CN102333119A - Remote access authorization and authentication method and device - Google Patents
Remote access authorization and authentication method and device Download PDFInfo
- Publication number
- CN102333119A CN102333119A CN201110298106A CN201110298106A CN102333119A CN 102333119 A CN102333119 A CN 102333119A CN 201110298106 A CN201110298106 A CN 201110298106A CN 201110298106 A CN201110298106 A CN 201110298106A CN 102333119 A CN102333119 A CN 102333119A
- Authority
- CN
- China
- Prior art keywords
- remote access
- home network
- information
- agency
- movable equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Selective Calling Equipment (AREA)
Abstract
The invention discloses a remote access authorization and authentication method. The method comprises the following steps: a remote access agent obtains the needed information that an access authorization and authentication server authorizes a removable device to remotely access a home network A; the remote access agent initiates a remote access request to the home network A according to the obtained information; and the access authorization and authentication server in the home network A authenticates the remote access request from the remote access agent. By adopting the technical scheme, during the remote access process, the removable device does not need to manually input an address or domain name, a user login name, a login password and other information needed for home network login, and the removable device does not need to manually clear away the login information after completion of remote access to the home network, thus greatly simplifying operation procedures when a user remotely accesses the home network.
Description
The application is to application number 200610061964.2, and the applying date is on August 1st, 2006, and name is called dividing an application that the application documents of " a kind of method of remote access authorization and identification and system thereof " do
Technical field
The present invention relates to technical field of domestic networks, specifically, relate to home network is carried out remote access technology.
Background technology
The universalness of in consumer electronics product, using along with the digitlization and the digital information technology of consumer electronics product; Digital home network connects into the household internal local area network (LAN) with digitized consumer electronics product with wired or wireless mode; Share to realize that the Internet inserts, or realize easily function such as control each other.
Insert the home network of the Internet through home gateway; Can realize Long-distance Control; Make the user can be in family's network-external, long-range understanding and the inner equipment of control home network, for example: air-conditioning is opened in remote control in advance on the road of coming off duty; Understand in office how much food in the refrigerator also remains in the family, check ruuning situation of home security system or the like.
The process that realizes Long-distance Control in the prior art scheme mainly comprises the steps:
1, the user is through the mode of IP addressing of address or domain name addressing, signs in to the main control device-home gateway of family from Internet, and the user need import the data of landing such as username and password in this process.
2, home gateway calling related application programs; Read the present state information of the inner various device of home network through certain medium; The processing of being correlated with produces interface data (for example can collect the information of each equipment through UPnPUniversal Plug and Play general plug-and-play protocol).
3, then; Home gateway sends these interface data to user through Internet; The user can see the state information of various device in the own home like this, and can control these equipment through the button that the inner equipment of the various and home network on the click browser page is associated.
Can find out that from above-mentioned description the scheme of existing telemanagement exists following not enough to the prior art scheme:
The information such as username and password that the user needs manually input to land the required address of home network or domain-name information and land in remote access process; And; The user is after completion is carried out remote access to home network; Need the logon information of oneself be removed, usurp these information to prevent other users, these operations will be made troubles to the Long-distance Control of home network to the user.
Summary of the invention
The object of the present invention is to provide a kind of method and system thereof of remote access authorization and identification, the problem of complex operation when solving the long-range remote access home network of user in the prior art.
For realizing above-mentioned purpose, the present invention adopts following technical scheme:
A kind of method of remote access authorization and identification, described method comprises the steps:
Initiate remote access request to described home network A after the required information of the described home network A of remote access that a, remote access agency obtains according to the movable equipment from home network A;
Access authorization among b, the described home network A and certificate server carry out authentication to described remote access agency's remote access request.
Wherein also comprise before the step a:
Access authorization and the certificate server request remote access mandate of movable equipment among a0, the described home network A in described home network A; Described access authorization and the described movable equipment of certificate server mandate can the described home network A of remote access, and the required information of described remote access home network A is sent to movable equipment A.
The required information of wherein said remote access home network A specifically comprise the remote access interface of home network A the address, visit the authentication information of needed port numbers, visit needed agreement and authentication needs.
The authentication information that wherein said authentication needs is authentication code or digital signature or device id.
The required information of wherein said remote access home network A also comprises: one or more in time limits three category information of the permission type of granted access, the equipment of granted access or resource and granted access.
Wherein step a specifically comprises:
A1, described remote access are acted on behalf of to the required information of described movable equipment request described remote access home network A, and described movable equipment returns the required information of remote access home network A to described remote access agency;
A2, described remote access agency according to the described home network A of described remote access the required remote access interface request of information in described home network A carry out remote access.
Wherein step a1 specifically comprises:
Described remote access agency is to the required information of described movable equipment request described remote access home network A, and described movable equipment selectively returns the required information of remote access home network A to described remote access agency according to prefabricated strategy or user's operation.
Wherein step b specifically comprises:
Access authorization among b1, the described home network A and certificate server require described remote access agency that the authentication information of remote access authentication is provided after receiving the remote access request that its remote access interface transmits;
The authentication information that b2, described remote access are acted on behalf of in the information that described remote access home network A is required sends to described access authorization and certificate server, and described access authorization and certificate server carry out authentication according to described authentication information.
Wherein said remote access interface is the home gateway among the home network A.
The invention also discloses a kind of system of remote access authorization and identification, described system comprises remote access agency, home network A and movable equipment wherein and access authorization and certificate server, wherein:
Movable equipment among the described home network A is used in described home network A access authorization and certificate server request remote access mandate and obtain the required information of the described home network A of remote access;
Described remote access agency is used for asking remote access according to the required described movable equipment of information agency of the described home network A of said remote access that obtains from described movable equipment to described home network A.
Wherein said remote access agency belongs to home network B, and the equipment that is used for acting on behalf of among the described home network B is initiated the remote access request to described home network A.
The present invention overcomes the deficiency of prior art; Employing is obtained home network is carried out remote access mandate and carries out the required information of remote access by movable equipment; And will carry out the remote access information needed and send remote access agency to; The remote access agency initiates the remote access to home network according to the information of obtaining; Home network carries out the technical scheme of authentication to remote access agency's remote access, makes the information such as username and password that movable equipment does not need manually input to land the required address of home network or domain-name information and land in remote access process, and movable equipment accomplish home network carried out remote access after; Do not need manually to remove the logon information of oneself, thus the operation when having simplified user's remote access home network greatly.
Description of drawings
Fig. 1 is an embodiment of the invention system diagram;
Fig. 2 is an embodiment of the invention flow chart;
Embodiment
Basic principle of the present invention is at first access authorization in home network and certificate server request remote access mandate of movable equipment; Visit can be carried out remote access with certificate server mandate movable equipment; And the information that needs that remote access is required is sent on the movable equipment; Movable equipment sends to the remote access agency with the needed information of remote access; Initiate the remote access request to home network by the remote access agency then, access authorization and certificate server carry out authentication to remote access agency's access request, and whether decision continues remote access flow process according to authenticating result.
Be elaborated below in conjunction with accompanying drawing and specific embodiment.
The system diagram of the embodiment of the invention is as shown in Figure 1, and wherein, movable equipment A belongs to home network A, and the remote access agency is independent of movable equipment A, is deployed among the home network B.
The inner equipment of home network A shown in Fig. 1 and B comprises movable equipment, PC, intelligent appliance or the like; Family's bearer network can adopt various networking technologys; For example wired networking: HomePNA (Home Phoneline Networking Alliance HPNA Home Phoneline Networking Alliance) technology, PLC (communication of Power Line Communications circuitry lines) technology, IEEE1394, Ethernet etc., wireless networking: WLAN (Wireless LAN WLAN) technology, UWB (Ultra WideBand ultra broadband) technology.
Access authorization among the home network A and certificate server are used for authorizing the access rights of designated equipment to home network A, and the equipment of having authorized is carried out authentication, guarantee to have only the equipment of having authorized could visit home network inner equipment and resource.Specifically, can use various access authorizations and authentication techniques, for example UPnP safe access control technology, digital signature authorization and identification technology, based on access authorization and authentication techniques or the device id access authorization and the authentication techniques of authentication code.
Access authorization and certificate server can be a self-existent equipment in concrete realization, also can be positioned at home network A and go up on other equipment, such as being positioned on the home gateway A.
Remote access agency of the present invention can be to be deployed on the movable equipment; Also can be deployed in the remote household network (home network B); When remote access agency department is deployed among the home network B; After the remote access agency obtained the needed address of remote access information such as (perhaps domain names) and the needed information of authentication, according to the situation of access authorization and certificate server mandate, the equipment among the home network B also can carry out remote access to home network A.
Access agent function after authentication process when remote access agency is used for realizing that home network A carried out remote access and authentication are passed through; The inner equipment of movable equipment A or home network B is acted on behalf of through remote access, according to the mandate of access authorization and certificate server among the home network A equipment among the home network A and resource is conducted interviews.
Home gateway A and home gateway B realize the function of remote access interface, insert for the equipment in the home network separately provides Internet, also are the remote access home network function that provides access.
Concrete realization flow is as shown in Figure 2, in Fig. 2, has omitted Internet and family's bearer network, because these two parts all are simple transparent transmission contents.
Wherein, Movable equipment A belongs to home network A; And in family's network A, be authorized to can remote access home network A, and afterwards, movable equipment A moves to home network B temporarily; Allowed to be linked into home network B by interim mandate of home network B; The remote access information that provides through movable equipment A of remote access among home network B agency is accomplished remote access authentication and agency to home network A then, the equipment among the home network B can conditional visit home network A like this equipment and resource.
Specifically comprise following step:
1. movable equipment A is linked into home network A.
2. movable equipment A request access authorization and certificate server carry out the remote access mandate
Access authorization and certificate server in the movable equipment A request home network A carry out the remote access mandate to it, through the facility information of oneself is issued the authorization and identification server, ask to authorize can the remote access home network authority.
From the angle of easy expansion, the request message that movable equipment A sends can use such form:
The visit time limit that the equipment of the authorization type of device id+request+request granted access or resource+request is authorized
Specifically can be like this:
Xxx_223344+ " remote access "+" PC "+" 1 hour "
3. access authorization and certificate server mandate movable equipment A can remote access home network A
Access authorization and certificate server are according to prefabricated strategy or through user's operation; Authorize the movable equipment A can remote access home network A, access authorization simultaneously and certificate server be sent to the needed address of remote access information such as (perhaps domain names) and the needed information of authentication on the movable equipment A.The authentication information that access authorization and certificate server provide can comprise multiple effective authentication information, and every kind of authentication information can comprise different remote access authorities, can also comprise the visit time limit of this authentication information.
Access authorization and certificate server send to the angle of the information of movable equipment A from easy expansion, can use such form:
Equipment or the visit time limit of resource+mandate of access rights type+granted access that is used for the authentication code+mandate of remote access domain name+device id+remote authentication
In concrete implementation process, concrete message can be following:
Authorization messages 1:
Www.myhome.sz.com+xxx_2223344+1234567+ " remote access "+" PC "+5 minute
Authorization messages 2:
Www.myhome.sz.com+xxx_2223344+7684234+ " remote access "+" all devices "+2010 are before 10, on July
In step 3, if access authorization and certificate server refusal authorisation device A remote access home network A, then flow process finishes.
4. movable equipment A moves to home network B, is linked into home network B temporarily.
