CN114301774B - Device configuration method, system, device, electronic device and storage medium - Google Patents
Device configuration method, system, device, electronic device and storage medium Download PDFInfo
- Publication number
- CN114301774B CN114301774B CN202111652395.XA CN202111652395A CN114301774B CN 114301774 B CN114301774 B CN 114301774B CN 202111652395 A CN202111652395 A CN 202111652395A CN 114301774 B CN114301774 B CN 114301774B
- Authority
- CN
- China
- Prior art keywords
- configuration information
- information
- encryption
- equipment
- url link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 106
- 230000008569 process Effects 0.000 claims abstract description 53
- 238000012795 verification Methods 0.000 claims description 47
- 230000001960 triggered effect Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 7
- 230000006835 compression Effects 0.000 claims description 6
- 238000007906 compression Methods 0.000 claims description 6
- 230000001172 regenerating effect Effects 0.000 claims 2
- 238000004891 communication Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 8
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Abstract
The application provides a device configuration method, a system, a device, electronic equipment and a storage medium, and relates to the technical field of security. According to the method, the encryption configuration information is obtained through the equipment to be configured, the equipment to be configured obtains the encryption configuration information, the equipment to be configured decrypts the encryption configuration information and verifies whether the configuration information is tampered according to the hash result, and when the configuration information is not tampered, the configuration process is executed, so that the problems that the equipment to be configured is threatened by safety and the like caused by tampering of the configuration information can be avoided, and the safety of the configuration process is ensured.
Description
Technical Field
The present application relates to the field of security technologies, and in particular, to a device configuration method, a system, an apparatus, an electronic device, and a storage medium.
Background
In the large environment of the information age, network technology is rapidly evolving and has affected various industries. The huge network scale and the complex structure thereof also lead the complexity of the connecting equipment to be higher and higher, and the improvement of the complexity directly promotes the requirements of large-batch configuration, online and maintenance of the connecting equipment.
The traditional method generally adopts manual field configuration, equipment is directly configured in the configuration process, and if the obtained configuration information is illegally tampered, a large security threat can be caused to the equipment, so that the safety of the configuration process is lower by adopting the manual configuration mode.
Disclosure of Invention
An objective of the embodiments of the present application is to provide a device configuration method, system, device, electronic device, and storage medium, so as to improve the problem of low security caused by the configuration method in the prior art.
In a first aspect, an embodiment of the present application provides a device configuration method, applied to a device to be configured, where the method includes:
receiving encryption configuration information, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
decrypting the encrypted configuration information to obtain current configuration information and the initial hash result;
performing hash operation on the current configuration information to obtain a target hash result;
and executing a configuration process according to the current configuration information when the target hash result is the same as the initial hash result.
In the implementation process, since the device to be configured obtains the encrypted configuration information, the device to be configured decrypts the encrypted configuration information and verifies whether the configuration information is tampered according to the hash result, and when the configuration information is not tampered, the configuration process is executed, so that the problem that the device to be configured is threatened by security and the like due to the fact that the configuration information is tampered can be avoided, and the security of the configuration process is ensured.
Optionally, the configuration information is information obtained by compressing the original configuration information by adopting a compression algorithm. After the original configuration information is compressed, more configuration information is ensured to be transmitted once, and the transmission efficiency is improved.
Optionally, the receiving encryption configuration information includes:
and receiving encryption configuration information from a user terminal, wherein the user terminal is used for transmitting the encryption configuration information to the equipment to be configured through an interface provided by the equipment to be configured when a URL link is triggered, and the URL link is generated by a management server based on the encryption configuration information of the equipment to be configured.
In the implementation process, the encrypted configuration information is injected into the equipment to be configured through the URL link, so that configuration can be realized by clicking the URL link, the configuration flow is simplified, and the configuration efficiency is improved.
Optionally, the encryption configuration information further includes device information, the decrypting the encryption configuration information to obtain current configuration information and the initial hash result, including:
decrypting the encryption configuration information to obtain equipment information;
judging whether the equipment information contains the equipment information of the equipment to be configured or not;
if yes, the current configuration information and the initial hash result are obtained.
In the implementation process, the equipment information is verified to ensure that the encryption configuration information received by the equipment to be configured is the configuration information of the application, so that the problem of error configuration is avoided.
In a second aspect, an embodiment of the present application provides a device configuration method, applied to a user terminal, where the method includes:
receiving encryption configuration information of equipment to be configured, which is issued by a management server, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the encryption configuration information is sent to the equipment to be configured, wherein the equipment to be configured is used for decrypting the encryption configuration information, and current configuration information and the initial hash result are obtained; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; and if the configuration information is the same, executing a configuration process according to the current configuration information.
In the implementation process, the user terminal receives the encryption configuration information issued by the management server, so that the configuration of the equipment to be configured can be realized through the user terminal, the remote configuration of the equipment to be configured can be realized, and the configuration cost is reduced. And the management server encrypts the configuration information and the initial hash result so that the device to be configured verifies the configuration information to ensure the security of the configuration process.
Optionally, the sending the encryption configuration information to each device to be configured includes:
receiving device information of the device to be configured from the management server;
carrying out identity verification on the equipment information of the equipment to be configured;
and after the verification is passed, the encryption configuration information is sent to the equipment to be configured.
In the implementation process, the user terminal is used for verifying the equipment information, so that the equipment to be configured can be ensured to be continuously configured after the identity information of the equipment to be configured passes the verification, and the safety of the configuration process is further ensured.
Optionally, the encryption configuration information is sent to the user terminal by the management server in a URL link manner, and the sending the encryption configuration information to each device to be configured includes:
Displaying a login interface when the URL link is detected to be triggered, wherein the login interface is displayed with a user information input window;
receiving user information and carrying out identity verification on the user information;
and after passing the verification, sending the encryption configuration information to an interface provided by the equipment to be configured through an HTTP request.
In the implementation process, the user information is verified to ensure that the user clicking the URL link is a legal user, so that the safety of the configuration process is ensured.
In a third aspect, an embodiment of the present application provides an apparatus configuration system, where the system includes a management server, a user terminal, and an apparatus to be configured;
the management server is used for sending the encryption configuration information of the equipment to be configured to the user terminal, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the user terminal is used for sending the encryption configuration information to the equipment to be configured;
the device to be configured is configured to decrypt the encrypted configuration information and obtain current configuration information and the initial hash result from the decrypted configuration information; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; and if the configuration information is the same, executing a configuration process according to the current configuration information.
In a fourth aspect, an embodiment of the present application provides a device configuration apparatus, running on a device to be configured, where the apparatus includes:
the information receiving module is used for receiving encryption configuration information, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the information decryption module is used for decrypting the encrypted configuration information and obtaining current configuration information and the initial hash result;
the hash operation module is used for carrying out hash operation on the current configuration information to obtain a target hash result;
and the configuration module is used for executing a configuration process according to the current configuration information when the target hash result is the same as the initial hash result.
In a fifth aspect, an embodiment of the present application provides an apparatus configured to operate in a user terminal, where the apparatus includes:
the receiving module is used for receiving encryption configuration information of equipment to be configured, which is issued by the management server, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the information sending module is used for sending the encryption configuration information to the equipment to be configured, wherein the equipment to be configured is used for decrypting the encryption configuration information and obtaining current configuration information and the initial hash result; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; and if the configuration information is the same, executing a configuration process according to the current configuration information.
In a sixth aspect, embodiments of the present application provide an electronic device comprising a processor and a memory storing computer readable instructions which, when executed by the processor, perform the steps of the method as provided in the first or second aspects above.
In a seventh aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method as provided in the first or second aspects above.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a device configuration method provided in an embodiment of the present application;
fig. 2 is an interaction flow chart of a device configuration method provided in an embodiment of the present application;
FIG. 3 is a flowchart of another device configuration method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a device configuration system according to an embodiment of the present application;
fig. 5 is a block diagram of a device configuration apparatus according to an embodiment of the present application;
FIG. 6 is a block diagram of another device configuration apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device for executing a device configuration method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be noted that the terms "system" and "network" in embodiments of the present invention may be used interchangeably. "plurality" means two or more, and "plurality" may also be understood as "at least two" in this embodiment of the present invention. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/", unless otherwise specified, generally indicates that the associated object is an "or" relationship.
The embodiment of the application provides a device configuration method, which is applied to a device to be configured, the device to be configured receives encryption configuration information, then decrypts the encryption configuration information, obtains current configuration information and an initial hash result from the encryption configuration information, carries out hash operation on the current configuration information to obtain a target hash result, and executes a configuration process according to the current configuration information when the target hash result is identical to the initial hash result. Moreover, the equipment to be configured receives the encryption configuration information to execute the automatic configuration process, so that manual configuration can be omitted, and the efficiency is higher.
Referring to fig. 1, fig. 1 is a flowchart of a device configuration method provided in an embodiment of the present application, where the method is applied to a device to be configured, and includes the following steps:
step S110: encryption configuration information is received.
In this embodiment of the present application, there may be multiple devices to be configured, where the devices to be configured may be devices such as a gateway, a router, a switch, etc., and of course, may also be devices that need to perform information configuration. In order to improve the configuration efficiency, a plurality of devices to be configured can be configured at the same time, each device to be configured can receive the encryption configuration information, if the devices to be configured are configured identically, the encryption configuration information received by each device to be configured is identical, and if the devices to be configured are configured differently, the encryption configuration information received by each device to be configured is different.
In order to ensure the security of the configuration process, the encrypted configuration information is information obtained by encrypting an initial hash result of the configuration information and the configuration information, and the encrypted configuration information may be an initial hash result obtained by hashing the configuration information by a management server in the device configuration system, and then encrypting the initial hash result and the configuration information. As shown in fig. 2, the management server firstly obtains configuration information required to configure a plurality of devices to be configured, where the configuration information may be input by a configurator in the management server, and if the configuration information of each device to be configured is different, the management server may generate a corresponding initial hash result by adopting a corresponding hash Algorithm for the configuration information of each device to be configured, where the hash Algorithm may be, for example, message-Digest Algorithm 5 (md5), secure hash Algorithm 1 (Secure Hash Algorithm, sha-1), and the like. Of course, if the configuration information of the plurality of devices to be configured is the same, one initial hash result may be generated. If a plurality of initial hash results exist, each initial hash result and the corresponding configuration information can be encrypted by adopting a corresponding encryption algorithm to obtain encrypted configuration information, and certainly, in order to distinguish the configuration information of each device to be configured, each initial hash result and the corresponding configuration information can be encrypted to obtain a plurality of encrypted configuration information when being encrypted, and then the device information and the corresponding encrypted configuration information are bound and then sent to the user terminal.
If there is only one initial hash result, the initial hash result and the configuration information can be encrypted to obtain encrypted configuration information. The encryption algorithm used for obtaining the encryption configuration information can be digital signature, symmetric encryption, asymmetric encryption and other algorithms.
The configuration information may include configuration information such as an IP address of the management server, a communication port, a communication link of the device to be configured, a device name, a device IP address, an initial configuration (e.g., wireless local area network (Wireless Local Area Network, WLAN) configuration, LAN configuration, routing configuration), etc.
After obtaining the encryption configuration information, the management server may send the encryption configuration information to the user terminal in the device configuration system, and because of remote configuration, the management server and the devices to be configured are not located in one place, the user terminal may receive the encryption configuration information, and then the user terminal sends the encryption configuration information to each device to be configured. It will be appreciated that, for ease of configuration, the user terminal is located in the same local area network as each device to be configured, e.g. the user terminal and each device to be configured are located in the same WiFi network, so that the user terminal can communicate with each device to be configured, and then the user terminal sends the encrypted configuration information to each device to be configured.
If a plurality of pieces of encryption configuration information exist, the user terminal can identify the equipment information, then send the encryption configuration information corresponding to the equipment information to the corresponding equipment to be configured, and if only one piece of encryption configuration information exists, then send the encryption configuration information to each piece of equipment to be configured, so that the equipment of the plurality of pieces of equipment to be configured can be remotely configured, configuration personnel are not required to go to the site for configuration, the cost is saved, and the configuration efficiency is improved.
Step S120: decrypting the encrypted configuration information to obtain the current configuration information and the initial hash result.
After each device to be configured receives the encryption configuration information, the encryption configuration information can be decrypted by adopting a corresponding decryption algorithm, and the current configuration information and the initial hash result can be obtained from the decryption algorithm.
Step S130: and carrying out hash operation on the current configuration information to obtain a target hash result.
In order to judge whether the configuration information is tampered maliciously, hash operation is needed to be carried out on the current configuration information to obtain a target hash result, if the MD5 value of the current configuration information is obtained, if the configuration information is not tampered, the target hash result is the same as the initial hash result, and if the configuration information is tampered, the calculated target hash result is different from the initial hash result. Therefore, by calculating the hash result, whether the encrypted configuration information is intercepted and then the configuration information in the encrypted configuration information is maliciously tampered in the process that the management server sends the encrypted configuration information to the user terminal can be effectively judged.
Step S140: and when the target hash result is the same as the initial hash result, executing a configuration process according to the current configuration information.
When the target hash result is the same as the initial hash result, the configuration information is not tampered, and at the moment, each device to be configured can execute the configuration process according to the current configuration information, for example, the device to be configured can complete the initialization configuration of the basic service according to the current configuration information and can register with the management server, for example, a registration request is sent to the management server, and the management server processes and verifies the registration request of the device to be configured so as to realize the online of the device to be configured, so that the device to be configured can be managed by the management server.
In the implementation process, since the device to be configured obtains the encrypted configuration information, the device to be configured decrypts the encrypted configuration information and verifies whether the configuration information is tampered according to the hash result, and when the configuration information is not tampered, the configuration process is executed, so that the problem that the device to be configured is threatened by security and the like due to the fact that the configuration information is tampered can be avoided, and the security of the configuration process is ensured.
On the basis of the above embodiment, when a large number of devices to be configured need to be configured uniformly, in order to enable more configuration information to be transmitted at one time, the configuration information may be information obtained by compressing original configuration information by adopting a compression algorithm. If the original configuration information includes configuration information such as an IP address, a communication port, a communication link of the device to be configured, a device name, a device IP address, an initial configuration (such as WLAN configuration, LAN configuration, and routing configuration) of the management server, the original configuration information may be input into the management server by a configurator, and when the configuration information is relatively large, the management server cannot transmit all the configuration information to the user terminal at one time, so in order to improve transmission efficiency, the management server may compress the original configuration information into the configuration information by adopting a compression algorithm, and then perform hash operation on the configuration information to obtain an initial hash result.
The compression algorithm may be, for example, a deflate algorithm, differential encoding, huffman encoding, etc.
After decrypting the encrypted configuration information to obtain the current configuration information, the device to be configured can decompress the current configuration information, calculate the corresponding hash result, and then compare the hash results.
On the basis of the above embodiment, in order to simplify the deployment process, after generating the encrypted configuration information, the management server may generate a uniform resource locator (Uniform Resource Locator, URL) link based on the encrypted configuration information of the device to be configured, that is, send the encrypted configuration information to the user terminal in a URL link manner, and if there are multiple encrypted configuration information, generate one URL link from the multiple encrypted configuration information and send the one URL link to the user terminal.
The management server may send the encrypted configuration information to the user terminal through a short message, a mail, instant messaging software, and the like, for example, send URL links to the user terminal through these modes, and the administrator may click on the URL links on the user terminal, where the URL links are triggered, so that the user terminal transfers the encrypted configuration information to the device to be configured through an interface provided by the device to be configured (as shown in fig. 2).
The principle that the user terminal injects the encryption configuration information into the equipment to be configured by clicking the URL link is as follows: the device to be configured provides a service interface supporting processing of hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) requests by which URL parameters (i.e. encrypted configuration information) are passed to the service interface of the device to be configured when the user clicks on the URL link.
The interface on the equipment to be configured can be a Web browsing port, after the user clicks the URL link, the user terminal can pop up a Web page, and the encryption configuration information can be sent to the equipment to be configured through the Web page.
It can be understood that, when the encryption configuration information of each device to be configured is different, the user terminal may send the corresponding encryption configuration information to each device to be configured according to the device information.
In the implementation process, the encrypted configuration information is injected into the equipment to be configured through the URL link, so that configuration can be realized by clicking the URL link, the configuration flow is simplified, and the configuration efficiency is improved.
On the basis of the above embodiment, in order to ensure configuration security, the identity information of the administrator can be verified, for example, when the user terminal detects that the URL link is triggered, the login interface is displayed with a user information input window, the window is used for prompting the administrator to input information, the administrator can input corresponding user information, such as information of a login account, a password and the like, through the user information input window, after receiving the user information, the user terminal can perform identity verification on the user information, for example, whether the login account and the password are correct or not is judged, if the login account and the password are correct, verification is passed, otherwise, if the login account and the password are incorrect, verification is not passed. After the verification is passed, the encryption configuration information is sent to interfaces provided by the devices to be configured through HTTP requests.
When the user terminal sends the encryption configuration information to the equipment to be configured, the identity information of the manager can be verified first, so that the manager with authority can be ensured to operate the configuration process of the equipment to be configured.
On the basis of the above embodiment, in order to ensure accurate configuration, the management server may send the encrypted configuration information to the user terminal, and at the same time, may also carry the device information in the encrypted configuration information, that is, the encrypted configuration information further includes the device information, and the management server may encrypt the initial hash result, the device information, and the configuration information together to generate the encrypted configuration information. After obtaining the encryption configuration information, the user terminal sends the encryption configuration information to the equipment to be configured, the equipment to be configured decrypts the encryption configuration information, then obtains the equipment information from the equipment to be configured, the equipment to be configured can judge whether the equipment information of the equipment to be configured contains the equipment information of the equipment to be configured, if so, the encryption configuration information is correct, and the current configuration information and the initial hash result are obtained from the equipment to be configured.
The device information may be a device identifier of the device to be configured (e.g., an electronic serial number (Electronic Serial Number, ESN) of the device), the device to be configured may compare the obtained device identifier with its own device identifier, and if the comparison is consistent, the encryption configuration information is considered to be sent to its own device, so that a subsequent flow may be performed. If the comparison is inconsistent, the encryption configuration information is considered not to be sent to the user terminal, the subsequent process can be omitted, corresponding prompt information can be returned to the user terminal at the moment so as to prompt the user terminal that the encryption configuration information received by the user terminal is wrong, and after the user terminal receives the prompt information, a corresponding configuration result can be returned to the management server so as to inform the management server that the encryption configuration information is wrong.
In other embodiments, the management server may also send the device information to the user terminal in plaintext, where the user terminal may first perform identity verification on the device information of the device to be configured, and after the verification is passed, send the encrypted configuration information to the device to be configured.
If the administrator can add the equipment to be configured and the user terminal into the same network, the equipment to be configured can send own equipment information to the user terminal, the user terminal compares the equipment information of the equipment to be configured with the equipment information received from the management server after obtaining the equipment information of the equipment to be configured, and if the equipment information is consistent with the equipment information, the encryption configuration information is sent to the equipment to be configured.
Of course, the user terminal may also send the device information received from the management server to the device to be configured, where the device to be configured may verify the device information again, if the verification is passed, the device to be configured continues the subsequent flow, if the verification is not passed, the device to be configured returns the corresponding prompt information to the user terminal.
Or the management server may also send the client name, the device information and the encryption configuration information of the user terminal to the user terminal in the form of a short message, and the user terminal may verify the client name first, for example, if the client name is the client name of the user terminal itself, if so, send the device information and the encryption configuration information to the device to be configured, and then verify the device information by the device to be configured.
In other embodiments, the user terminal may send the device information to the external verification device, the external verification device verifies the device information, and returns a corresponding verification result after the external verification device verifies the device information, if the verification result is passed, the user terminal sends the encrypted configuration information to the device to be configured, and if the verification result is not passed, the user terminal does not send the encrypted configuration information to the device to be configured. The external verification device is a security device, and the stored information is high in security and not easy to change, so that the external verification device verifies the device information, and the security is high.
On the basis of the above embodiment, if the encrypted configuration information is sent to the user terminal by the management server in the URL link manner, the management server may also detect whether the URL link is triggered, for example, the management server may determine whether the URL link is triggered by detecting whether an HTTP request is received, or the user terminal may return a corresponding trigger result to the management server, for example, if the user terminal does not detect that the administrator triggers the URL link after a preset period of time, return a prompt message to the management server to prompt the management server that the URL link is not triggered, and after receiving the prompt message, the management server may send the URL link to the user terminal again.
Or after receiving the prompt information, the management server can regenerate a new URL link and send the new URL link to the user terminal, and the encryption algorithm used in the new URL link is the new encryption algorithm, namely the new encryption algorithm is used in the new URL link to generate the encryption configuration information. At this time, the device to be configured can update the decryption algorithm synchronously. For example, the management server may obtain the encryption key from the third party device, the device to be configured may obtain the decryption key from the third party device, and the management server and the device to be configured may update the keys synchronously.
After the new URL link is used, the device to be configured can decrypt the encrypted configuration information only by acquiring the encrypted configuration information from the new URL link, and even if an administrator clicks the old URL link, the device to be configured cannot decrypt the old URL link because the key is updated at the moment, so that the configuration safety can be ensured.
The third party device may be an external verification device, that is, the encryption key and the decryption key may be stored in the external verification device, and when the device to be configured decrypts the encrypted configuration information, the corresponding decryption key may be obtained from the external verification device, and then the encrypted configuration information is decrypted by using the decryption key. Thus, when the management server generates a new URL link, a new encryption key can be obtained from the external verification device, and at this time, the external verification device can synchronously update the decryption key corresponding to the encryption key to the device to be configured.
In order to ensure the identity of the external verification device, the identity information of the external verification device can be verified first, if the device to be configured can acquire the identity information of the external verification device, then the identity information of the external verification device is verified, after the verification is passed, a corresponding decryption key is acquired from the external verification device, and when the verification is failed, the identity of the external verification device is considered to be problematic and unreliable, and at the moment, the corresponding decryption key can not be acquired.
Or the URL link sent to the user terminal by the management server is configured with the expiration time, the URL link automatically expires after the expiration time arrives, and then if the administrator clicks the URL link again, the encrypted configuration information cannot be sent to the equipment to be configured. At this time, after the URL link fails, the user terminal may request the management server to issue the URL link again, and the encryption algorithm adopted by the encryption configuration information in the issued URL link may not be updated or may be updated.
In addition, in order to avoid the problem of repeated sending of the encryption configuration information caused by repeated clicking on the URL link, the number of clicks may be configured for the URL link, for example, 1 or 2 clicks at most, and if the number of clicks is detected after the number of clicks is used up, the user terminal may not respond.
Referring to fig. 3, fig. 3 is a flowchart of another device configuration method provided in an embodiment of the present application, where the method is applied to a user terminal, and includes the following steps:
step S210: and receiving encryption configuration information of the equipment to be configured, which is issued by the management server.
The encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information.
Step S220: and sending the encryption configuration information to the device to be configured.
The device to be configured is used for decrypting the encrypted configuration information, and obtaining current configuration information and the initial hash result from the encrypted configuration information; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; and if the configuration information is the same, executing a configuration process according to the current configuration information.
In the implementation process, the user terminal receives the encryption configuration information issued by the management server, so that the configuration of the equipment to be configured can be realized through the user terminal, the remote configuration of the equipment to be configured can be realized, and the configuration cost is reduced. And the management server encrypts the configuration information and the initial hash result so that the device to be configured verifies the configuration information to ensure the security of the configuration process.
Optionally, the sending the encryption configuration information to each device to be configured includes:
receiving device information of the device to be configured from the management server;
carrying out identity verification on the equipment information of the equipment to be configured;
and after the verification is passed, the encryption configuration information is sent to the equipment to be configured.
In the implementation process, the user terminal is used for verifying the equipment information, so that the equipment to be configured can be ensured to be continuously configured after the identity information of the equipment to be configured passes the verification, and the safety of the configuration process is further ensured.
Optionally, the encryption configuration information is sent to the user terminal by the management server in a URL link manner, and the sending the encryption configuration information to each device to be configured includes:
displaying a login interface when the URL link is detected to be triggered, wherein the login interface is displayed with a user information input window;
receiving user information and carrying out identity verification on the user information;
and after passing the verification, sending the encryption configuration information to an interface provided by the equipment to be configured through an HTTP request.
In the implementation process, the user information is verified to ensure that the user clicking the URL link is a legal user, so that the safety of the configuration process is ensured.
It should be noted that, for convenience and brevity of description, reference may be made to the corresponding procedure in the foregoing method embodiment for the specific working procedure of this embodiment, which will not be repeated here.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a device configuration system 300 according to an embodiment of the present application, where the system 300 includes a management server 310, a user terminal 320, and a device 330 to be configured;
the management server 310 is configured to send, to the user terminal 320, encryption configuration information of the device to be configured 330, where the encryption configuration information is information that encrypts an initial hash result of the configuration information and the configuration information;
the user terminal 320 is configured to send the encryption configuration information to the device to be configured 330;
the device to be configured 330 is configured to decrypt the encrypted configuration information, and obtain current configuration information and the initial hash result from the decrypted configuration information; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; and if the configuration information is the same, executing a configuration process according to the current configuration information.
Referring to fig. 5, fig. 5 is a block diagram of a device configuration apparatus 400 according to an embodiment of the present application, where the apparatus 400 may be a module, a program segment, or a code on a device to be configured. It should be understood that the apparatus 400 corresponds to the above embodiment of the method of fig. 1, and is capable of executing the steps involved in the embodiment of the method of fig. 1, and specific functions of the apparatus 400 may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy.
Optionally, the apparatus 400 includes:
an information receiving module 410, configured to receive encryption configuration information, where the encryption configuration information is information that encrypts an initial hash result of the configuration information and the configuration information;
an information decryption module 420, configured to decrypt the encrypted configuration information, and obtain current configuration information and the initial hash result from the decrypted configuration information;
the hash operation module 430 is configured to perform hash operation on the current configuration information to obtain a target hash result;
and a configuration module 440, configured to execute a configuration procedure according to the current configuration information when the target hash result is the same as the initial hash result.
Optionally, the configuration information is information obtained by compressing the original configuration information by adopting a compression algorithm.
Optionally, the information receiving module 410 is configured to receive encryption configuration information from a user terminal, where the user terminal is configured to transmit the encryption configuration information to the device to be configured through an interface provided by the device to be configured when a URL link is triggered, and the URL link is generated by a management server based on the encryption configuration information of the device to be configured.
Optionally, the encryption configuration information further includes device information, and the information decryption module 420 is configured to decrypt the encryption configuration information and obtain the device information therefrom; judging whether the equipment information contains the equipment information of the equipment to be configured or not; if yes, the current configuration information and the initial hash result are obtained.
Referring to fig. 6, fig. 6 is a block diagram illustrating another device configuration apparatus 500 according to an embodiment of the present application, where the apparatus 500 may be a module, a program segment, or a code on a user terminal. It should be understood that the apparatus 500 corresponds to the above embodiment of the method of fig. 3, and is capable of executing the steps involved in the embodiment of the method of fig. 3, and specific functions of the apparatus 500 may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy.
Optionally, the apparatus 500 includes:
a receiving module 510, configured to receive encryption configuration information of a device to be configured issued by a management server, where the encryption configuration information is information that encrypts an initial hash result of the configuration information and the configuration information;
the information sending module 520 is configured to send the encrypted configuration information to the device to be configured, where the device to be configured is configured to decrypt the encrypted configuration information, and obtain current configuration information and the initial hash result from the decrypted configuration information; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; and if the configuration information is the same, executing a configuration process according to the current configuration information.
Optionally, the information sending module 520 is configured to receive, from the management server, device information of the device to be configured; carrying out identity verification on the equipment information of the equipment to be configured; and after the verification is passed, the encryption configuration information is sent to the equipment to be configured.
Optionally, the encryption configuration information is sent to the user terminal by the management server in a URL link manner, and the information sending module 520 is configured to display a login interface when detecting that the URL link is triggered, where the login interface displays a user information input window; receiving user information and carrying out identity verification on the user information; and after passing the verification, sending the encryption configuration information to an interface provided by the equipment to be configured through an HTTP request.
It should be noted that, for convenience and brevity, a person skilled in the art will clearly understand that, for the specific working procedure of the system and apparatus described above, reference may be made to the corresponding procedure in the foregoing method embodiment, and the description will not be repeated here.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device for executing a device configuration method according to an embodiment of the present application, where the electronic device may be a device to be configured or a user terminal, which may include: at least one processor 610, such as a CPU, at least one communication interface 620, at least one memory 630, and at least one communication bus 640. Wherein communication bus 640 is used to enable direct connection communications for these components. The communication interface 620 of the device in the embodiment of the present application is used for performing signaling or data communication with other node devices. The memory 630 may be a high-speed RAM memory or a nonvolatile memory (non-volatile memory), such as at least one disk memory. Memory 630 may also optionally be at least one storage device located remotely from the aforementioned processor. The memory 630 has stored therein computer readable instructions which, when executed by the processor 610, perform the method processes described above in fig. 1 or 3.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative, and that the electronic device may also include more or fewer components than those shown in fig. 7, or have a different configuration than that shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method process performed by an electronic device in an embodiment of a method as shown in fig. 1 or fig. 3.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example, comprising: receiving encryption configuration information, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information; decrypting the encrypted configuration information to obtain current configuration information and the initial hash result; performing hash operation on the current configuration information to obtain a target hash result; and executing a configuration process according to the current configuration information when the target hash result is the same as the initial hash result.
In summary, the embodiments of the present application provide a device configuration method, a system, an apparatus, an electronic device, and a storage medium, where encrypted configuration information is obtained by a device to be configured, and since the device to be configured obtains the encrypted configuration information, the device to be configured decrypts the encrypted configuration information and verifies whether the configuration information is tampered according to a hash result, and when the configuration information is not tampered, a configuration process is performed, so that the problem that the device to be configured is compromised by security threat caused by tampering of the configuration information can be avoided, and security of the configuration process is ensured.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The foregoing is merely exemplary embodiments of the present application and is not intended to limit the scope of the present application, and various modifications and variations may be suggested to one skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
Claims (11)
1. A device configuration method, applied to a device to be configured, the method comprising:
receiving encryption configuration information, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
decrypting the encrypted configuration information to obtain current configuration information and the initial hash result;
performing hash operation on the current configuration information to obtain a target hash result;
when the target hash result is the same as the initial hash result, executing a configuration process according to the current configuration information;
wherein the receiving encryption configuration information includes:
receiving encryption configuration information from a user terminal, wherein the user terminal is used for transmitting the encryption configuration information to equipment to be configured through an interface provided by the equipment to be configured when a URL link is triggered, and the URL link is generated by a management server based on the encryption configuration information of the equipment to be configured;
the user terminal is further configured to send a prompt message to the management server if the URL link is not detected to be triggered after a preset period of time, where the management server is configured to regenerate a new URL link and send the new URL link to the user terminal after receiving the prompt message, and the encryption configuration information corresponding to the new URL link is generated by using a new encryption algorithm; the decrypting the encrypted configuration information includes:
And decrypting the encryption configuration information by adopting a decryption algorithm corresponding to the new encryption algorithm.
2. The method of claim 1, wherein the configuration information is information obtained by compressing original configuration information using a compression algorithm.
3. The method of claim 1, wherein the encrypted configuration information further comprises device information, wherein the decrypting the encrypted configuration information to obtain current configuration information and the initial hash result therefrom comprises:
decrypting the encryption configuration information to obtain equipment information;
judging whether the equipment information contains the equipment information of the equipment to be configured or not;
if yes, the current configuration information and the initial hash result are obtained.
4. A device configuration method, applied to a user terminal, the method comprising:
receiving encryption configuration information of equipment to be configured, which is issued by a management server, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the encryption configuration information is sent to the equipment to be configured, wherein the equipment to be configured is used for decrypting the encryption configuration information, and current configuration information and the initial hash result are obtained; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; if the configuration information is the same, executing a configuration process according to the current configuration information;
The sending the encryption configuration information to the device to be configured includes:
when a URL link is triggered, transmitting the encryption configuration information to the equipment to be configured through an interface provided by the equipment to be configured, wherein the URL link is generated by a management server based on the encryption configuration information of the equipment to be configured;
the method further comprises the steps of:
if the URL link is not detected to be triggered after the preset time length, sending prompt information to the management server, wherein the management server is used for regenerating a new URL link and sending the new URL link to the user terminal after receiving the prompt information, and the corresponding encryption configuration information in the new URL link is generated by adopting a new encryption algorithm; the equipment to be configured is used for decrypting the encryption configuration information by adopting a decryption algorithm corresponding to the new encryption algorithm.
5. The method of claim 4, wherein the sending the encrypted configuration information to each device to be configured comprises:
receiving device information of the device to be configured from the management server;
carrying out identity verification on the equipment information of the equipment to be configured;
And after the verification is passed, the encryption configuration information is sent to the equipment to be configured.
6. The method of claim 4, wherein the sending the encrypted configuration information to each device to be configured comprises:
displaying a login interface when the URL link is detected to be triggered, wherein the login interface is displayed with a user information input window;
receiving user information and carrying out identity verification on the user information;
and after passing the verification, sending the encryption configuration information to an interface provided by the equipment to be configured through an HTTP request.
7. A device configuration system, characterized in that the system comprises a management server, a user terminal and a device to be configured;
the management server is used for sending the encryption configuration information of the equipment to be configured to the user terminal, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the user terminal is used for sending the encryption configuration information to the equipment to be configured;
the device to be configured is configured to decrypt the encrypted configuration information and obtain current configuration information and the initial hash result from the decrypted configuration information; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; if the configuration information is the same, executing a configuration process according to the current configuration information;
The user terminal is further configured to transmit the encrypted configuration information to the device to be configured through an interface provided by the device to be configured when a URL link is triggered, where the URL link is generated by the management server based on the encrypted configuration information of the device to be configured;
the user terminal is further configured to send a prompt message to the management server if the URL link is not detected to be triggered after a preset duration;
the management server is further configured to regenerate a new URL link after receiving the prompt message, and send the new URL link to the user terminal, where the encryption configuration information corresponding to the new URL link is generated by using a new encryption algorithm;
the device to be configured is further configured to decrypt the encrypted configuration information by adopting a decryption algorithm corresponding to the new encryption algorithm.
8. A device configuration apparatus operable on a device to be configured, the apparatus comprising:
the information receiving module is used for receiving encryption configuration information, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the information decryption module is used for decrypting the encrypted configuration information and obtaining current configuration information and the initial hash result;
The hash operation module is used for carrying out hash operation on the current configuration information to obtain a target hash result;
the configuration module is used for executing a configuration process according to the current configuration information when the target hash result is the same as the initial hash result;
the information receiving module is specifically configured to receive encryption configuration information from a user terminal, where the user terminal is configured to transmit the encryption configuration information to the device to be configured through an interface provided by the device to be configured when a URL link is triggered, and the URL link is generated by a management server based on the encryption configuration information of the device to be configured;
the user terminal is further configured to send a prompt message to the management server if the URL link is not detected to be triggered after a preset period of time, where the management server is configured to regenerate a new URL link and send the new URL link to the user terminal after receiving the prompt message, and the encryption configuration information corresponding to the new URL link is generated by using a new encryption algorithm;
the information decryption module is specifically configured to decrypt the encrypted configuration information by using a decryption algorithm corresponding to the new encryption algorithm.
9. A device configuration apparatus, operable in a user terminal, the apparatus comprising:
the receiving module is used for receiving encryption configuration information of equipment to be configured, which is issued by the management server, wherein the encryption configuration information is information for encrypting an initial hash result of the configuration information and the configuration information;
the information sending module is used for sending the encryption configuration information to the equipment to be configured, wherein the equipment to be configured is used for decrypting the encryption configuration information and obtaining current configuration information and the initial hash result; performing hash operation on the current configuration information to obtain a target hash result; judging whether the target hash result is identical to the initial hash result; if the configuration information is the same, executing a configuration process according to the current configuration information;
the information sending module is specifically configured to transmit the encrypted configuration information to the equipment to be configured through an interface provided by the equipment to be configured when a URL link is triggered, wherein the URL link is generated by a management server based on the encrypted configuration information of the equipment to be configured;
the apparatus further comprises:
the prompt information sending module is used for sending prompt information to the management server if the URL link is not detected to be triggered after the preset time length, the management server is used for regenerating a new URL link and sending the new URL link to the user terminal after receiving the prompt information, and the encryption configuration information corresponding to the new URL link is generated by adopting a new encryption algorithm; the equipment to be configured is used for decrypting the encryption configuration information by adopting a decryption algorithm corresponding to the new encryption algorithm.
10. An electronic device comprising a processor and a memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-6.
11. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, performs the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652395.XA CN114301774B (en) | 2021-12-30 | 2021-12-30 | Device configuration method, system, device, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652395.XA CN114301774B (en) | 2021-12-30 | 2021-12-30 | Device configuration method, system, device, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301774A CN114301774A (en) | 2022-04-08 |
| CN114301774B true CN114301774B (en) | 2024-03-12 |
Family
ID=80973814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111652395.XA Active CN114301774B (en) | 2021-12-30 | 2021-12-30 | Device configuration method, system, device, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301774B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| CN110378104A (en) * | 2018-04-16 | 2019-10-25 | 北京升鑫网络科技有限公司 | A method of upgrading is anti-to distort |
| CN110519309A (en) * | 2019-10-15 | 2019-11-29 | 中国建设银行股份有限公司 | Data transmission method, device, terminal, server and storage medium |
| CN112866193A (en) * | 2020-12-30 | 2021-05-28 | 北京天融信网络安全技术有限公司 | Equipment deployment method, device, equipment and storage medium |
-
2021
- 2021-12-30 CN CN202111652395.XA patent/CN114301774B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| CN110378104A (en) * | 2018-04-16 | 2019-10-25 | 北京升鑫网络科技有限公司 | A method of upgrading is anti-to distort |
| CN110519309A (en) * | 2019-10-15 | 2019-11-29 | 中国建设银行股份有限公司 | Data transmission method, device, terminal, server and storage medium |
| CN112866193A (en) * | 2020-12-30 | 2021-05-28 | 北京天融信网络安全技术有限公司 | Equipment deployment method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301774A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109639661B (en) | Server certificate updating method, device, equipment and computer readable storage medium | |
| TW201706900A (en) | Method and device for authentication using dynamic passwords | |
| JP2018519706A (en) | Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point | |
| CN111447276B (en) | Encryption continuous transmission method with key agreement function | |
| CN108667601B (en) | Method, device and equipment for transmitting data | |
| CN109040070B (en) | File transmission method, device and computer readable storage medium | |
| US11303453B2 (en) | Method for securing communication without management of states | |
| CN104660605A (en) | Multi-factor identity authentication method and system | |
| CN111130798B (en) | Request authentication method and related equipment | |
| CN103297429A (en) | Embedded upgrading file transmission method | |
| CN110213247B (en) | Method and system for improving safety of pushed information | |
| CN112738117A (en) | Data transmission method, device and system, storage medium and electronic device | |
| KR20150135032A (en) | System and method for updating secret key using physical unclonable function | |
| CN111460410A (en) | Server login method, device and system and computer readable storage medium | |
| CN111147247B (en) | Key updating method, device, computer equipment and storage medium | |
| CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
| CN114301774B (en) | Device configuration method, system, device, electronic device and storage medium | |
| CN113992387B (en) | Resource management method, device, system, electronic equipment and readable storage medium | |
| CN114745115A (en) | Information transmission method and device, computer equipment and storage medium | |
| CN110505089B (en) | Internet of things equipment management method and system | |
| CN211557285U (en) | Control terminal, signature server and task server | |
| CN108540498B (en) | Method and system for issuing security policy version in financial payment | |
| CN111083164A (en) | Safety protection method of industrial control system and related equipment | |
| WO2019200690A1 (en) | Data protection method, server and computer readable storage medium | |
| CN110855628A (en) | Data transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |