terminal to be authenticated to a platform server.
4. The method according to any one of claims 1 to 3, wherein the obtaining the IP address and the UUID of the terminal to be authenticated comprises:
after the terminal to be authenticated is determined to be on-line, sending a preset discovery message to the terminal to be authenticated;
and after receiving the response message from the terminal to be authenticated, analyzing the response message to obtain the IP address and the UUID of the terminal to be authenticated.
5. The method according to claim 4, wherein the terminal to be authenticated comprises a video terminal;
after the terminal to be authenticated is determined to be online, before the preset discovery message is sent to the video terminal, the method further includes:
sending an ICMP message to the video terminal in a preset period, and determining whether the video terminal is on line or not based on a response message of the ICMP message;
correspondingly, after the terminal to be authenticated is determined to be online, sending a preset discovery message to the video terminal includes:
and after the video terminal is determined to be online, sending an ONVIF discovery message to the video terminal so as to acquire the IP address and the UUID of the video terminal based on a response message of the ONVIF discovery message.
6. A terminal authentication apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring the IP address and the universal unique identifier UUID of the terminal to be authenticated; the UUID is used for uniquely identifying the terminal to be authenticated;
the matching module is used for matching the IP address and the UUID with the corresponding relation between the IP address and the UUID stored in a preset white list;
and the first determining module is used for determining that the terminal to be authenticated passes the authentication when the corresponding relation between the IP address and the UUID and the corresponding relation between any IP address and the UUID in the preset white list are successfully matched.
7. The apparatus of claim 6, further comprising:
and the adding module is used for adding the IP address into a blacklist when the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset whitelist is not successfully matched so as to block the flow corresponding to the IP address.
8. The apparatus of claim 6, further comprising:
and the second determining module is used for determining that the terminal to be authenticated does not pass the authentication and sending change warning information of the terminal to be authenticated to a platform server when the corresponding relation between the IP address and the UUID and any IP address and UUID in the preset white list is not successfully matched.
9. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 1-5.
10. An apparatus, comprising: memory, a processor, and a computer program stored on the memory and executable on the processor, when executing the computer program, implementing the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010207249.5A CN111314384A (en) | 2020-03-23 | 2020-03-23 | Terminal authentication method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010207249.5A CN111314384A (en) | 2020-03-23 | 2020-03-23 | Terminal authentication method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111314384A true CN111314384A (en) | 2020-06-19 |
Family
ID=71147281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010207249.5A Pending CN111314384A (en) | 2020-03-23 | 2020-03-23 | Terminal authentication method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314384A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115913614A (en) * | 2022-09-19 | 2023-04-04 | 上海辰锐信息科技有限公司 | Network access device and method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506510A (en) * | 2014-12-15 | 2015-04-08 | 百度在线网络技术(北京)有限公司 | Method and device for equipment authentication and authentication service system |
| CN104883390A (en) * | 2015-04-17 | 2015-09-02 | 浙江宇视科技有限公司 | Method of accessing third-party video monitoring device and device of accessing third-party video monitoring device |
| CN105704145A (en) * | 2016-03-22 | 2016-06-22 | 英赛克科技(北京)有限公司 | Safety protection method and system for OPC protocol |
| CN106878270A (en) * | 2016-12-30 | 2017-06-20 | 深圳市风云实业有限公司 | Enhanced access control equipment based on portal agreements |
| CN107360184A (en) * | 2017-08-14 | 2017-11-17 | 杭州迪普科技股份有限公司 | terminal device authentication method and device |
| US20180152445A1 (en) * | 2016-11-30 | 2018-05-31 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for authenticating user |
| CN109862043A (en) * | 2019-03-28 | 2019-06-07 | 新华三技术有限公司 | A kind of method and device of terminal authentication |
| CN110708336A (en) * | 2019-10-29 | 2020-01-17 | 杭州迪普科技股份有限公司 | Video terminal authentication method and device, electronic equipment and storage medium |
-
2020
- 2020-03-23 CN CN202010207249.5A patent/CN111314384A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506510A (en) * | 2014-12-15 | 2015-04-08 | 百度在线网络技术(北京)有限公司 | Method and device for equipment authentication and authentication service system |
| CN104883390A (en) * | 2015-04-17 | 2015-09-02 | 浙江宇视科技有限公司 | Method of accessing third-party video monitoring device and device of accessing third-party video monitoring device |
| CN105704145A (en) * | 2016-03-22 | 2016-06-22 | 英赛克科技(北京)有限公司 | Safety protection method and system for OPC protocol |
| US20180152445A1 (en) * | 2016-11-30 | 2018-05-31 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for authenticating user |
| CN106878270A (en) * | 2016-12-30 | 2017-06-20 | 深圳市风云实业有限公司 | Enhanced access control equipment based on portal agreements |
| CN107360184A (en) * | 2017-08-14 | 2017-11-17 | 杭州迪普科技股份有限公司 | terminal device authentication method and device |
| CN109862043A (en) * | 2019-03-28 | 2019-06-07 | 新华三技术有限公司 | A kind of method and device of terminal authentication |
| CN110708336A (en) * | 2019-10-29 | 2020-01-17 | 杭州迪普科技股份有限公司 | Video terminal authentication method and device, electronic equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115913614A (en) * | 2022-09-19 | 2023-04-04 | 上海辰锐信息科技有限公司 | Network access device and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109766696B (en) | Method and device for setting software permission, storage medium and electronic device | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| CN111490981B (en) | Access management method and device, bastion machine and readable storage medium | |
| CN107547565B (en) | Network access authentication method and device | |
| CN109688186B (en) | Data interaction method, device, equipment and readable storage medium | |
| CN112685682B (en) | Method, device, equipment and medium for identifying forbidden object of attack event | |
| CN110909379B (en) | Storage cluster permission determination method, device, equipment and storage medium | |
| CN111131221A (en) | Interface checking device, method and storage medium | |
| CN114257413B (en) | Reaction blocking method and device based on application container engine and computer equipment | |
| CN108683631B (en) | Method and system for preventing scanning of authority file | |
| CN111182537A (en) | Network access method, device and system for mobile application | |
| CN108390786B (en) | Business operation and maintenance method and device and electronic equipment | |
| CN114338068A (en) | Multi-node vulnerability scanning method and device, electronic equipment and storage medium | |
| KR101541244B1 (en) | System and method for pharming attack prevention through dns modulation such as the pc and access point | |
| CN109040016B (en) | Information processing method and device and computer readable storage medium | |
| CN111314384A (en) | Terminal authentication method, device and equipment | |
| CN113987508A (en) | Vulnerability processing method, device, equipment and medium | |
| CN111680282B (en) | Node management method, device, equipment and medium based on block chain network | |
| CN110719263B (en) | Multi-tenant DNS security management method, device and storage medium | |
| CN110061988B (en) | Authentication method of embedded equipment, service server and storage medium | |
| CN109905408B (en) | Network security protection method, system, readable storage medium and terminal equipment | |
| CN112688899A (en) | In-cloud security threat detection method and device, computing equipment and storage medium | |
| CN111949363A (en) | Service access management method, computer equipment, storage medium and system | |
| CN115001974A (en) | Cluster system consistency detection method, device, system, equipment and storage medium | |
| CN116489123A (en) | Industrial Internet identification-based processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200619 |
|
| RJ01 | Rejection of invention patent application after publication |