5. the agency of the remote access among the home network B is to the needed information of movable equipment A request remote access home network A
It provides remote access home network A needed information the movable equipment A request of remote access among home network B agency in being linked into home network B, required authentication information etc. when specifically comprising port numbers, the needed agreement of visit and the authentication of IP address or domain name addresses, the visit of home gateway A.
Before this step, the relation that can also break the wall of mistrust earlier between movable equipment A and the home network B remote access agency specifically can be accomplished this process through prior art such as UPnP security protocol, can further improve fail safe like this.The relation if both can't break the wall of mistrust, then flow process leaves it at that.
6. the remote access agency of movable equipment A in home network B returns the needed information of remote access home network A of its request
Movable equipment A can be according to prefabricated strategy or through user's operation; Appropriate information is returned to the remote access agency among the home network B, required authentication information the etc. when information of returning comprises port numbers, the needed agreement of visit and the authentication of IP address or domain name addresses, the visit of home gateway A.
Movable equipment A can select appropriate information to return according to prefabricated strategy or through user's operation, and is general such as trusting degree, then returns
Authorization messages 1:
Www.myhome.sz.com+xxx_2223344+1234567+ " remote access "+" PC "+5 minute
If trusting degree is high, then return
Authorization messages 2:
Www.myhome.sz.com+xxx_2223344+7684234+ " remote access "+" all devices "+2010 are before 10, on July
If movable equipment A refusal returns remote access and acts on behalf of institute's information requested, then flow process finishes.
7. the agency of the remote access among the home network B is according to the information that obtains in the step 6, and the home gateway A in home network A asks to carry out remote access
Remote access agency among the home network B is according to the information that obtains in the step 6; Home gateway A request carrying out remote access in home network A; Can also comprise the device id of authorisation device (movable equipment A) in the access request message of sending, with further raising fail safe.
8. the home gateway A among the home network A is transmitted to access authorization and certificate server among the home network A with the remote access request of receiving.
9. access authorization among the home network A and certificate server judge whether to carry out authentication
Access authorization among the home network A and certificate server are according to prefabricated strategy; Remote access request to receiving is judged and (can be used device id to carry out authentication if require low intensive security strategy; Such as according to the device id of mentioning in the step 7 that is included in the movable equipment A in the remote access; Can use mode such as authentication code to carry out authentication if require high-intensity security strategy), whether decision sends the message that requires to carry out authentication.
If adopt the mode of authentication code authentication to carry out authentication, then change step 10.
If the device id information according in the remote access request is carried out authentication, then change step 15.
10. access authorization among the home network A and certificate server send the message that requires to carry out authentication to its home gateway.
11. the home gateway A among the home network A gives the agency of the remote access among the home network B with the forwards that requires to carry out authentication.
12. the home gateway of information in home network A that the agency of the remote access among the home network B obtains according to step 6 sent out A and sent the authentication information that is used for remote access home network A.
The home gateway A of remote access agency in home network A among the home network B sends the authentication information of remote access home network A, and the message of transmission comprises the authentication code of remote authentication, can also comprise the device id of authorisation device (movable equipment A).
13. the home gateway among the home network A is transmitted to access authorization and authentication proxy among the home network A with the authentication information of receiving.
Whether 14. access authorization among the home network A and certificate server carry out authentication according to the remote authentication information of receiving, it is legal to see.
15. if authentication is passed through, access authorization among the home network A and certificate server are through the home gateway A among the management interface notice home network A.
16. seeing authentication off, access authorization among the home network A and certificate server pass through information.
17. the information that home gateway A passes through authentication among the home network A is transmitted to home network B remote access agency.
After the remote access authentication was passed through, the equipment among the home network B can be realized the visit to equipment and resource among the home network A through the remote access agency, can use prior art, realizes like U PnP.
In access process; If the effective time limit in the authentication information that the remote access agency provides arrives; The access authorization server will point out home network B remote access agency that new effective authentication information is provided among the home network A; If remote access the agency can provide new effective authentication information, then remote access can continue, otherwise remote access will be rejected.
In concrete implementation process, except authentication modes such as above-mentioned device id, authentication code, can also use authentication modes such as digital certificate signature authentication.
Higher if desired fail safe; Be preferably in movable equipment A and go up the function that realizes the remote access agency; Like this in the process of whole authentication; Movable equipment A and the mutual information of remote access agency no longer appear on the home network B, and the equipment on the home network B also can't obtain and keep the authentication information on the movable equipment A.
Claims (15)
1. the method for a remote access authorization and identification is characterized in that, described method comprises the steps:
The remote access agency obtains the required information of movable equipment remote access home network A;
Said remote access agency initiates remote access request according to the information of obtaining to said home network A, so that access authorization among the said home network A and certificate server carry out authentication to described remote access agency's remote access request;
Wherein, said information is the required information of the said home network A of the said movable equipment remote access of said access authorization and certificate server mandate.
2. method according to claim 1; It is characterized in that, the required information of described remote access home network A specifically comprise the remote access interface of home network A the address, visit the authentication information of needed port numbers, visit needed agreement and authentication needs.
3. method according to claim 2 is characterized in that, the authentication information that described authentication needs is authentication code or digital signature or device id.
4. method according to claim 2; It is characterized in that the required information of described remote access home network A also comprises: one or more in time limits three category information of the permission type of granted access, the equipment of granted access or resource and granted access.
5. method according to claim 1 is characterized in that, the step that said remote access agency obtains the required information of movable equipment remote access home network A specifically comprises:
Described remote access agency is to the required information of described movable equipment request described remote access home network A, and described movable equipment returns the required information of remote access home network A to described remote access agency.
6. method according to claim 5; It is characterized in that; Described remote access agency is to the required information of described movable equipment request described remote access home network A, and described movable equipment specifically comprises to the step that described remote access agency returns the required information of remote access home network A:
Described remote access agency is to the required information of described movable equipment request described remote access home network A, and described movable equipment selectively returns the required information of remote access home network A to described remote access agency according to prefabricated strategy or user's operation.
7. method according to claim 1 is characterized in that, said remote access agency specifically comprises to the step that said home network A initiates remote access request according to the information of obtaining:
Described remote access agency according to the described home network A of described remote access the required remote access interface request of information in described home network A carry out remote access.
8. method according to claim 7 is characterized in that, described remote access interface is the home gateway among the home network A.
9. the device of a remote access authorization and identification is characterized in that, said device comprises:
Be used to obtain the module of the required information of movable equipment remote access home network A;
Be used for initiating remote access request to said home network A, so that access authorization among the said home network A and certificate server carry out the module of authentication to described remote access agency's remote access request according to the information of obtaining;
Wherein, said information is the required information of the said home network A of the said movable equipment remote access of said access authorization and certificate server mandate.
10. device according to claim 9; It is characterized in that, the required information of described remote access home network A specifically comprise the remote access interface of home network A the address, visit the authentication information of needed port numbers, visit needed agreement and authentication needs.
11. device according to claim 10 is characterized in that, the authentication information that described authentication needs is authentication code or digital signature or device id.
12. device according to claim 10; It is characterized in that the required information of described remote access home network A also comprises: one or more in time limits three category information of the permission type of granted access, the equipment of granted access or resource and granted access.
13. device according to claim 9 is characterized in that, the described module that is used to obtain the required information of movable equipment remote access home network A specifically comprises:
Be used for the required information to described movable equipment request described remote access home network A, described movable equipment returns the module of the required information of remote access home network A to described remote access agency.
14. device according to claim 13; It is characterized in that; Describedly be used for the required information to described movable equipment request described remote access home network A, described movable equipment specifically comprises to the module that described remote access agency returns the required information of remote access home network A:
Be used for the required information to described movable equipment request described remote access home network A, described movable equipment selectively returns the module of the required information of remote access home network A to described remote access agency according to prefabricated strategy or user's operation.
15. device according to claim 9 is characterized in that, said remote access agency specifically comprises to the step that said home network A initiates remote access request according to the information of obtaining:
Described remote access agency according to the described home network A of described remote access the required remote access interface request of information in described home network A carry out remote access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110298106.0A CN102333119B (en) | 2006-08-01 | 2006-08-01 | Remote access authorization and authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110298106.0A CN102333119B (en) | 2006-08-01 | 2006-08-01 | Remote access authorization and authentication method and device |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006100619642A Division CN101119195B (en) | 2006-08-01 | 2006-08-01 | Method and system for remote access authorization and identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102333119A true CN102333119A (en) | 2012-01-25 |
| CN102333119B CN102333119B (en) | 2014-03-12 |
Family
ID=45484720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110298106.0A Active CN102333119B (en) | 2006-08-01 | 2006-08-01 | Remote access authorization and authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102333119B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187409A (en) * | 2015-08-18 | 2015-12-23 | 杭州古北电子科技有限公司 | Equipment authorizing system and authorizing method thereof |
| WO2022226794A1 (en) * | 2021-04-27 | 2022-11-03 | 华为技术有限公司 | Access method, apparatus and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1331329C (en) * | 2003-09-22 | 2007-08-08 | 联想(北京)有限公司 | Method of realizing auto netting of family network environment |
-
2006
- 2006-08-01 CN CN201110298106.0A patent/CN102333119B/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187409A (en) * | 2015-08-18 | 2015-12-23 | 杭州古北电子科技有限公司 | Equipment authorizing system and authorizing method thereof |
| CN105187409B (en) * | 2015-08-18 | 2018-09-21 | 杭州古北电子科技有限公司 | A kind of device authorization system and its authorization method |
| WO2022226794A1 (en) * | 2021-04-27 | 2022-11-03 | 华为技术有限公司 | Access method, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102333119B (en) | 2014-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101119195B (en) | Method and system for remote access authorization and identification | |
| CN100456739C (en) | Remote access vpn mediation method and mediation device | |
| US7680878B2 (en) | Apparatus, method and computer software products for controlling a home terminal | |
| CN101971570B (en) | For the method and apparatus of long-range access local network | |
| EP1575230B1 (en) | Server for routing connection to client device | |
| US7856023B2 (en) | Secure virtual private network having a gateway for managing global ip address and identification of devices | |
| CN101155227B (en) | Method, system and device for providing context control in inter-person communication | |
| EP1566939A1 (en) | Media streaming home network system and method for operating the same | |
| US20060288227A1 (en) | Management of access control in wireless networks | |
| CN101212374A (en) | Method and system for remote access to campus network resources | |
| US7729365B2 (en) | Gateway for controlling electric equipment connected to LAN through WAN | |
| WO2008023934A1 (en) | Outdoor remote control system and method for home network device | |
| US20040243837A1 (en) | Process and communication equipment for encrypting e-mail traffic between mail domains of the internet | |
| CN103825901B (en) | A kind of method for network access control and equipment | |
| JP2006121533A (en) | Relay device, communication terminal, communication system | |
| CN102035703A (en) | Family wireless network and implementation method thereof | |
| CN108200039A (en) | Unaware authentication and authorization system and method based on dynamic creation temporary account password | |
| CN1922831B (en) | Method for inserting a new device in a community of devices | |
| CN105763658A (en) | Method for addressed equipment dynamic IP addressing, addressing server and system | |
| CN102333119B (en) | Remote access authorization and authentication method and device | |
| WO2006038391A1 (en) | Network apparatus and network system | |
| US20030226037A1 (en) | Authorization negotiation in multi-domain environment | |
| US20120106399A1 (en) | Identity management system | |
| CN1323526C (en) | Method for establishing service connection in wireless LAN | |
| JP2007334753A (en) | Access management system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |