CN111814131B - Method and device for equipment registration and configuration management - Google Patents
Method and device for equipment registration and configuration management Download PDFInfo
- Publication number
- CN111814131B CN111814131B CN202010542142.6A CN202010542142A CN111814131B CN 111814131 B CN111814131 B CN 111814131B CN 202010542142 A CN202010542142 A CN 202010542142A CN 111814131 B CN111814131 B CN 111814131B
- Authority
- CN
- China
- Prior art keywords
- slave
- equipment
- slave device
- certificate
- token information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 description 16
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/303—Terminal profiles
Abstract
The invention discloses a method and a device for equipment registration and configuration management, and relates to the technical field of computers. One embodiment of the method comprises the following steps: device registration and certificate issuance are carried out for each slave device; creating a license for each slave device and issuing the license to the corresponding slave device; issuing a centralized configuration update notification to each slave device; receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a device identifier of each slave device; and verifying whether the license corresponding to the equipment identifier of each slave equipment is legal and effective, and if so, issuing centralized configuration information encrypted by the certificate to each slave equipment. The embodiment can solve the technical problems that the configuration efficiency of the equipment is low or personalized configuration cannot be realized.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for device registration and configuration management.
Background
In order to meet the protection requirement of enterprise data security, a set of data security protection system is generally deployed in an enterprise, and the system is deployed on each independent device to cooperate with each other to work cooperatively. Depending on the size of the enterprise, different numbers of gateway devices may be deployed at each gateway or node, so that the traffic of the enterprise may be supported and the efficiency of data protection may be improved. Each device has the same or different configuration strategies, and along with the large-scale deployment of the devices, the requirements of the large-scale deployment cannot be met only by means of managing and configuring each device independently, the efficiency is seriously reduced, and the requirements of synchronous and quick effect of the configuration among the devices cannot be met.
In the prior art, the management and configuration of each device are kept synchronous, generally in the following two ways:
the first way is: and aiming at the deployed equipment, the equipment is independently managed, and the configuration and the modification of the equipment are independently carried out on each equipment without mutual influence.
The second way is: centralized management is carried out on deployed equipment, and centralized pushing can be carried out on configuration required to be pushed and deployed to each equipment, so that the efficiency is greatly improved.
In the process of implementing the present invention, the inventor finds that at least the following problems exist in the prior art:
in the first way, the greatest disadvantage is the relatively low efficiency, and when the same configuration needs to be validated among all devices, all devices need to be operated, so that a great deal of repeated work is brought;
the second approach can address the deficiencies of the first approach, but the configuration for individual device personalization is lacking.
Disclosure of Invention
In view of this, the embodiments of the present invention provide a method and apparatus for device registration and configuration management, so as to solve the technical problem that the configuration efficiency of a device is low or personalized configuration cannot be achieved.
To achieve the above object, according to one aspect of the embodiments of the present invention, there is provided a method for device registration and configuration management, including:
Device registration and certificate issuance are carried out for each slave device;
creating a license for each slave device and issuing the license to the corresponding slave device;
issuing a centralized configuration update notification to each slave device;
receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a device identifier of each slave device;
and verifying whether the license corresponding to the equipment identifier of each slave equipment is legal and effective, and if so, issuing centralized configuration information encrypted by the certificate to each slave equipment.
Optionally, performing device registration and certificate issuance for each slave device includes:
receiving a device registration request sent by a slave device, wherein the device registration request carries preset token information of the slave device;
verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, distributing authentication token information for the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored in the local of the slave equipment;
receiving a certificate issuing request sent by the slave equipment, wherein the certificate issuing request carries certificate content of the slave equipment;
And signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave equipment so that the signed certificate is stored in the local of the slave equipment.
Optionally, the preset token information includes a digest value obtained by calculating the preset token content by using an information digest value algorithm, and the device registration request carries timestamp information for further carrying the device registration request sent by the slave device and the device identifier of the slave device.
Optionally, returning the authentication token information to the slave device includes:
returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
Optionally, the centralized configuration update notification carries authentication token information of each slave device, so that each slave device verifies whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device.
Optionally, verifying whether the license corresponding to the device identifier of each slave device is valid or not includes:
Verifying whether the authentication token information of the slave device is consistent with the authentication token information of the slave device stored by the master device;
if yes, verifying whether the license corresponding to the equipment identifier of the slave equipment stored by the master equipment is legal and effective.
Optionally, the method further comprises:
and pushing the personalized configuration information encrypted by the certificate and the authentication token information of the target slave device to the target slave device.
In addition, according to another aspect of the embodiment of the present invention, there is provided an apparatus for device registration and configuration management, including:
the registration module is used for registering equipment and issuing certificates for each slave equipment; creating a license for each slave device and issuing the license to the corresponding slave device;
the management module is used for issuing a centralized configuration update notification to each slave device; receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a device identifier of each slave device; and verifying whether the license corresponding to the equipment identifier of each slave equipment is legal and effective, and if so, issuing centralized configuration information encrypted by the certificate to each slave equipment.
Optionally, the registration module is further configured to:
receiving a device registration request sent by a slave device, wherein the device registration request carries preset token information of the slave device;
verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, distributing authentication token information for the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored in the local of the slave equipment;
receiving a certificate issuing request sent by the slave equipment, wherein the certificate issuing request carries certificate content of the slave equipment;
and signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave equipment so that the signed certificate is stored in the local of the slave equipment.
Optionally, the preset token information includes a digest value obtained by calculating the preset token content by using an information digest value algorithm, and the device registration request carries timestamp information for further carrying the device registration request sent by the slave device and the device identifier of the slave device.
Optionally, the registration module is further configured to:
returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
Optionally, the centralized configuration update notification carries authentication token information of each slave device, so that each slave device verifies whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device.
Optionally, the management module is further configured to:
verifying whether the authentication token information of the slave device is consistent with the authentication token information of the slave device stored by the master device;
if so, verifying whether the license corresponding to the equipment identifier of the slave equipment stored by the master equipment is legal and valid.
Optionally, the management module is further configured to:
and pushing the personalized configuration information encrypted by the certificate and the authentication token information of the target slave device to the target slave device.
According to another aspect of an embodiment of the present invention, there is also provided an electronic device including:
one or more processors;
storage means for storing one or more programs,
the one or more processors implement the method of any of the embodiments described above when the one or more programs are executed by the one or more processors.
According to another aspect of an embodiment of the present invention, there is also provided a computer readable medium having stored thereon a computer program which, when executed by a processor, implements the method according to any of the embodiments described above.
One embodiment of the above invention has the following advantages or benefits: because the technical means of registering the equipment and issuing the certificate for each slave equipment and respectively creating the license for each slave equipment to issue the centralized configuration update notification to each slave equipment and verifying whether the license of each slave equipment is legal and effective is adopted, the centralized configuration information after the certificate encryption is issued to each slave equipment, and the technical problems that the configuration efficiency of the equipment is low or personalized configuration cannot be realized in the prior art are solved. The embodiment of the invention can realize the centralized management of large-scale equipment and the centralized management and issuing of the security policy through the centralized management of the equipment, thereby greatly improving the maintainability and the high efficiency of configuration; meanwhile, personalized configuration can be carried out on a single device, and the safety of data transmission is ensured to the greatest extent by utilizing the adopted safety authentication strategy and encryption mechanism when the devices communicate. Therefore, the embodiment of the invention can safely push the data security policy and configuration among the devices, can perform high-efficiency configuration synchronization, can perform centralized personalized configuration of the devices, and simultaneously provides the maximum security guarantee during the communication among the devices.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the main flow of a method of device registration and configuration management according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a system framework according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of the main flow of a method of device registration and configuration management according to one referenceable embodiment of the invention
FIG. 4 is a schematic diagram of the main flow of a method of device registration and configuration management according to another referenceable embodiment of the invention;
FIG. 5 is a schematic diagram of the major modules of an apparatus for device registration and configuration management according to an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic diagram of the main flow of a method of device registration and configuration management according to an embodiment of the present invention. As an embodiment of the present invention, as shown in fig. 1, the method for device registration and configuration management is applied to a master device, and may include:
step 101, device registration and certificate issuing are carried out for each slave device.
In each gateway device, it is necessary to designate one device as a centrally managed master device, called UCSS. Devices of this type are present in a single network and have only one. The services of the centralized management platform run on the host device. When the main equipment is initialized, the self-registration is performed by default, and the equipment information of the main equipment is registered to the centralized management platform.
As shown in fig. 2, any slave device deployed on a gateway or a node must first register with the master device after configuring network card information of the slave device itself, etc. The master device will store all registered device information.
In the embodiment of the invention, the communication request between each device or each service inside the device goes through the network transmission protocol of HTTPS, so that the data can be encrypted, and the safety of the data is ensured.
Optionally, step 101 may include: receiving a device registration request sent by a slave device, wherein the device registration request carries preset token information of the slave device; verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, distributing authentication token information for the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored in the local of the slave equipment; receiving a certificate issuing request sent by the slave equipment, wherein the certificate issuing request carries certificate content of the slave equipment; and signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave equipment so that the signed certificate is stored in the local of the slave equipment. In order to enable the master device and each slave device to trust each other, a unified authentication and authorization mechanism is needed, which specifically includes the following steps:
1. The slave device sends a device registration request to the master device, and adds an authorized request Header to the request Header (Header) of each request, wherein the authorized request Header content is preset token information preset in the device because the request is first communication. Optionally, the preset token information includes a digest value calculated on the preset token content by using a message digest value algorithm. The information digest value algorithm may be SHA256, that is, the preset token information is a digest value calculated by SHA 256. Optionally, the device registration request carries timestamp information of the slave device sending the device registration request and a device identifier of the slave device.
In addition, the request body (body) of the device registration request needs to carry necessary information required for communication between devices, including a unique UUID of the device, an IP address of the device, and the like.
2. The master device verifies whether the preset token information of the slave device is consistent with the preset token information of the master device. Because the master device and the slave device are preset with the same preset token content, the master device calculates the digest value of the preset token content by adopting an information digest value algorithm, and then judges whether the calculated digest value is consistent with the received preset token information of the slave device. And if the authentication token information is consistent, distributing the authentication token information to the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored locally in the slave equipment.
Optionally, returning the authentication token information to the slave device includes: returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
3. Some requests among all services in the devices adopt a certificate bidirectional authentication mode, so that a unified evidence chain is needed among all the devices to fulfill the requirements of security networks such as certificate authentication, confidentiality and the like among the devices.
After the devices are successfully registered, each device automatically sends a certificate issue request to the master device, wherein the request comprises two certificate requests of a server and a client needed by the device. After receiving the certificate issue request, the master device signs the certificate request by using a preset root certificate, and then returns the signed certificate to the slave device.
4. After receiving the signed certificate, the slave device stores the signed certificate on the local device. Because the certificates used by the services on each device are all signed by using the same root certificate, the certificates and the services between the devices can be used for certificate authentication and encryption and decryption.
And 102, respectively creating a license for each slave device, and issuing the license to the corresponding slave device.
After the processes of device registration and device certificate issue are completed, license issuing needs to be carried out on the master device for each slave device, and each service in the device can be normally started and operated only after each slave device obtains a legal and effective license.
And when each slave device communicates with the master device, after the authentication token information passes the authentication, the master device can also verify the license of the request of each slave device, and the master device can push the configuration information requested by the slave device to the slave device only if the device where the request is located has legal and effective license authorization. It should be noted that the master device designates rights for each slave device by means of a license and stores the device identification of each slave device and its corresponding license in a license library.
And step 103, issuing a centralized configuration update notification to each slave device.
In the embodiment of the invention, all security policies and configurations are uniformly configured and managed in the master device. The security policy or configuration may be selectively pushed to any registered master after the master has been defined. The selection may have a lot of flexibility, be pushed to all devices, to devices of a specified device type, or to a specified single device.
The master device can manage all devices that have been successfully registered, and security policies and configurations on each device can be divided into two types: one is a common policy and configuration that all devices apply, and the other is a configuration that the device itself is different from the other devices, i.e., a personalized configuration. Taking the issuing of the global public policy and configuration as an example, after the master device defines the security policy and configuration, a centralized configuration update notification is firstly sent to all the needed slave devices, and the centralized configuration update notification carries authentication token information of each slave device.
Optionally, the centralized configuration update notification carries authentication token information of each slave device, so that each slave device verifies whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device. It should be noted that since the authentication token information is different for each slave device, it is necessary to issue each different authentication token information to the corresponding slave device.
Step 104, receiving a centralized configuration update request sent by each slave device, where the centralized configuration update request carries a device identifier of each slave device.
After each slave device receives the centralized configuration update notification, verifying whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device. If they are consistent, the verification passes. It is then autonomously decided whether to send a centralized configuration update request to the master device, the centralized configuration update request carrying authentication token information and device identification of the slave device.
Step 105, verifying whether the license corresponding to the device identifier of each slave device is legal and valid, if so, issuing centralized configuration information encrypted by the certificate to each slave device.
Optionally, verifying whether the license corresponding to the device identifier of each slave device is valid or not includes: verifying whether the authentication token information of the slave device is consistent with the authentication token information of the slave device stored by the master device; if so, continuing to verify whether the license corresponding to the device identifier of the slave device stored in the master device is legal and valid (such as whether the license has the authority of centralized configuration update). And if the authentication token information and the license pass verification, issuing the signed certificate encrypted centralized configuration information to the slave device. It should be noted that, since the certificate of each slave device is different, the configuration information needs to be encrypted for different slave devices, and then issued to the corresponding slave device. This way, one configuration can be realized, and the purpose of each application can be achieved.
Optionally, for pushing the device personalized configuration, the method further comprises: and pushing the personalized configuration information encrypted by the certificate and the authentication token information of the target slave device to the target slave device. The master device can perform individual personalized configuration for each slave device, and after the configuration is completed, the master device can actively push the configuration to the slave device.
Optionally, each slave device has a JOB of an automatic timing task and is responsible for periodically acquiring a policy to the master device, so as to prevent the situation that the policy configuration is failed in some cases, and ensure unified adaptation of the global configuration to the greatest extent.
In the embodiment of the invention, if the equipment fails or fails, the managed slave equipment can be deleted on the master equipment, and after the deletion, all subsequent issuing of the security policies and configurations can not be pushed to the slave equipment, and if the slave equipment needs to receive centralized management again, the slave equipment only needs to register with the master equipment again.
According to the various embodiments described above, it can be seen that in the embodiments of the present invention, by performing device registration and certificate issue for each slave device, a license is created for each slave device, and a centralized configuration update notification is issued to each slave device, so as to verify whether the license of each slave device is legal and valid, thereby solving the technical problem that the configuration efficiency of the device in the prior art is low or personalized configuration cannot be realized. The embodiment of the invention can realize the centralized management of large-scale equipment and the centralized management and issuing of the security policy through the centralized management of the equipment, thereby greatly improving the maintainability and the high efficiency of configuration; meanwhile, personalized configuration can be carried out on a single device, and the safety of data transmission is ensured to the greatest extent by utilizing the adopted safety authentication strategy and encryption mechanism when the devices communicate. Therefore, the embodiment of the invention can safely push the data security policy and configuration among the devices, can perform high-efficiency configuration synchronization, can perform centralized personalized configuration of the devices, and simultaneously provides the maximum security guarantee during the communication among the devices.
Fig. 3 is a schematic diagram of the main flow of a method of device registration and configuration management according to one referenceable embodiment of the invention. As yet another embodiment of the present invention, as shown in fig. 3, step 101 in the above embodiment may include:
step 301, a device registration request sent from a device is received.
The slave device sends a device registration request to the master device, and an authorized request Header is added in each request Header, and because the request is first communication, the authorized request Header content is preset token information preset in the device. Optionally, the preset token information includes a digest value calculated on the preset token content by using a message digest value algorithm. The information digest value algorithm may be SHA256, that is, the preset token information is a digest value calculated by SHA 256. Optionally, the device registration request carries timestamp information of the slave device sending the device registration request and a device identifier of the slave device. The body of the device registration request needs to carry necessary information required for communication between devices, including a unique UUID of the device, an IP address of the device, and the like.
Step 302, verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, go to step 303; if not, go to step 306.
Because the master device and the slave device are preset with the same preset token content, the master device calculates the digest value of the preset token content by adopting an information digest value algorithm, and then judges whether the calculated digest value is consistent with the received preset token information of the slave device.
And step 303, distributing authentication token information for the slave device, and returning the authentication token information to the slave device so that the authentication token information is stored locally in the slave device.
Optionally, returning the authentication token information to the slave device includes: returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
Step 304, receiving a certificate issue request sent by the slave device, where the certificate issue request carries certificate content of the slave device.
After the devices are successfully registered, each device automatically sends a certificate issue request to the master device, wherein the request comprises two certificate requests of a server and a client needed by the device.
And 305, signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave device so that the signed certificate is stored in the local of the slave device.
After receiving the certificate issue request, the master device signs the certificate request by using a preset root certificate, and then returns the signed certificate to the slave device.
After receiving the signed certificate, the slave device stores the signed certificate on the local device. Because the certificates used by the services on each device are all signed by using the same root certificate, the certificates and the services between the devices can be used for certificate authentication and encryption and decryption.
Step 306, a registration failure message is returned to the slave device.
In addition, in the embodiment of the present invention, the method for device registration and configuration management is described in detail in the above description, and thus, the description is not repeated here.
Fig. 4 is a schematic diagram of the main flow of a method of device registration and configuration management according to another referenceable embodiment of the invention. As another embodiment of the present invention, as shown in fig. 4, steps 103 to 105 in the above embodiment may include:
And step 401, issuing a centralized configuration update notification to each slave device.
All security policies and configurations are uniformly configured and managed at the master device. The security policy or configuration may be selectively pushed to any registered master after the master has been defined. The selection may have a lot of flexibility, be pushed to all devices, to devices of a specified device type, or to a specified single device.
Taking the issuing of the global public policy and configuration as an example, after the master device defines the security policy and configuration, a centralized configuration update notification is firstly sent to all the needed slave devices, and the centralized configuration update notification carries authentication token information of each slave device.
Step 402, receiving a centralized configuration update request sent by each slave device.
After each slave device receives the centralized configuration update notification, verifying whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device. If they are consistent, the verification passes. It is then autonomously decided whether to send a centralized configuration update request to the master device, the centralized configuration update request carrying authentication token information and device identification of the slave device.
Step 403, whether the authentication token information of the slave device is consistent with the authentication token information of the slave device stored by the master device; if yes, go to step 404; if not, step 407 is performed.
Step 404, verifying whether the authentication token information corresponding to the device identifier of the slave device stored in the master device is valid; if yes, go to step 405; if not, step 407 is performed.
Step 405, for each slave device, the signed certificate is used to encrypt the centralized configuration information.
It should be noted that, since the certificate of each slave device is different, the configuration information needs to be encrypted for different slave devices, and then issued to the corresponding slave device. This way, one configuration can be realized, and the purpose of each application can be achieved.
And step 406, issuing centralized configuration information encrypted by the certificate to each slave device.
This way, one configuration can be realized, and the purpose of each application can be achieved.
Step 407, an update failure message is returned to the slave device.
In addition, in another embodiment of the present invention, the method for device registration and configuration management is described in detail in the above description, and thus, the description is not repeated here.
FIG. 5 is a schematic diagram of the main modules of an apparatus for device registration and configuration management according to an embodiment of the present invention, and as shown in FIG. 5, the apparatus 500 for device registration and configuration management includes a registration module 501 and a management module 502; the registration module 501 is used for registering devices and issuing certificates for each slave device; creating a license for each slave device and issuing the license to the corresponding slave device; the management module 502 is configured to issue a centralized configuration update notification to each slave device; receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a device identifier of each slave device; verifying whether the license corresponding to the equipment identifier of each slave equipment is legal and valid, if so, issuing centralized configuration information encrypted by the certificate to each slave equipment
Optionally, the registration module 501 is further configured to:
receiving a device registration request sent by a slave device, wherein the device registration request carries preset token information of the slave device;
verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, distributing authentication token information for the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored in the local of the slave equipment;
Receiving a certificate issuing request sent by the slave equipment, wherein the certificate issuing request carries certificate content of the slave equipment;
and signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave equipment so that the signed certificate is stored in the local of the slave equipment.
Optionally, the preset token information includes a digest value obtained by calculating the preset token content by using an information digest value algorithm, and the device registration request carries timestamp information for further carrying the device registration request sent by the slave device and the device identifier of the slave device.
Optionally, the registration module 501 is further configured to:
returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
Optionally, the centralized configuration update notification carries authentication token information of each slave device, so that each slave device verifies whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device.
Optionally, the management module 502 is further configured to:
verifying whether the authentication token information of the slave device is consistent with the authentication token information of the slave device stored by the master device;
if yes, verifying whether the license corresponding to the equipment identifier of the slave equipment stored by the master equipment is legal and effective.
Optionally, the management module 502 is further configured to:
and pushing the personalized configuration information encrypted by the certificate and the authentication token information of the target slave device to the target slave device.
According to the various embodiments described above, it can be seen that in the embodiments of the present invention, by performing device registration and certificate issue for each slave device, a license is created for each slave device, and a centralized configuration update notification is issued to each slave device, so as to verify whether the license of each slave device is legal and valid, thereby solving the technical problem that the configuration efficiency of the device in the prior art is low or personalized configuration cannot be realized. The embodiment of the invention can realize the centralized management of large-scale equipment and the centralized management and issuing of the security policy through the centralized management of the equipment, thereby greatly improving the maintainability and the high efficiency of configuration; meanwhile, personalized configuration can be carried out on a single device, and the safety of data transmission is ensured to the greatest extent by utilizing the adopted safety authentication strategy and encryption mechanism when the devices communicate. Therefore, the embodiment of the invention can safely push the data security policy and configuration among the devices, can perform high-efficiency configuration synchronization, can perform centralized personalized configuration of the devices, and simultaneously provides the maximum security guarantee during the communication among the devices.
The specific implementation of the device registration and configuration management apparatus according to the present invention is described in detail in the method of device registration and configuration management described above, and thus the description thereof will not be repeated here.
Fig. 6 illustrates an exemplary system architecture 600 of an apparatus or method of device registration and configuration management to which embodiments of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 is used as a medium to provide communication links between the terminal devices 601, 602, 603 and the server 605. The network 604 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 605 via the network 604 using the terminal devices 601, 602, 603 to receive or send messages, etc. Various communication client applications such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 601, 602, 603.
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (by way of example only) providing support for shopping-type websites browsed by users using terminal devices 601, 602, 603. The background management server may analyze and process the received data such as the article information query request, and feedback the processing result (e.g., the target push information, the article information—only an example) to the terminal device.
It should be noted that, the method for device registration and configuration management provided by the embodiment of the present invention is generally performed by the server 605, and accordingly, the device for device registration and configuration management is generally provided in the server 605. The method for device registration and configuration management provided by the embodiment of the present invention may also be performed by the terminal devices 601, 602, 603, and accordingly, the apparatus for device registration and configuration management may be provided in the terminal devices 601, 602, 603.
It should be understood that the number of terminal devices, networks and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, there is illustrated a schematic diagram of a computer system 700 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data required for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer programs according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: a processor includes a registration module and a management module, where the names of the modules do not constitute a limitation on the module itself in some cases.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: device registration and certificate issuance are carried out for each slave device; creating a license for each slave device and issuing the license to the corresponding slave device; issuing a centralized configuration update notification to each slave device; receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a device identifier of each slave device; and verifying whether the license corresponding to the equipment identifier of each slave equipment is legal and effective, and if so, issuing centralized configuration information encrypted by the certificate to each slave equipment.
According to the technical scheme of the embodiment of the invention, because the technical means of registering equipment and issuing certificates for each slave equipment are adopted, licenses are respectively created for each slave equipment to issue centralized configuration update notification to each slave equipment, and whether the licenses of each slave equipment are legal and effective is verified, so that centralized configuration information after certificate encryption is issued to each slave equipment, the technical problems that the configuration efficiency of equipment is low or personalized configuration cannot be realized in the prior art are solved. The embodiment of the invention can realize the centralized management of large-scale equipment and the centralized management and issuing of the security policy through the centralized management of the equipment, thereby greatly improving the maintainability and the high efficiency of configuration; meanwhile, personalized configuration can be carried out on a single device, and the safety of data transmission is ensured to the greatest extent by utilizing the adopted safety authentication strategy and encryption mechanism when the devices communicate. Therefore, the embodiment of the invention can safely push the data security policy and configuration among the devices, can perform high-efficiency configuration synchronization, can perform centralized personalized configuration of the devices, and simultaneously provides the maximum security guarantee during the communication among the devices.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (6)
1. A method of device registration and configuration management, comprising:
device registration and certificate issuance are carried out for each slave device;
creating a license for each slave device and issuing the license to the corresponding slave device; the method comprises the steps that rights are assigned to each slave device through a license, and device identifiers of the slave devices and corresponding licenses thereof are stored in a license library;
issuing a centralized configuration update notification to each slave device; the centralized configuration update notification carries authentication token information of each slave device so that each slave device verifies whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device;
receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a device identifier of each slave device;
Verifying whether the license corresponding to the equipment identifier of each slave equipment is legal and effective, if so, issuing centralized configuration information encrypted by the certificate to each slave equipment;
device registration and certificate issuance for each slave device includes:
receiving a device registration request sent by a slave device, wherein the device registration request carries preset token information of the slave device;
verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, distributing authentication token information for the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored in the local of the slave equipment;
receiving a certificate issuing request sent by the slave equipment, wherein the certificate issuing request carries the certificate content of the slave equipment, and the certificate content comprises two certificates of a server and a client required by the slave equipment;
signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave equipment so that the signed certificate is stored in the local of the slave equipment; the signed certificate is used for carrying out certificate authentication and encryption and decryption with the service between the devices;
The preset token information comprises a digest value obtained by calculating the preset token content by adopting an information digest value algorithm, and the equipment registration request carries time stamp information for sending the equipment registration request by the slave equipment and equipment identification of the slave equipment;
returning the authentication token information to the slave device, comprising:
returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
2. The method of claim 1, wherein verifying whether the license corresponding to the device identification of each slave device is valid comprises:
verifying whether the authentication token information of the slave device is consistent with the authentication token information of the slave device stored by the master device;
if yes, verifying whether the license corresponding to the equipment identifier of the slave equipment stored by the master equipment is legal and effective.
3. The method as recited in claim 1, further comprising:
And pushing the personalized configuration information encrypted by the certificate and the authentication token information of the target slave device to the target slave device.
4. An apparatus for device registration and configuration management, comprising:
the registration module is used for registering equipment and issuing certificates for each slave equipment; creating a license for each slave device and issuing the license to the corresponding slave device; the method comprises the steps that rights are assigned to each slave device through a license, and device identifiers of the slave devices and corresponding licenses thereof are stored in a license library;
the management module is used for issuing a centralized configuration update notification to each slave device; receiving a centralized configuration update request sent by each slave device, wherein the centralized configuration update request carries a license of each slave device; verifying whether the license of each slave device is legal and effective, if so, issuing centralized configuration information encrypted by a certificate to each slave device; the centralized configuration update notification carries authentication token information of each slave device so that each slave device verifies whether the authentication token information issued by the master device is consistent with the authentication token information stored locally in the slave device;
The registration module is further configured to:
receiving a device registration request sent by a slave device, wherein the device registration request carries preset token information of the slave device;
verifying whether preset token information of the slave device is consistent with preset token information of the master device; if yes, distributing authentication token information for the slave equipment, and returning the authentication token information to the slave equipment so that the authentication token information is stored in the local of the slave equipment;
receiving a certificate issuing request sent by the slave equipment, wherein the certificate issuing request carries the certificate content of the slave equipment, and the certificate content comprises two certificates of a server and a client required by the slave equipment;
signing the certificate content by adopting a root certificate, and returning the signed certificate to the slave equipment so that the signed certificate is stored in the local of the slave equipment; the signed certificate is used for carrying out certificate authentication and encryption and decryption with the service between the devices;
the preset token information comprises a digest value obtained by calculating the preset token content by adopting an information digest value algorithm, and the equipment registration request carries time stamp information for sending the equipment registration request by the slave equipment and equipment identification of the slave equipment;
The registration module is further configured to:
returning the authentication token information, the device identification of the slave device and the timestamp information for generating the authentication token information to the slave device; the authentication token information comprises a digest value obtained by calculating the content of the registration token by adopting an information digest value algorithm, and the content of the registration token is randomly generated.
5. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
the one or more processors implement the method of any of claims 1-3 when the one or more programs are executed by the one or more processors.
6. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010542142.6A CN111814131B (en) | 2020-06-15 | 2020-06-15 | Method and device for equipment registration and configuration management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010542142.6A CN111814131B (en) | 2020-06-15 | 2020-06-15 | Method and device for equipment registration and configuration management |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111814131A CN111814131A (en) | 2020-10-23 |
CN111814131B true CN111814131B (en) | 2024-03-08 |
Family
ID=72846110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010542142.6A Active CN111814131B (en) | 2020-06-15 | 2020-06-15 | Method and device for equipment registration and configuration management |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111814131B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112671763B (en) * | 2020-12-23 | 2022-08-30 | 深圳金信诺高新技术股份有限公司 | Data synchronization method and device in networking environment, computer equipment and storage medium |
CN113110114B (en) * | 2021-05-24 | 2023-07-14 | 北京润科通用技术有限公司 | Scheduling method and device for super-real-time joint simulation |
CN113922988B (en) * | 2021-09-16 | 2023-07-18 | 苏州浪潮智能科技有限公司 | Network-based host security policy detection method and system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107996A (en) * | 2013-02-07 | 2013-05-15 | 北京中视广信科技有限公司 | On-line download method and system of digital certificate and digital certificate issuing platform |
CN104487959A (en) * | 2012-04-25 | 2015-04-01 | 思杰系统有限公司 | Secure administration of virtual machines |
CN106790167A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of client registers method and centralized management platform |
CN107040399A (en) * | 2016-02-04 | 2017-08-11 | 京东方科技集团股份有限公司 | A kind of upgrade file method for down loading, equipment and system |
CN107683599A (en) * | 2015-06-11 | 2018-02-09 | 西门子公司 | Authorization device and method for the mandate issue of the authentication token of equipment |
CN108650119A (en) * | 2018-04-24 | 2018-10-12 | 烽火通信科技股份有限公司 | A kind of method and system of Remote configuration terminal device |
CN109756447A (en) * | 2017-11-01 | 2019-05-14 | 华为技术有限公司 | A kind of safety certifying method and relevant device |
CN109801418A (en) * | 2019-01-16 | 2019-05-24 | 浙江汉默生链商科技有限公司 | User autonomous controllable fining authorization management method and device |
CN110958119A (en) * | 2019-10-25 | 2020-04-03 | 泰康保险集团股份有限公司 | Identity verification method and device |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6217728B2 (en) * | 2015-10-19 | 2017-10-25 | トヨタ自動車株式会社 | Vehicle system and authentication method |
CN105245541B (en) * | 2015-10-28 | 2020-02-18 | 腾讯科技(深圳)有限公司 | Authentication method, equipment and system |
-
2020
- 2020-06-15 CN CN202010542142.6A patent/CN111814131B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104487959A (en) * | 2012-04-25 | 2015-04-01 | 思杰系统有限公司 | Secure administration of virtual machines |
CN103107996A (en) * | 2013-02-07 | 2013-05-15 | 北京中视广信科技有限公司 | On-line download method and system of digital certificate and digital certificate issuing platform |
CN107683599A (en) * | 2015-06-11 | 2018-02-09 | 西门子公司 | Authorization device and method for the mandate issue of the authentication token of equipment |
CN107040399A (en) * | 2016-02-04 | 2017-08-11 | 京东方科技集团股份有限公司 | A kind of upgrade file method for down loading, equipment and system |
CN106790167A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of client registers method and centralized management platform |
CN109756447A (en) * | 2017-11-01 | 2019-05-14 | 华为技术有限公司 | A kind of safety certifying method and relevant device |
CN108650119A (en) * | 2018-04-24 | 2018-10-12 | 烽火通信科技股份有限公司 | A kind of method and system of Remote configuration terminal device |
CN109801418A (en) * | 2019-01-16 | 2019-05-24 | 浙江汉默生链商科技有限公司 | User autonomous controllable fining authorization management method and device |
CN110958119A (en) * | 2019-10-25 | 2020-04-03 | 泰康保险集团股份有限公司 | Identity verification method and device |
Also Published As
Publication number | Publication date |
---|---|
CN111814131A (en) | 2020-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9674699B2 (en) | System and methods for secure communication in mobile devices | |
US9419962B2 (en) | Method and apparatus for sharing server resources using a local group | |
CN111814131B (en) | Method and device for equipment registration and configuration management | |
US9294468B1 (en) | Application-level certificates for identity and authorization | |
US8918641B2 (en) | Dynamic platform reconfiguration by multi-tenant service providers | |
US9954834B2 (en) | Method of operating a computing device, computing device and computer program | |
CN110611657A (en) | File stream processing method, device and system based on block chain | |
JP2019514090A (en) | Associating a User Account with a Corporate Workspace | |
CN114978635B (en) | Cross-domain authentication method and device, user registration method and device | |
CN113271296A (en) | Login authority management method and device | |
CN111371753B (en) | Resource sharing method and device | |
US11805182B2 (en) | User profile distribution and deployment systems and methods | |
CN110138765B (en) | Data processing method, data processing device, computer equipment and computer readable storage medium | |
CN113824566B (en) | Certificate authentication method, code number downloading method, device, server and storage medium | |
CN113886793A (en) | Device login method, device, electronic device, system and storage medium | |
CN111988262B (en) | Authentication method, authentication device, server and storage medium | |
CN111787044A (en) | Internet of things terminal platform | |
US10621319B2 (en) | Digital certificate containing multimedia content | |
US11818574B2 (en) | Provisioning devices securely using zero touch deployments | |
US20130219510A1 (en) | Drm/cas service device and method using security context | |
US9823944B2 (en) | Deployment control device and deployment control method for deploying virtual machine for allowing access | |
CN112528239B (en) | Method and device for automatic authorization of software | |
CN109639409B (en) | Key initialization method, key initialization device, electronic equipment and computer-readable storage medium | |
US8689355B1 (en) | Secure recovery of credentials | |
CN110602074B (en) | Service identity using method, device and system based on master-slave association |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |