CN114050910A - Terminal authorization method, device, system, equipment and readable storage medium - Google Patents
Terminal authorization method, device, system, equipment and readable storage medium Download PDFInfo
- Publication number
- CN114050910A CN114050910A CN202111121057.3A CN202111121057A CN114050910A CN 114050910 A CN114050910 A CN 114050910A CN 202111121057 A CN202111121057 A CN 202111121057A CN 114050910 A CN114050910 A CN 114050910A
- Authority
- CN
- China
- Prior art keywords
- terminal
- authorized
- dhcp
- authorization
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 157
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000004891 communication Methods 0.000 claims abstract description 17
- 230000015654 memory Effects 0.000 claims description 31
- 230000001960 triggered effect Effects 0.000 claims description 10
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 5
- 239000013589 supplement Substances 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001502 supplementing effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of communication, and discloses a terminal authorization method, a device, a system, equipment and a readable storage medium. Wherein, the method comprises the following steps: acquiring DHCP feature information and a unique identifier corresponding to a terminal to be authorized, wherein the DHCP feature information corresponds to an authorization strategy issued by a server to the terminal to be authorized; analyzing the DHCP characteristic information, determining the equipment information of the terminal to be authorized, and storing a unique identifier and the equipment information, wherein the equipment information comprises a terminal type and/or a terminal operating system; when an authentication request of a terminal to be authorized is received, matching a corresponding authorization strategy for the terminal to be authorized based on the authentication request, wherein the authentication request carries a unique identifier of the terminal to be authorized. By implementing the invention, the authentication server can match the authorization strategy according to the terminal type of the terminal to be authorized or the terminal operating system, and an enterprise client does not need to be additionally installed, thereby reducing the burden of the enterprise operation and maintenance client.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a terminal authorization method, a device, a system, equipment and a readable storage medium.
Background
With the rapid development of the information society, the office modes of enterprises are continuously enriched, and simultaneously, the network access means and the types of access terminals of the enterprises are also continuously enriched. Generally, for security, enterprises may perform different levels of control on different types of terminals, for example, only a fixed terminal is allowed to access an intranet of a company for office, and a mobile terminal such as a mobile phone is prohibited from accessing the intranet, so as to prevent leakage of enterprise information. Currently, enterprises generally choose to use 802.1x authentication techniques to govern access terminals. However, in this authentication method, the terminal needs to install its own client to collect information such as the terminal type and the operating system, and authentication is performed according to different terminal types, thereby increasing the burden of the operation and maintenance client of the enterprise.
Disclosure of Invention
In view of this, embodiments of the present invention provide a terminal authorization method, an apparatus, a system, a device, and a readable storage medium, so as to solve the problem that the existing terminal authentication method has a large burden on an enterprise operation and maintenance client.
According to a first aspect, an embodiment of the present invention provides a terminal authorization method, used for an authentication server, including: acquiring DHCP feature information and a unique identifier corresponding to a terminal to be authorized, wherein the DHCP feature information corresponds to an authorization strategy issued to the terminal to be authorized by the authentication server; analyzing the DHCP characteristic information, determining the equipment information of the terminal to be authorized, and storing the unique identifier and the equipment information, wherein the equipment information comprises a terminal type and/or a terminal operating system; when an authentication request of the terminal to be authorized is received, matching a corresponding authorization strategy for the terminal to be authorized based on the authentication request, wherein the authentication request carries a unique identifier of the terminal to be authorized.
In the terminal authorization method of the embodiment of the invention, the authentication server analyzes the DHCP feature information to determine the equipment information of the terminal to be authorized by acquiring the DHCP feature information and the uniqueness identifier corresponding to the terminal to be authorized, stores the uniqueness identifier and the equipment information, and matches the corresponding authorization strategy for the terminal to be authorized based on the authentication request when receiving the authentication request of the terminal to be authorized. The DHCP characteristic information corresponds to an authorization strategy issued by the server to the terminal to be authorized, the authentication request carries a unique identifier of the terminal to be authorized, and the equipment information comprises a terminal type and/or a terminal operating system. The method can match the authorization strategy according to the terminal type of the terminal to be authorized or the terminal operating system, and does not need to additionally install the enterprise client, thereby reducing the burden of the enterprise operation and maintenance client.
With reference to the first aspect, in a first implementation manner of the first aspect, the matching, based on the authentication request, a corresponding authorization policy for the terminal to be authorized includes: analyzing the authentication request, and determining the unique identifier of the terminal to be authorized, wherein the authentication request is generated based on 802.1X; determining the equipment information corresponding to the unique identification based on the corresponding relation between the unique identification and the equipment information; and determining an authorization strategy of the terminal to be authorized according to the equipment information.
The terminal authorization method of the embodiment of the invention determines the unique identifier of the terminal to be authorized by analyzing the authentication request sent by the terminal to be authorized, determines the equipment information corresponding to the unique identifier based on the unique identifier of the terminal to be authorized, and determines the authorization strategy of the terminal to be authorized according to the equipment information. The authentication request of the terminal to be authorized is generated based on 802.1X. The method realizes the differentiation of different authorizations of the terminal type or the terminal operating system based on the 802.1X authentication mode.
With reference to the first aspect, in a second implementation manner of the first aspect, the determining the device information corresponding to the unique identifier based on the correspondence between the unique identifier and the device information includes: acquiring the corresponding relation between the unique identification and the equipment information; and inquiring the equipment information corresponding to the terminal to be authorized according to the unique identifier.
With reference to the first aspect or the first embodiment of the first aspect or the second embodiment of the first aspect, in a third embodiment of the first aspect, the method further comprises: and issuing the authorization strategy to the terminal to be authorized.
According to the terminal authorization method provided by the embodiment of the invention, the authentication server issues the authorization policy to the terminal to be authorized by acquiring the corresponding relation between the unique identifier and the equipment information and inquiring the equipment information corresponding to the terminal to be authorized based on the unique identifier, so that the issuing accuracy of the authorization policy and the matching between the authorization policy and the terminal to be authorized are ensured, and further, the information security of enterprises is ensured.
According to a second aspect, an embodiment of the present invention provides a terminal authorization method, which is used for a DHCP server, where the DHCP server is connected to a terminal to be authorized, and the terminal to be authorized is placed in a Guest VLAN, where the terminal authorization method includes: receiving a DHCP request triggered by the terminal to be authorized based on the Guest VLAN; triggering the callback of the DHCP feature information and the uniqueness identifier of the terminal to be authorized according to the DHCP request; and sending the DHCP feature information and the uniqueness identifier of the terminal to be authorized to an authentication server so that the authentication server matches an authorization strategy for the terminal to be authorized.
In the terminal authorization method of the embodiment of the invention, the DHCP server is connected with the terminal to be authorized, which is placed in the Guest VLAN, and the DHCP server receives the DHCP request triggered by the terminal to be authorized based on the Guest VLAN, triggers the callback of the DHCP characteristic information and the uniqueness identifier according to the DHCP request, and sends the DHCP characteristic information and the uniqueness identifier of the terminal to be authorized to the authentication server so that the authentication server matches an authorization strategy for the terminal to be authorized. According to the method, the terminal is placed into the Guest VLAN to trigger the DHCP request, then the relevant information of the terminal to be authorized is called back based on the DHCP request, and the terminal to be authorized is sent to the authentication server to be subjected to authorization policy matching, so that the terminal does not need to additionally install an enterprise client, and the authentication server can perform authorization policy matching according to the relevant information of the terminal to be authorized.
According to a third aspect, an embodiment of the present invention provides a terminal authorization apparatus, configured to authenticate a server, including: the acquiring module is used for acquiring DHCP characteristic information and a unique identifier corresponding to a terminal to be authorized, wherein the DHCP characteristic information corresponds to an authorization strategy issued by the authentication server to the terminal to be authorized; the analysis module is used for analyzing the DHCP feature information, determining the equipment information of the terminal to be authorized, and storing the unique identifier and the equipment information, wherein the equipment information comprises a terminal type and/or a terminal operating system; and the matching module is used for matching a corresponding authorization strategy for the terminal to be authorized based on the authentication request when the authentication request of the terminal to be authorized is received, wherein the authentication request carries the unique identifier of the terminal to be authorized.
According to the terminal authorization device provided by the embodiment of the invention, the authentication server can match the authorization strategy according to the terminal type of the terminal to be authorized or the terminal operating system, and an enterprise client does not need to be additionally installed in the terminal to be authorized, so that the burden of the enterprise operation and maintenance client is reduced.
According to a fourth aspect, an embodiment of the present invention provides a terminal authorization apparatus, configured to be used in a DHCP server, where the DHCP server is connected to a terminal to be authorized, and a Guest VLAN is embedded in the terminal to be authorized, where the terminal authorization apparatus includes: the receiving module is used for receiving a DHCP request triggered by the terminal to be authorized based on the Guest VLAN; the callback module is used for triggering the callback of the DHCP characteristic information and the unique identifier of the terminal to be authorized according to the DHCP request; and the sending module is used for sending the DHCP characteristic information and the uniqueness identifier of the terminal to be authorized to an authentication server so that the authentication server matches an authorization strategy for the terminal to be authorized.
According to the terminal authorization device provided by the embodiment of the invention, the terminal is placed in the Guest VLAN to trigger the DHCP request, and then the relevant information of the terminal to be authorized is called back based on the DHCP request and is sent to the authentication server for authorization policy matching, so that the terminal does not need to additionally install an enterprise client, and the authentication server can match the authorization policy according to the relevant information of the terminal to be authorized.
According to a fifth aspect, an embodiment of the present invention provides a terminal authorization system, including: the terminal to be authorized is placed in a Guest VLAN; a DHCP server which is in communication connection with the terminal to be authorized and is used for executing the terminal authorization method of the second aspect; and the authentication server is in communication connection with the DHCP server, and is configured to execute the terminal authorization method according to the first aspect or any implementation manner of the first aspect.
According to the terminal authorization system, the terminal is placed in the Guest VLAN to trigger the DHCP request, the relevant information of the terminal to be authorized is called back based on the DHCP request, and the information is sent to the authentication server to be matched with the authorization strategy, so that the terminal does not need to be additionally provided with an enterprise client, and the authentication server can be used for matching the authorization strategy according to the relevant information of the terminal to be authorized. The authorization system can match the authorization strategy according to the terminal type of the terminal to be authorized or the terminal operation system through the authentication server, and an enterprise client does not need to be additionally installed, so that the burden of the enterprise operation and maintenance client is reduced.
According to a sixth aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing therein computer instructions, and the processor executing the computer instructions to perform the terminal authorization method according to the first aspect or any of the embodiments of the first aspect, or to perform the terminal authorization method according to the second aspect or any of the embodiments of the second aspect.
According to a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to enable a computer to execute the terminal authorization method according to the first aspect or any of the embodiments of the first aspect, or to execute the terminal authorization method according to the second aspect or any of the embodiments of the second aspect.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of an authentication server-side terminal authorization method according to an embodiment of the present invention;
fig. 2 is another flowchart of an authentication server-side terminal authorization method according to an embodiment of the present invention;
fig. 3 is a flowchart of a DHCP server side terminal authorization method according to an embodiment of the present invention;
fig. 4 is another flowchart of a DHCP server side terminal authorization method according to an embodiment of the present invention;
fig. 5 is a flowchart of a terminal authorization method according to a preferred embodiment of the present invention;
fig. 6 is a block diagram of the structure of an authentication server side terminal authorization apparatus according to an embodiment of the present invention;
fig. 7 is a block diagram of a DHCP server-side terminal authorization apparatus according to an embodiment of the present invention;
fig. 8 is a block diagram of a terminal authorization system according to an embodiment of the present invention;
fig. 9 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Generally, for security reasons, enterprises generally choose to use 802.1x authentication technology to manage access terminals. However, in this authentication method, the terminal needs to install its own client to collect information such as the terminal type and the operating system, and authentication is performed according to different terminal types, thereby increasing the burden of the operation and maintenance client of the enterprise.
Based on this, the technical scheme of the invention is that before 802.1x authentication, the terminal is placed in a Guest VLAN to trigger a Dynamic Host Configuration Protocol (DHCP) request, so that the DHCP server sends the relevant equipment information of the terminal to the authentication server, and the authentication server matches a corresponding authorization strategy according to the relevant equipment information of the terminal. The 802.1x authentication protocol is an access control and authentication protocol based on Client/Server, which can restrict unauthorized users/devices from accessing Local Area Network (LAN)/Wireless Local Area Network (WLAN) through an access port. 802.1x authenticates users/devices connected to switch ports before obtaining various services provided by the switch or LAN. Before authentication passes, 802.1x only allows lan-based extended authentication protocol data to pass through the switch port to which the device is connected; after the authentication is passed, normal data can smoothly pass through the ethernet port.
In accordance with an embodiment of the present invention, there is provided a terminal authorization method embodiment, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
In this embodiment, a terminal authorization method is provided, which may be used in an authentication server, such as an AAA server, etc., fig. 1 is a flowchart of the terminal authorization method according to the embodiment of the present invention, as shown in fig. 1, where the flowchart includes the following steps:
s11, acquiring DHCP feature information and a unique identifier corresponding to the terminal to be authorized, wherein the DHCP feature information corresponds to an authorization policy issued by the authentication server to the terminal to be authorized.
The DHCP feature information is a DHCP fingerprint feature which is transmitted by a DHCP server calling DHCP plug-in and contains the information of the corresponding equipment of the terminal to be authorized. The authorization policy is an access right opened by the authentication server for the terminal to be authorized. Different terminals to be authorized correspond to different access authorities, DHCP feature information corresponding to the terminals to be authorized corresponds to an authorization policy issued by the authentication server, and enterprise information leakage is avoided to the greatest extent.
The unique identifier is an identifier factor representing the uniqueness of the terminal to be authorized, and the unique identifier may be an MAC address, a hard disk serial number, or a motherboard serial number, and is not specifically limited herein.
And the terminal to be authorized searches whether a DHCP server exists in the guest VLAN, and triggers a DHCP request when the DHCP server is searched, so that the DHCP server distributes corresponding configuration parameters for the terminal to be authorized after receiving the DHCP request. In the process, the DHCP server can obtain the unique identifier of the terminal to be authorized based on the DHCP request, and can generate the DHCP feature information corresponding to the terminal to be authorized, such as the Option 55. And the DHCP server sends the DHCP feature information and the unique identifier corresponding to the terminal to be authorized to the authentication server through the DHCP plugin. Accordingly, the authentication server can receive the DHCP feature information and the unique identifier corresponding to the terminal to be authorized.
S12, analyzing the DHCP characteristic information, determining the device information of the terminal to be authorized, and storing the unique identification and the device information, wherein the device information comprises the terminal type and/or the terminal operating system.
After receiving the DHCP feature information, the authentication server analyzes the DHCP feature information based on a communication protocol between the authentication server and the DHCP server to obtain device information of the terminal to be authorized, which is carried by the DHCP feature information, and specifically, after receiving the DHCP feature information, the authentication server may analyze information, such as Option55, included in the DHCP feature information, and analyze device information, such as a terminal type and/or a terminal operating system, corresponding to the terminal to be authorized.
The authentication server stores the device information and the unique identifier corresponding to the terminal to be authorized into a database or other storage spaces according to a one-to-one correspondence relationship, so that the device information of the terminal to be authorized is inquired based on the unique identifier of the terminal to be authorized in the following, and a reasonable authorization strategy is distributed for the device information.
S13, when receiving the authentication request of the terminal to be authorized, matching the terminal to be authorized with a corresponding authorization strategy based on the authentication request, wherein the authentication request carries the unique identifier of the terminal to be authorized.
When a terminal to be authorized accesses a network, an 802.1X authentication request is sent to an access device such as a switch and a router, and when the access device receives the 802.1X authentication request, RADIUS authentication is initiated to an authentication server based on the 802.1X authentication request. Correspondingly, when the authentication server receives the authentication request, the authentication server can analyze the unique identifier of the terminal to be authorized from the authentication request, call the equipment information corresponding to the unique identifier from a database or other storage spaces according to the unique identifier, and distribute a corresponding authorization strategy for the terminal to be authorized according to the equipment information.
In the terminal authorization method of the embodiment, the authentication server analyzes the DHCP feature information to determine the device information of the terminal to be authorized by acquiring the DHCP feature information and the uniqueness identifier corresponding to the terminal to be authorized, stores the uniqueness identifier and the device information, and matches a corresponding authorization policy for the terminal to be authorized based on the authentication request when receiving the authentication request of the terminal to be authorized. The DHCP characteristic information corresponds to an authorization strategy issued by the server to the terminal to be authorized, the authentication request carries a unique identifier of the terminal to be authorized, and the equipment information comprises a terminal type and/or a terminal operating system. The method can match the authorization strategy according to the terminal type of the terminal to be authorized or the terminal operating system, and does not need to additionally install the enterprise client, thereby reducing the burden of the enterprise operation and maintenance client.
In this embodiment, a terminal authorization method is provided, which may be used in an authentication server, such as an AAA server, etc., fig. 2 is a flowchart of the terminal authorization method according to the embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
s21, acquiring DHCP feature information and a unique identifier corresponding to the terminal to be authorized, wherein the DHCP feature information corresponds to an authorization policy issued by the authentication server to the terminal to be authorized. For a detailed description, refer to the related description of step S11 corresponding to the above embodiment, and are not repeated herein.
S22, analyzing the DHCP characteristic information, determining the device information of the terminal to be authorized, and storing the unique identification and the device information, wherein the device information comprises the terminal type and/or the terminal operating system. For a detailed description, refer to the related description of step S12 corresponding to the above embodiment, and are not repeated herein.
S23, when receiving the authentication request of the terminal to be authorized, matching the terminal to be authorized with a corresponding authorization strategy based on the authentication request, wherein the authentication request carries the unique identifier of the terminal to be authorized.
Specifically, the step S23 may include:
s231, the authentication request is analyzed, the unique identifier of the terminal to be authorized is determined, and the authentication request is generated based on 802.1X.
The authentication server parses the authentication request it receives based on the communication protocol between it and the access device. The authentication request is a RADIUS authentication request generated based on 802.1X. The authentication request carries a unique identifier of the terminal to be authorized, and taking the MAC address as an example, when the authentication server receives the authentication request, the authentication server can analyze the MAC address corresponding to the terminal to be authorized from the authentication request.
S232, determining the device information corresponding to the unique identifier based on the corresponding relation between the unique identifier and the device information.
The uniqueness identifier of the terminal to be authorized corresponds to the device information one by one, and the authentication server can obtain the device information of the terminal to be authorized, which corresponds to the uniqueness identifier, namely the terminal type and/or the operating system of the terminal to be authorized and the like, based on the corresponding relationship between the uniqueness identifier and the device information.
Specifically, the step S232 may include:
(1) and acquiring the corresponding relation between the unique identifier and the equipment information.
After the authentication server analyzes the unique identifier of the terminal to be authorized, the authentication server can determine the corresponding relationship between the unique identifier and the equipment information from a database or other storage spaces for storing the unique identifier and the equipment information.
(2) And inquiring the equipment information corresponding to the terminal to be authorized according to the unique identifier.
The authentication server can inquire the terminal to be authorized and the equipment information thereof corresponding to the unique identifier according to the corresponding relation between the unique identifier and the equipment information.
And S233, determining an authorization strategy of the terminal to be authorized according to the equipment information.
And the authentication server performs corresponding authorization according to the identified equipment of the terminal to be authorized, namely, the authentication server issues a corresponding authorization strategy for the terminal to be authorized.
And S24, issuing the authorization policy to the terminal to be authorized.
After the authentication server generates the authorization policy, the authentication server can send the authorization policy to the corresponding terminal to be authorized according to the unique identifier of the terminal to be authorized, and open the corresponding access right for the terminal to be authorized.
In the terminal authorization method of the embodiment, the authentication server issues the authorization policy to the terminal to be authorized by acquiring the corresponding relationship between the unique identifier and the device information and inquiring the device information corresponding to the terminal to be authorized based on the unique identifier, so that the accuracy of issuing the authorization policy and the matching between the authorization policy and the terminal to be authorized are ensured, and the information security of an enterprise is further ensured.
Optionally, when the authentication of the terminal to be authorized is successful, the method may further include:
(1) and acquiring a physical address corresponding to the terminal to be authorized.
The physical address is an IP address allocated to the terminal to be authorized by the DHCP server. Specifically, when the terminal to be authorized logs in the enterprise network for the first time, no IP address is set, and at this time, the terminal to be authorized sends DHCP discover information in a broadcast manner to search for a DHCP server in the current network; after receiving the DHCP discover information, the DHCP server in the current network makes a corresponding response, selects one from the unallocated IP address pool to allocate to the terminal to be authorized, and sends DHCP offer information including the allocated IP address and other settings to the terminal to be authorized; after receiving the DHCP offer information, the terminal to be authorized responds to a DHCP request message in a broadcast manner, wherein the DHCP request message includes the content of the DHCP server request IP address selected by the terminal; when the DHCP server receives the DHCP request information sent by the terminal to be authorized, the DHCP server sends a DHCP ack confirmation information containing the IP address provided by the terminal to be authorized and other settings to the terminal to be authorized, and informs the terminal to be authorized of using the IP address provided by the terminal to be authorized.
After the DHCP server completes the IP address allocation of the terminal to be authorized, the DHCP server can send the unique identifier corresponding to the terminal to be authorized and the allocated IP address to the authentication server through the DHCP plug-in, and accordingly the authentication server can receive the unique identifier and the IP address of the terminal to be authorized.
(2) And supplementing the physical address to the equipment information of the terminal to be authorized based on the corresponding relation between the unique identifier and the physical address.
Because the unique identifier of the terminal to be authorized and the physical address thereof are in one-to-one correspondence, taking the MAC address as an example, the MAC address of the terminal to be authorized corresponds to the IP address. After receiving the unique identifier and the physical address sent by the DHCP server, the authentication server may query a database or other storage space in which the unique identifier and the device information are stored to determine the device information corresponding to the current unique identifier, and supplement the IP address corresponding to the unique identifier information to the device information.
The terminal authorization method of the embodiment realizes different authorizations for distinguishing the terminal type or the terminal operating system based on the 802.1X authentication mode. The authentication server supplements the physical address to the equipment information of the terminal to be authorized by acquiring the physical address corresponding to the terminal to be authorized and based on the corresponding relation between the unique identifier and the physical address, so that the matching between the authorization strategy and the terminal to be authorized is further ensured.
In this embodiment, a terminal authorization method is provided, which may be used in a DHCP server, where the DHCP server is connected to a terminal to be authorized, and the terminal to be authorized is placed in a Guest VLAN, and fig. 3 is a flowchart of the terminal authorization method according to the embodiment of the present invention, as shown in fig. 3, where the flowchart includes the following steps:
and S31, receiving a DHCP request triggered by the terminal to be authorized based on the Guest VLAN.
Guest VLAN belongs to default VLAN before 802.1X authentication, and a terminal to be authorized accesses the resources in the VLAN without authentication, so that limited network resources can be accessed. If the terminal to be authorized needs to access other network resources in the enterprise network, 802.1X authentication is required.
Before the terminal to be authorized initiates 802.1X authentication, searching a DHCP server in Guest VLAN to enable the DHCP server to allocate corresponding configuration parameters for the DHCP server. The DHCP server can receive the DHCP request sent by the terminal to be authorized and respond.
And S32, triggering the DHCP feature information and the callback of the unique identifier of the terminal to be authorized according to the DHCP request.
When receiving a DHCP request sent by a terminal to be authorized, the DHCP server triggers a callback operation to acquire a unique identifier of the terminal to be authorized and DHCP feature information containing information of the terminal to be authorized, so that the identity of the terminal to be authorized can be conveniently identified by the authentication server.
S33, the DHCP feature information and the uniqueness mark of the terminal to be authorized are sent to the authentication server, so that the authentication server matches the authorization strategy for the terminal to be authorized.
The DHCP server sends the DHCP feature information corresponding to the terminal to be authorized and the unique identification of the terminal to be authorized to the authentication server through the DHCP plugin, and the authentication server can store the DHCP feature information and the unique identification of the terminal to be authorized to the database, so that identity authentication can be conveniently carried out on the terminal to be authorized subsequently, and a corresponding authorization strategy can be matched for the terminal to be authorized.
According to the terminal authorization method, the terminal is placed in the Guest VLAN to trigger the DHCP request, then the relevant information of the terminal to be authorized is called back based on the DHCP request, and the terminal is sent to the authentication server to be subjected to authorization policy matching, so that the terminal does not need to additionally install an enterprise client, and the authentication server can perform authorization policy matching according to the relevant information of the terminal to be authorized.
In this embodiment, a terminal authorization method is further provided, which can be used in a DHCP server, where the DHCP server is connected to a terminal to be authorized, and the terminal to be authorized is placed in a Guest VLAN, and fig. 4 is a flowchart of the terminal authorization method according to the embodiment of the present invention, and as shown in fig. 4, the flowchart includes the following steps:
and S41, receiving a DHCP request triggered by the terminal to be authorized based on the Guest VLAN. For a detailed description, refer to the related description of step S31 corresponding to the above embodiment, and the detailed description is omitted here.
And S42, triggering the DHCP feature information and the callback of the unique identifier of the terminal to be authorized according to the DHCP request. For a detailed description, refer to the related description of step S32 corresponding to the above embodiment, and the detailed description is omitted here.
S43, the DHCP feature information and the uniqueness mark of the terminal to be authorized are sent to the authentication server, so that the authentication server matches the authorization strategy for the terminal to be authorized. For a detailed description, refer to the related description of step S33 corresponding to the above embodiment, and the detailed description is omitted here.
And S44, triggering the callback of the physical address and the unique identifier of the terminal to be authorized according to the DHCP request.
When the DHCP server completes the physical address allocation of the terminal to be authorized and the setting of other parameters, the DHCP server can trigger the callback operation again to obtain the physical address and the unique identifier of the terminal to be authorized, and the authentication server completes the equipment information of the terminal to be authorized.
And S45, sending the physical address and the unique identifier of the terminal to be authorized to the authentication server.
The DHCP server sends the physical address and the uniqueness identifier of the terminal to be authorized to the authentication server through the DHCP plug-in, and the authentication server can perfect the physical address of the terminal to be authorized to the equipment information based on the uniqueness identifier.
In the terminal authorization method of the embodiment, the authentication server triggers the callback of the physical address and the uniqueness identifier of the terminal to be authorized according to the DHCP request, and sends the physical address and the uniqueness identifier of the terminal to be authorized to the authentication server to improve the device information of the terminal to be authorized, thereby ensuring the matching between the authorization policy and the terminal to be authorized.
In this embodiment, a specific example is used to describe a terminal authorization method, where a terminal in the method is embedded in a Guest VLAN, a DHCP server sends information related to the terminal to an authentication server through a DHCP plug-in, the authentication server is an AAA server, and the authentication server stores the received information related to the terminal in a database. As shown in fig. 5, the terminal authorization method includes:
s51, the terminal initiates DHCP DISCOVER information to search the DHCP server in Guest VLAN;
s52, the DHCP server feeds back DHCP OFFER information to the terminal;
s53, the terminal sends DHCP REQUEST information to the DHCP server;
s54, the DHCP server triggers callback operation, acquires the MAC address of the terminal and DHCP feature information such as DHCP Option55, and transmits the DHCP feature information to the DHCP plug-in;
s55, the DHCP plug-in sends the MAC address of the terminal and DHCP feature information such as DHCP Option55 and the like to the AAA server;
s56, the AAA server analyzes the terminal type of the terminal and the equipment information such as the terminal operating system from the DHCP feature information such as DHCP Option 55;
s57, the AAA server stores the device information and the MAC address into a database;
s58, the database feeds back the successful storage information to the AAA server;
s59, the DHCP server feeds back DHCP ACK information to the terminal;
s510, the DHCP server triggers the callback operation again, obtains the MAC address and the physical address of the terminal and transmits the MAC address and the physical address to the DHCP plug-in;
s511, the DHCP plug-in sends the MAC address and the physical address of the terminal to an AAA server;
s512, the AAA server queries a database according to the MAC address and supplements the physical address to corresponding equipment information;
s513, the database feeds back the successful supplement information to the AAA server;
s514, the terminal initiates an 802.1X authentication request to the access equipment;
s515, when the access device receives the 802.1X authentication request, the access device triggers a RADIUS authentication request and sends the RADIUS authentication request to the AAA server.
S516, the AAA server analyzes the MAC address from the RADIUS message and queries a database according to the MAC address;
s517, the database feeds back the terminal type corresponding to the MAC address and the equipment information such as the operating system information to the AAA server;
s518, the AAA server authenticates the terminal and matches a corresponding authorization strategy for the terminal according to the equipment information such as the terminal type, the operating system information and the like;
s519, the AAA server sends the authorization strategy and the authentication success message to the access equipment;
s520, the access device sends the authentication success message and the authorization strategy to the terminal.
In the terminal authorization method of the embodiment, the terminal does not need to install an enterprise client, the terminal can use an operating system with the client, different business authorizations are realized according to the terminal type or the terminal operating system in an 802.1X authentication mode, and the burden of the enterprise operation and maintenance client is greatly reduced.
In this embodiment, a terminal authorization apparatus is further provided, and the apparatus is used to implement the foregoing embodiments and preferred embodiments, and details of which have been already described are omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware or a combination of software and hardware is also possible and contemplated.
The present embodiment provides a terminal authorization apparatus, configured to authenticate a server, as shown in fig. 6, including:
the obtaining module 61 is configured to obtain DHCP feature information and a unique identifier corresponding to the terminal to be authorized, where the DHCP feature information corresponds to an authorization policy issued by the server to the terminal to be authorized. For a detailed description, reference is made to the corresponding related description of the above method embodiments, which is not repeated herein.
And the analyzing module 62 is configured to analyze the DHCP feature information, determine device information of the terminal to be authorized, and store the unique identifier and the device information, where the device information includes a terminal type and/or a terminal operating system. For a detailed description, reference is made to the corresponding related description of the above method embodiments, which is not repeated herein.
And the matching module 63 is configured to match a corresponding authorization policy for the terminal to be authorized based on the authentication request when the authentication request of the terminal to be authorized is received, where the authentication request carries a unique identifier of the terminal to be authorized. For a detailed description, reference is made to the corresponding related description of the above method embodiments, which is not repeated herein.
The terminal authorization apparatus in this embodiment is presented in the form of a functional unit, where the unit refers to an ASIC circuit, a processor and a memory executing one or more software or fixed programs, and/or other devices that can provide the above-described functions.
Further functional descriptions of the modules are the same as those of the corresponding embodiments, and are not repeated herein.
The present embodiment provides a terminal authorization apparatus, configured to be used in a DHCP server, where the DHCP server is connected to a terminal to be authorized, and the terminal to be authorized is placed in a Guest VLAN, as shown in fig. 7, the apparatus includes:
and the receiving module 71 is configured to receive a DHCP request triggered by the terminal to be authorized based on the Guest VLAN. For a detailed description, reference is made to the corresponding related description of the above method embodiments, which is not repeated herein.
And the callback module 72 is configured to trigger a callback of the DHCP feature information and the unique identifier of the terminal to be authorized according to the DHCP request. For a detailed description, reference is made to the corresponding related description of the above method embodiments, which is not repeated herein.
And the sending module 73 is configured to send the DHCP feature information and the unique identifier of the terminal to be authorized to the authentication server, so that the authentication server matches an authorization policy for the terminal to be authorized. For a detailed description, reference is made to the corresponding related description of the above method embodiments, which is not repeated herein.
The terminal authorization apparatus in this embodiment is presented in the form of a functional unit, where the unit refers to an ASIC circuit, a processor and a memory executing one or more software or fixed programs, and/or other devices that can provide the above-described functions.
Further functional descriptions of the modules are the same as those of the corresponding embodiments, and are not repeated herein.
The embodiment of the present invention further provides a terminal authorization system, as shown in fig. 8, the terminal authorization system includes a terminal 81 to be authorized, a DHCP server 82, and an authentication server 83.
The terminal 81 to be authorized is placed in a Guest VLAN, the DHCP server 82 is in communication connection with the terminal 81 to be authorized to receive a DHCP request triggered by the terminal 81 to be authorized based on the Guest VLAN, and the DHCP feature information and the unique identifier of the terminal 81 to be authorized are triggered to be recalled according to the DHCP request, and sent to the authentication server 83, so that the authentication server 83 matches an authorization policy for the terminal 81 to be authorized. For a detailed description, reference is made to the related description of the above embodiments, which are not repeated herein.
The authentication server 83 is in communication connection with the DHCP server 82 to obtain DHCP feature information and a uniqueness identifier corresponding to the terminal to be authorized, analyze the DHCP feature information, determine device information of the terminal to be authorized, store the uniqueness identifier and the device information, and when receiving an authentication request of the terminal to be authorized, match a corresponding authorization policy for the terminal to be authorized based on the authentication request. For the descriptions of the above steps and further descriptions, refer to the corresponding descriptions of the above embodiments, which are not repeated herein.
In the terminal authorization system of the embodiment, the terminal is placed in the Guest VLAN to trigger the DHCP request, and then the relevant information of the terminal to be authorized is called back based on the DHCP request and is sent to the authentication server for authorization policy matching, so that the terminal does not need to additionally install an enterprise client, and the authentication server can match the authorization policy according to the relevant information of the terminal to be authorized. The authorization system can match the authorization strategy according to the terminal type of the terminal to be authorized or the terminal operation system through the authentication server, and an enterprise client does not need to be additionally installed, so that the burden of the enterprise operation and maintenance client is reduced.
An embodiment of the present invention further provides an electronic device, which may be a DHCP server or an authentication server, and has the terminal authorization apparatus shown in fig. 6 or fig. 7.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an electronic device according to an alternative embodiment of the present invention, and as shown in fig. 9, the electronic device may include: at least one processor 901, such as a CPU (Central Processing Unit), at least one communication interface 903, memory 904, at least one communication bus 902. Wherein a communication bus 902 is used to enable connective communication between these components. The communication interface 903 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 903 may also include a standard wired interface and a standard wireless interface. The Memory 904 may be a high-speed RAM (Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 904 may optionally be at least one storage device located remotely from the processor 901. Wherein the processor 901 may be in connection with the apparatus described in fig. 6 or fig. 7, the memory 904 stores an application program, and the processor 901 calls the program code stored in the memory 904 for performing any of the above method steps.
The communication bus 902 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus 902 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 9, but this does not indicate only one bus or one type of bus.
The memory 904 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 804 may also comprise a combination of the above types of memory.
The processor 901 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of CPU and NP.
The processor 901 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 904 is also used to store program instructions. The processor 901 may call program instructions to implement the terminal authorization method as shown in the embodiments of fig. 1 to 5 of the present application.
The embodiment of the invention also provides a non-transitory computer storage medium, wherein the computer storage medium stores computer executable instructions which can execute the processing method of the terminal authorization method in any method embodiment. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (10)
1. A terminal authorization method for an authentication server, comprising:
acquiring DHCP feature information and a unique identifier corresponding to a terminal to be authorized, wherein the DHCP feature information corresponds to an authorization strategy issued to the terminal to be authorized by the authentication server;
analyzing the DHCP characteristic information, determining the equipment information of the terminal to be authorized, and storing the unique identifier and the equipment information, wherein the equipment information comprises a terminal type and/or a terminal operating system;
when an authentication request of the terminal to be authorized is received, matching a corresponding authorization strategy for the terminal to be authorized based on the authentication request, wherein the authentication request carries a unique identifier of the terminal to be authorized.
2. The method according to claim 1, wherein the matching the corresponding authorization policy for the terminal to be authorized based on the authentication request comprises:
analyzing the authentication request, and determining the unique identifier of the terminal to be authorized, wherein the authentication request is generated based on 802.1X;
determining the equipment information corresponding to the unique identification based on the corresponding relation between the unique identification and the equipment information;
and determining an authorization strategy of the terminal to be authorized according to the equipment information.
3. The method according to claim 1, wherein the determining the device information corresponding to the unique identifier based on the correspondence between the unique identifier and the device information comprises:
acquiring the corresponding relation between the unique identification and the equipment information;
and inquiring the equipment information corresponding to the terminal to be authorized according to the unique identifier.
4. The method according to any one of claims 1-3, further comprising:
and issuing the authorization strategy to the terminal to be authorized.
5. A terminal authorization method is used for a DHCP server, and is characterized in that the DHCP server is connected with a terminal to be authorized, the terminal to be authorized is placed in a Guest VLAN, and the terminal authorization method comprises the following steps:
receiving a DHCP request triggered by the terminal to be authorized based on the Guest VLAN;
triggering the callback of the DHCP feature information and the uniqueness identifier of the terminal to be authorized according to the DHCP request;
and sending the DHCP feature information and the uniqueness identifier of the terminal to be authorized to an authentication server so that the authentication server matches an authorization strategy for the terminal to be authorized.
6. A terminal authorization apparatus for authenticating a server, comprising:
the acquisition module is used for acquiring DHCP characteristic information and a unique identifier corresponding to a terminal to be authorized, wherein the DHCP characteristic information corresponds to an authorization strategy issued by the server to the terminal to be authorized;
the analysis module is used for analyzing the DHCP feature information, determining the equipment information of the terminal to be authorized, and storing the unique identifier and the equipment information, wherein the equipment information comprises a terminal type and/or a terminal operating system;
and the matching module is used for matching a corresponding authorization strategy for the terminal to be authorized based on the authentication request when the authentication request of the terminal to be authorized is received, wherein the authentication request carries the unique identifier of the terminal to be authorized.
7. The utility model provides a terminal authorization device for DHCP server, its characterized in that, DHCP server is connected with the terminal of treating the authorization, treat that the authorization terminal is put into Guest VLAN, terminal authorization device includes:
the receiving module is used for receiving a DHCP request triggered by the terminal to be authorized based on the Guest VLAN;
the callback module is used for triggering the callback of the DHCP characteristic information and the unique identifier of the terminal to be authorized according to the DHCP request;
and the sending module is used for sending the DHCP characteristic information and the uniqueness identifier of the terminal to be authorized to an authentication server so that the authentication server matches an authorization strategy for the terminal to be authorized.
8. A terminal authorization system, comprising:
the terminal to be authorized is placed in a Guest VLAN;
a DHCP server, which is connected with the terminal to be authorized in a communication way and is used for executing the terminal authorization method of claim 5;
an authentication server communicatively connected to the DHCP server, the authentication server being configured to perform the terminal authorization method according to any one of claims 1 to 4.
9. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the terminal authorization method according to any one of claims 1 to 4, or to perform the terminal authorization method according to claim 5.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions for causing a computer to execute the terminal authorization method of any one of claims 1 to 4, or to execute the terminal authorization method of claim 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111121057.3A CN114050910A (en) | 2021-09-24 | 2021-09-24 | Terminal authorization method, device, system, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111121057.3A CN114050910A (en) | 2021-09-24 | 2021-09-24 | Terminal authorization method, device, system, equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114050910A true CN114050910A (en) | 2022-02-15 |
Family
ID=80205130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111121057.3A Withdrawn CN114050910A (en) | 2021-09-24 | 2021-09-24 | Terminal authorization method, device, system, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114050910A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760279A (en) * | 2022-03-10 | 2022-07-15 | 深圳市联洲国际技术有限公司 | Method for identifying device type, server and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227481A (en) * | 2008-02-02 | 2008-07-23 | 中兴通讯股份有限公司 | Apparatus and method of IP access based on DHCP protocol |
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
| US20150237003A1 (en) * | 2014-02-18 | 2015-08-20 | Benu Networks, Inc. | Computerized techniques for network address assignment |
| CN105847223A (en) * | 2015-01-15 | 2016-08-10 | 杭州华三通信技术有限公司 | Authentication method and device of terminal device |
| CN112822160A (en) * | 2020-12-29 | 2021-05-18 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
-
2021
- 2021-09-24 CN CN202111121057.3A patent/CN114050910A/en not_active Withdrawn
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227481A (en) * | 2008-02-02 | 2008-07-23 | 中兴通讯股份有限公司 | Apparatus and method of IP access based on DHCP protocol |
| CN103354550A (en) * | 2013-07-03 | 2013-10-16 | 杭州华三通信技术有限公司 | Authorization control method and device based on terminal information |
| US20150237003A1 (en) * | 2014-02-18 | 2015-08-20 | Benu Networks, Inc. | Computerized techniques for network address assignment |
| CN105847223A (en) * | 2015-01-15 | 2016-08-10 | 杭州华三通信技术有限公司 | Authentication method and device of terminal device |
| CN112822160A (en) * | 2020-12-29 | 2021-05-18 | 新华三技术有限公司 | Equipment identification method, device, equipment and machine-readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760279A (en) * | 2022-03-10 | 2022-07-15 | 深圳市联洲国际技术有限公司 | Method for identifying device type, server and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110851274B (en) | Resource access control method, device, equipment and storage medium | |
| US8122485B2 (en) | Authentication techniques | |
| CN112822160B (en) | Equipment identification method, device, equipment and machine-readable storage medium | |
| DK2924944T3 (en) | Presence authentication | |
| CN110971569A (en) | Network access authority management method and device and computing equipment | |
| CN107872445B (en) | Access authentication method, device and authentication system | |
| DE112020000948T5 (en) | SERVER-BASED SETUP FOR CONNECTING A DEVICE TO A LOCAL NETWORK | |
| CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| CN109302397B (en) | Network security management method, platform and computer readable storage medium | |
| CN110968848A (en) | User-based authority management method and device and computing equipment | |
| CN105050086A (en) | Method for terminal to log in Wifi hotspot | |
| CN107294910B (en) | Login method and server | |
| CN113872990B (en) | VPN network certificate authentication method and device based on SSL protocol and computer equipment | |
| CN114050910A (en) | Terminal authorization method, device, system, equipment and readable storage medium | |
| CN109756899B (en) | Network connection method, device, computer equipment and storage medium | |
| CN105959251B (en) | method and device for preventing NAT from traversing authentication | |
| CN113901428A (en) | Login method and device of multi-tenant system | |
| CN113784354A (en) | Request conversion method and device based on gateway | |
| CN106572077A (en) | Portal authentication method and device | |
| CN111193709A (en) | Network security protection method, management and control terminal, gateway terminal and equipment | |
| CN105915565B (en) | Authentication method, device and system | |
| CN116662938B (en) | Authorization method, application running method and device based on container cluster management system | |
| CN115694843B (en) | Camera access management method, system, device and medium for avoiding counterfeiting | |
| JP2003198625A (en) | Information processing apparatus and method for controlling accessing | |
| CN112887982B (en) | Intelligent authority management method, system, terminal and storage medium based on network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220215 |
|
| WW01 | Invention patent application withdrawn after publication |