CN103929482B - A kind of method and apparatus for being securely accessed by monitoring frontend - Google Patents
A kind of method and apparatus for being securely accessed by monitoring frontend Download PDFInfo
- Publication number
- CN103929482B CN103929482B CN201410151834.2A CN201410151834A CN103929482B CN 103929482 B CN103929482 B CN 103929482B CN 201410151834 A CN201410151834 A CN 201410151834A CN 103929482 B CN103929482 B CN 103929482B
- Authority
- CN
- China
- Prior art keywords
- monitoring frontend
- user
- monitoring
- sequence number
- frontend
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of method for being securely accessed by monitoring frontend, including:A, reception registered user add the message of monitoring frontend on Platform Server;B, the sequence number in the equipment Serial Number checking addition message locally preserved, if unanimously, being locally generated a new record of implementor name, sequence number and user name;C, the registration keep Alive Packet for receiving monitoring frontend;D, the record found according to the sequence number of registration keep Alive Packet, further the synchronous random number of addition, the IP address of monitoring frontend;After E, the access request of reception user, judge the implementor name whether under one's name with the equipment to be visited of the user, if it is, going to step F, otherwise refuse the access request of the user;F, its IP address is inquired in record, the access request of the user is redirected to the IP address comprising the equipment, user name, dynamic verification code in headend equipment, the access request of the redirection.The method safety of access monitoring headend equipment of the present invention is reliable.
Description
Technical field
The present invention relates to technical field of video monitoring, more particularly to a kind of method for being securely accessed by monitoring frontend and
Device.
Background technology
With the development of IP video monitoring services, monitoring on internet is such as carried using more and more to family
The security protection services such as retail shop's factory building safety management are provided for the nurse of old man's child safety, to medium-sized and small enterprises.Such video monitoring front-end
Equipment typically uses dynamic IP addressing when accessing Internet.It is well known that the access and management of dynamic IP addressing are not
It is convenient, therefore monitoring manufacturer generally provides the management service platform of monitoring frontend access on internet, so as to realize
User conveniently accesses the purpose of the monitoring frontend.But the method for active user's access monitoring headend equipment is present necessarily
Potential safety hazard, some users without access rights sometimes can also realize the access to monitoring frontend.
The content of the invention
In view of this, the present invention provides a kind of method and apparatus for being securely accessed by monitoring frontend.
This is securely accessed by the method for monitoring frontend applied on Platform Server, and this method includes:
A, reception registered user are added in the message of monitoring frontend, the message on Platform Server and are carried the monitoring
Sequence number, implementor name and the user name of the registered user of equipment;
The sequence number for the monitoring frontend that B, basis are locally preserved verifies the sequence number in the message, if unanimously,
Then it is locally generated a new record of the user name of implementor name, sequence number and the registered user of the monitoring frontend;
The sequence of monitoring frontend is carried in C, the registration keep Alive Packet for receiving monitoring frontend, the registration keep Alive Packet
Row number, synchronous random number;
D, the record found according to the sequence number of registration keep Alive Packet, further addition is synchronous random in the record
The IP address of number, the monitoring frontend obtained from IP;
After E, reception user are to the access request of monitoring frontend, whether judge the user has this to be visited under one's name
Monitoring frontend implementor name, if it is, going to step F, otherwise refuses the access request of the user.
F, its IP address is inquired in the record of the monitoring frontend, the access request of the user is redirected to institute
State the IP address comprising the monitoring frontend in monitoring frontend, the access request of the redirection, access before the monitoring
Role name, the dynamic verification code of end equipment user, so that monitoring frontend is received after the access request according to the dynamic authentication
Code is confirmed whether to perform corresponding monitoring business;Wherein described dynamic verification code according to Platform Server current record it is synchronous with
Machine number, current time, the role name generation of access monitoring frontend user.
Correspondingly, the present invention also provides a kind of method applied to monitoring frontend, including:
A, registration keep Alive Packet is sent to Platform Server, the sequence of the monitoring frontend is carried in the registration keep Alive Packet
Row number, synchronous random number;
B, monitoring frontend are received after the redirection access request of Platform Server transmission, according to the last time transmission
Keep Alive Packet in the synchronous random number, current time and the role name for accessing monitoring frontend user that carry, use
Dynamic verification code is calculated with Platform Server identical algorithm, if calculating obtained dynamic verification code and redirection access
Dynamic verification code in request is consistent, then performs corresponding monitoring business.
Based on same design, the present invention also provides a kind of device for being securely accessed by monitoring frontend, and the device should
For Platform Server, the device includes:Equipment add module, the report of monitoring frontend is added for receiving registered user
The user name of sequence number, implementor name and the registered user of the monitoring device are carried in text, the message;And according to local
The sequence number of preservation verifies the sequence number of the monitoring frontend in the message, if unanimously, being locally generated the monitoring
The implementor name of headend equipment, sequence number, a new record of registered user's user name;Device information update module, for receiving
Carrying monitoring frontend sequence number, synchronization are random in the registration of monitoring frontend, keep Alive Packet, the registration, keep Alive Packet
Number;And the sequence number in registration keep Alive Packet finds the record of the monitoring frontend, in the record further
The synchronous random number of addition, IP address;Access control module, after receiving user to the access request of monitoring frontend, sentences
The monitoring frontend whether under one's name with the implementor name of the disconnected user, if it is, in the record of the monitoring frontend
Its IP address is inquired, the access request of the user monitoring frontend is redirected to, the access of the redirection please
IP address comprising the monitoring frontend, the role name for accessing monitoring frontend user, dynamic verification code in asking, so that
Monitoring frontend is received after the access request to be confirmed whether to perform corresponding monitoring business according to the dynamic verification code;Wherein institute
Dynamic verification code is stated according to the synchronous random number of Platform Server current record, current time, the access front monitoring front-end
The role name generation of equipment user.
A kind of device for being securely accessed by monitoring frontend, the device is applied on monitoring frontend, including:Registration
Keep-alive module, the monitoring frontend is carried for being sent to Platform Server in registration keep Alive Packet, the registration keep Alive Packet
Sequence number, synchronous random number;After access control module, the redirection access request for receiving Platform Server transmission, root
According to the last time send keep Alive Packet in carry synchronous random number, the current time and access the monitoring frontend use
The role name at family, dynamic verification code is calculated with Platform Server identical algorithm, if calculate obtained dynamic verification code and
Dynamic verification code in the redirection access request is consistent, then performs corresponding monitoring business.
Compared to prior art, technical scheme is safe and reliable, and the security to monitoring frontend has necessarily
Guarantee.
Brief description of the drawings
Fig. 1 is flow chart of the embodiment of the present invention.
Fig. 2 is user interface map exemplary plot of the embodiment of the present invention.
Fig. 3 is the relative synchronization time of the embodiment of the present invention to illustrate exemplary plot.
Fig. 4 is the building-block of logic of device of the embodiment of the present invention one.
Fig. 5 is the building-block of logic of device of the embodiment of the present invention two.
Embodiment
In order to solve the technical problem mentioned in background technology, the present invention provides one kind and is securely accessed by monitoring frontend
Scheme.Elaborated below by way of specific embodiment.
It please join Fig. 1 method flow diagram for being securely accessed by monitoring frontend.
The monitoring is carried in S1, Platform Server reception registered user's addition monitoring frontend message, the message to set
Standby sequence number, implementor name and the user name of the registered user.
User logs in Platform Server on computer or mobile phone first, such as inputs platform clothes in a browser
The domain name of business device, such as http://ddns.xxxx.com signs in the Platform Server, then inputs username and password and carries out
Registration.If succeeded in registration, the monitoring frontend is added on Platform Server.It please join shown in Fig. 2 a equipment to add
Plus the configuration page, user can be named to the monitoring frontend to be added in the input frame of implementor name, such as
NVR1, IPC1, then input the sequence number of the equipment.Each equipment has unique hardware sequence number when dispatching from the factory, should
Hardware sequence number as the equipment unique mark.Here in addition to manually entering the mode of hardware sequence number, it can also pass through
The sequence number of the monitoring frontend is reported Platform Server by the mode of scanning bar code or Quick Response Code.The operation of user
After the completion of, Platform Server adds the message of monitoring frontend by the registered user is received.
If hardware sequence number is one group of regular number, that certain user can be guessed before the monitoring of other users
The hardware sequence number of end equipment, then carries out the addition of the monitoring frontend of non-attribution itself to Platform Server.So from
From the point of view of security, the sequence number of the monitoring device in addition message can also be hardware sequence number and random sequence number structure
Into sequence number.Such as first 20 be equipment sequence number, latter 10 be equipment the corresponding random sequence of hardware sequence number
Number.Increase after random sequence number, the sequence number of whole 30 is difficult to be guessed by people, so as to add security.
S2, Platform Server verify the sequence in the message according to the sequence number of the monitoring frontend locally preserved
Number, if unanimously, being locally generated one of the user name of implementor name, sequence number and the registered user of the monitoring frontend
New record.
The sequence number of monitoring frontend is preserved on Platform Server.If be compared using hardware sequence number
Words, as long as then Platform Server records its hardware sequence number before monitoring frontend dispatches from the factory.If using hardware sequence
Number and if random sequence number is compared, then Platform Server record hardware sequence number and this before monitoring frontend dispatches from the factory
The corresponding random sequence number of hardware sequence number.Or, it would however also be possible to employ monitoring frontend reach the standard grade to Platform Server register when
Transmitter sequence number, Platform Server is locally recording the sequence number that the monitoring frontend is sent, in this, as follow-up comparison
Foundation.
After Platform Server receives the equipment addition message that user is sent by computer or mobile phone, just by the equipment
The series number added the sequence number in message and locally preserved is compared, if in the sequence number locally preserved and addition message
Sequence number it is consistent, then add successfully, otherwise it is assumed that the monitoring frontend is illegality equipment, not adds.After adding successfully,
The correspondence of implementor name, sequence number and the user name of registered user of the monitoring frontend of the addition will be preserved on Platform Server
Record.Which registered user successfully with the addition of the monitoring frontend represent the monitoring frontend belong to the user or
That says the user has the monitoring frontend under one's name.
S3, monitoring frontend send in registration keep Alive Packet, the registration keep Alive Packet to Platform Server and carry the prison
Control the sequence number of headend equipment, synchronous random number.
S4, Platform Server receive the registration keep Alive Packet of monitoring frontend.
The sequence number of S5, Platform Server in registration keep Alive Packet finds the record of the monitoring frontend,
Synchronous random number, the IP address of the monitoring frontend obtained from IP are further added in the record.
Logon message will be sent from trend Platform Server after monitoring frontend electrifying startup, the logon message is included
The sequence number of the monitoring frontend, synchronous random number.Platform Server is after the logon message of monitoring frontend is received, root
The lookup of the monitoring frontend is locally being carried out according to sequence number therein, if found, in the monitoring frontend pair
Its IP address and synchronous random number are added in the record answered;If do not found, also without user on Platform Server
The monitoring frontend was added, the monitoring frontend can be now identified for " offline " state, subsequent user takes in platform
" offline " state is changed to " online " state when adding successfully the monitoring frontend on business device.Subsequently, monitoring frontend
Keep Alive Packet periodically can be sent to Platform Server, the keep Alive Packet can equally carry related letter similar to logon message
Breath.Synchronous random number is for generating dynamic verification code, so the synchronous random number carried when sending keep Alive Packet every time is not
Together, and in keep Alive Packet carrying in the synchronous random number and logon message that carry it is also inconsistent.
S6, user send in the request of access monitoring headend equipment, the access request to Platform Server and carry to be visited
Monitoring frontend implementor name.
S7, Platform Server receive user to the access request of monitoring frontend after, judge the user under one's name whether
Monitoring frontend with the implementor name, if it is, going to step S8, otherwise refuses the access request of the user.
User belongs to the prison of oneself after Platform Server is signed in the username and password of oneself if to access
Control headend equipment, it is only necessary to the monitoring frontend of display, computer or hand are clicked on the interface of computer or mobile phone
Machine sends the demand of user to Platform Server.Or, user directly can also input such as in a browser:http://
The mode of { Platform Server domain name }/{ implementor name to be visited } sends the access request of oneself to Platform Server.Platform takes
Business device is directed to the request of user's access monitoring headend equipment, and whether first determine whether the user there is the front monitoring front-end to set under one's name
It is standby.Platform Server inquires about the record for the monitoring frontend being locally generated when judging, if protected in certain record
Deposit the corresponding relation of the user name of the user and the implementor name of monitoring frontend to be visited, then it is assumed that the tool under one's name of the user
There is the monitoring frontend to be visited, so as to allow the user to access the monitoring frontend.
S8, Platform Server inquire its IP address in the record of the monitoring frontend, by the visit of the user
Ask that request is redirected to the IP comprising the monitoring frontend in the monitoring frontend, the access request of the redirection
Location, the role name for accessing monitoring frontend user, dynamic verification code.
S9, monitoring frontend are received after the redirection access request of Platform Server transmission, according to the last time hair
Synchronous random number, current time and the role name for accessing monitoring frontend user carried in the keep Alive Packet sent,
Dynamic verification code is calculated with Platform Server identical algorithm, if calculating obtained dynamic verification code and redirection visit
Ask that the dynamic verification code in request is consistent, then perform corresponding monitoring business, otherwise refusal performs corresponding monitoring business.
After Platform Server confirms that the user can be with access monitoring headend equipment, directly the access request of user is reset
To monitoring frontend.Before redirection, Platform Server needs first to inquire about the record information of the monitoring frontend, therefrom
Its IP address is obtained, is then redirected again.Also, in order to ensure the security of monitoring frontend video, redirection
The dynamic verification code information that legitimate verification is carried out for monitoring frontend is further included in access request.The dynamic verification code
It is the synchronous random number that is carried in the keep Alive Packet that information is Platform Server to be sent according to monitoring frontend the last time, current
Time and access the role name of monitoring frontend user and pass through what predetermined algorithm was generated.Monitoring frontend is received
After the redirection access request sent to Platform Server, what is carried in the keep Alive Packet sent recently according to itself is synchronous random
The role name of the access monitoring frontend user carried in several, current time and redirection request, using predetermined
Algorithm is calculated, if it is consistent with the dynamic verification code redirected in access request to calculate obtained result, legitimacy is tested
Card passes through, and performs corresponding monitoring business to user, such as sends live stream, playing back videos;If it is inconsistent, not performing.Prison
It is consistent with pre-defined algorithm used in Platform Server to control headend equipment to carry out dynamic verification code to calculate the pre-defined algorithm used
Algorithm.
The calculating process of above-mentioned dynamic verification code is also the bright spot of the present invention, and specific calculating process is as follows:
1. synchronous random number and the current dynamic code of Time Calculation first are utilized;
2. it is role name, synchronous random number and the first dynamic code three of accessing monitoring frontend user is spliced
MD5 character strings are checked character string as user name;
3. the string progress of checking character of the first dynamic code and user name is spliced and obtains dynamic verification code.
Access the role name of monitoring frontend user, such as admin, visitor etc..If monitoring frontend is returned
When the user of category accesses the monitoring frontend, role name can be:admin;If shared user, role name can be with
It is:visitor.Platform Server can be taken when the access request of user is redirected according to local record information
The role name of access user is taken, so that monitoring frontend can carry out the calculating actually access user of dynamic verification code
Role name more expresses is a kind of access authority information.Usual admin represents high authority.
The method of above-mentioned generation dynamic verification code has used all multi-parameters, have synchronous random number, represent authority role name,
Temporal information, safe purpose is reached with this:Synchronous random number, temporal information may be considered real-time parameter;The angle of user
Color name then prevents the user of low rights from accessing the content that high authority user could access.
It is if the time of monitoring frontend and Platform Server is synchronous with standard time source, then above-mentioned to calculate
Current time used in journey can be the absolute time on monitoring frontend and Platform Server.But if to realize
Monitoring frontend, Platform Server respectively with standard time source synchronization if cost it is higher, so in the embodiment of the present invention
Current time use relative time.
It please join Fig. 3, current time is represented with n value.Such as when the 0th second, monitoring frontend takes to platform
The logon message for the synchronous random number of device transmission carrying of being engaged in, now records n=1, has then spent 10 seconds, n is by more on monitoring frontend
New is 2, has then spent 10 seconds again, n is updated to 3, by that analogy.For Platform Server, set receiving the front monitoring front-end
During standby logon message, n is updated to 1, n renewal is then carried out according to the local time:If the local time have passed through
10 seconds, n was updated to 2,10 seconds had been spent again, n is updated to 3, by that analogy.Here it is within 10 seconds a digit, n is equal to several
Mean that it is currently which is individual 10 seconds.The digit of certain 10 seconds is only an example, can also be other digits.
When monitoring frontend is to Platform Server transmission keep Alive Packet, current n value, platform can be carried in keep Alive Packet
Server judges whether n is synchronous accordingly, if synchronization, n renewal is carried out further according to the time intervals of 10 seconds, otherwise
The n values first sent with monitoring frontend update itself current n value.After monitoring frontend power down, Platform Server is clear
Except the n values corresponding to the monitoring frontend.
When using above-mentioned relative time to calculate dynamic verification code, monitoring frontend is utilizing itself current synchronization
Random number, relative time, user name calculate the dynamic in obtained dynamic verification code and platform server redirection access request
When identifying code is inconsistent, monitoring frontend further utilizes current synchronous random number, preceding adjacent to and opposite time, access user
Role name calculate dynamic verification code, if now calculating obtained dynamic verification code and platform server redirection access request
In dynamic verification code it is consistent(Reference picture 3, what is verified here is with the situation at arrow dotted line), then what is user accessed is legal
Property be verified, perform corresponding monitoring business to user;If still inconsistent, then monitoring frontend is further sharp
Dynamic verification code is calculated with the role name of preceding adjacent sync random number, preceding adjacent to and opposite time, access user, if now calculated
Obtained dynamic verification code is consistent with the dynamic verification code in platform server redirection access request(Join Fig. 3, verify here
It is the situation at the solid line with arrow), then the legitimate verification that user accesses is passed through, performs corresponding monitoring business.Here
The preceding adjacent to and opposite time, preceding adjacent sync random number explained using Fig. 3 example:When terminating soon within the 30th second,
Platform Server has redirected an access request to monitoring frontend(Dotted line signal with arrow in figure), redirection visit
Ask that the used time when calculating of the dynamic verification code in request is n=4;Monitoring frontend receives access request progress
It has been the 40th second when dynamic verification code is calculated, now n=5.It is adjacent phase before it relative to current time n=5, n=4
To the time.Similarly, Platform Server redirects another access request to monitoring frontend(The solid line with arrow shows in figure
Meaning), the dynamic verification code carried in the access request is A, monitoring frontend receipts calculating the synchronous random number that uses
During to the access request, monitoring frontend just have sent a new keep Alive Packet to Platform Server, the new keep-alive report
Another synchronous random number B is carried in text.Relative to synchronous random number B, synchronous random number A is that its preceding adjacent sync is random
Number.
The embodiment of the present invention is further described below by a specific example.
The domain name of Platform Server is ddns.xxxx.com;The entitled Tom of user, password for 123456 user to website
Ddns.xxxx.com is registered, and the facility information added after succeeding in registration on the Platform Server is as follows:Equipment
Name NVROne, sequence number 151001.The registration equipment is located at public network, and IP address is 51.51.51.2, there is 2 road videos, is respectively
Video Door, video Bedroom.Tom is logged in after Platform Server, it can be seen that under equipment NVROne and the equipment under one's name
Video channel Door, Bedroom.If in addition, the video channel Door that Tom will be accessed under NVROne can also browsed directly
Http is inputted in device://ddns.xxxx.com/NVROne/Door.The Tom access request is redirected to by Platform Server
NVROne, jumps to http://51.51.51.2/user=fb35dce52779e5d1c0afa46789ab27dc&key=
21040332ae25cce52959e5d1c0aea4ab27dc6789&key2=d1c0afa46789fb35dce52779e5.Wherein
51.51.51.2 it is NVROne IP address, user is the character string after admin md5 algorithms calculating;Key is dynamic authentication
Code;Key2 is the character string after video channel Door md5 algorithms calculating.
NVROne equipment is received after request, to http://51.51.51.2/user=fb35dce52779e5d1c0afa4
6789ab27dc&key=21040332ae25cce52959e5d1c0aea4ab27dc6789&key2=d1c0afa46789fb35
Dce52779e5 is parsed:The character string fb35dce52779e5d1c0afa46789ab27dc after user is solved
Analysis, to after key2 character string d1c0afa46789fb35dce52779e5 carry out, respectively obtain access user role name and
The channel name of access.It is legal that dynamic verification code key=21040332ae25cce52959e5d1c0aea4ab27dc6789 is carried out
Property checking.NVROne carry out dynamic verification code checking when, using the algorithm as Platform Server and
Parameter calculated, if the result calculated be 21040332ae25cce52959e5d1c0aea4ab27dc6789,
Legitimate verification passes through, and performs corresponding monitoring business.
Based on same design, the present invention also provides a kind of device for being securely accessed by monitoring frontend, device position
In Platform Server.It please join Fig. 4, be divided from logical construction, the device includes equipment add module, device information update mould
Block, access control module.
Equipment add module, adds in the message of monitoring frontend, the message for receiving registered user and carries the prison
Control sequence number, implementor name and the user name of registered user of equipment;And institute is verified according to the sequence number locally preserved
The sequence number of the monitoring frontend in message is stated, if unanimously, being locally generated implementor name, the sequence of the monitoring frontend
One new record of row number, registered user's user name;
Device information update module, registration, keep Alive Packet for receiving monitoring frontend, the registration, keep Alive Packet
Middle carrying monitoring frontend sequence number, synchronous random number;And the sequence number in registration keep Alive Packet finds the prison
The record of headend equipment is controlled, synchronous random number, IP address are further added in the record;
Access control module, after receiving user to the access request of monitoring frontend, judges the user under one's name
Whether there is the monitoring frontend of the implementor name, if it is, its IP address is inquired in the record of the monitoring frontend,
The access request of the user is redirected in the monitoring frontend, the access request of the redirection and included before the monitoring
The IP address of end equipment, the role name of access user, dynamic verification code, so that monitoring frontend is received after the access request
It is confirmed whether to perform corresponding monitoring business according to the dynamic verification code;Wherein described dynamic verification code is worked as according to Platform Server
The synchronous random number of preceding record, current time, the role name generation of access user.
The present invention also provides a kind of device for being securely accessed by monitoring frontend applied on monitoring frontend.Please
Join Fig. 5, divided from logical construction, the device includes:Register keep-alive module, access control module.
Keep-alive module is registered, is somebody's turn to do for sending to carry in registration keep Alive Packet, the registration keep Alive Packet to Platform Server
Monitoring frontend sequence number, synchronous random number;
After access control module, the redirection access request for receiving Platform Server transmission, according to the last time
The role name of the synchronous random number, current time and the access user that are carried in the keep Alive Packet of transmission, are taken with platform
Device identical of being engaged in algorithm calculates dynamic verification code, if calculated in obtained dynamic verification code and the redirection access request
Dynamic verification code is consistent, then performs corresponding monitoring business.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
God is with principle, and any modification, equivalent substitution and improvements done etc. should be included within the scope of protection of the invention.
Claims (10)
1. a kind of method for being securely accessed by monitoring frontend, this method is applied on Platform Server, it is characterised in that should
Method includes:
A, reception registered user are added in the message of monitoring frontend, the message on Platform Server and are carried the monitoring device
Sequence number, implementor name and the user name of the registered user;
The sequence number for the monitoring frontend that B, basis are locally preserved verifies the sequence number in the message, if unanimously,
Locally generate a new record of the user name of implementor name, sequence number and the registered user of the monitoring frontend;
The sequence of monitoring frontend is carried in C, the registration keep Alive Packet for receiving monitoring frontend, the registration keep Alive Packet
Number, synchronous random number;
D, the record found according to the sequence number of registration keep Alive Packet, in the record further the synchronous random number of addition,
The IP address of the monitoring frontend obtained from IP;
After E, reception user are to the access request of monitoring frontend, whether judge the user there is the user to pass through this under one's name
Access request asks the monitoring frontend implementor name accessed, if it is, going to step F, otherwise refuses the access of the user
Request;
F, its IP address is inquired in the record of the monitoring frontend, the access request of the user is redirected to the prison
Headend equipment is controlled, the IP address comprising the monitoring frontend in the access request of the redirection, the front monitoring front-end is accessed and sets
Role name, the dynamic verification code of standby user so that monitoring frontend receive it is true according to the dynamic verification code after the access request
Recognize and whether perform corresponding monitoring business;Wherein described dynamic verification code is according to the synchronous random of Platform Server current record
Several, current time, the role name generation of access monitoring frontend user, to ensure the front end surveillance device video
Security.
2. the method as described in claim 1, it is characterised in that the hardware sequence number of the Serial No. monitoring frontend,
Or the hardware sequence number random sequence number composition corresponding with the hardware sequence number of the Serial No. monitoring frontend
Sequence number.
3. the method as described in claim 1, it is characterised in that the dynamic verification code is calculated in accordance with the following steps:
A1, utilize synchronous random number and the current dynamic code of Time Calculation first;
A2, role name, synchronous random number and the first spliced MD5 of dynamic code three that monitoring frontend user will be accessed
Character string is used as string of checking character;
A3, it regard the splicing of the first dynamic code and string of checking character as dynamic verification code.
4. method as claimed in claim 3, it is characterised in that the current time is relative time.
5. a kind of method for being securely accessed by monitoring frontend, this method is applied to monitoring frontend, it is characterised in that should
Method includes:
A, registration keep Alive Packet is sent to Platform Server, the sequence of the monitoring frontend is carried in the registration keep Alive Packet
Number, synchronous random number;
B, monitoring frontend are received after the redirection access request of Platform Server transmission, the guarantor sent according to the last time
Synchronous random number, current time and the role name for accessing monitoring frontend user carried in message living, with peace
Platform server identical algorithm calculates dynamic verification code, to ensure the security of the front end surveillance device video, if calculated
To dynamic verification code it is consistent with the dynamic verification code in the redirection access request, then perform corresponding monitoring business.
6. a kind of device for being securely accessed by monitoring frontend, the device is applied to Platform Server, it is characterised in that the dress
Put including:
The monitoring is carried in equipment add module, the message for receiving registered user's addition monitoring frontend, the message to set
Standby sequence number, implementor name and the user name of registered user;And the report is verified according to the sequence number locally preserved
The sequence number of monitoring frontend in text, if unanimously, being locally generated implementor name, the sequence of the monitoring frontend
Number, a new record of registered user's user name;
Taken in device information update module, registration, keep Alive Packet for receiving monitoring frontend, the registration, keep Alive Packet
Band monitoring frontend sequence number, synchronous random number;And the sequence number in registration keep Alive Packet is found before the monitoring
The record of end equipment, further adds synchronous random number, IP address in the record;
Access control module, after receiving user to the access request of monitoring frontend, judge the user under one's name whether
Monitoring frontend with the implementor name, if it is, its IP address is inquired in the record of the monitoring frontend, by this
The access request of user is redirected in the monitoring frontend, the access request of the redirection to be set comprising the front monitoring front-end
Standby IP address, the role name for accessing monitoring frontend user, dynamic verification code, so that monitoring frontend receives the visit
It is confirmed whether to perform corresponding monitoring business according to the dynamic verification code after asking request;Wherein described dynamic verification code is according to platform
The synchronous random number of server current record, current time, the role name generation of access monitoring frontend user,
To ensure the security of the front end surveillance device video.
7. device as claimed in claim 6, it is characterised in that the hardware sequence number of the Serial No. monitoring frontend,
Or the hardware sequence number random sequence number composition corresponding with the hardware sequence number of the Serial No. monitoring frontend
Sequence number.
8. device as claimed in claim 6, it is characterised in that the access control module generates dynamic and tested in accordance with the following steps
Demonstrate,prove code:
A1, utilize synchronous random number and the current dynamic code of Time Calculation first;
A2, role name, synchronous random number and the first spliced MD5 of dynamic code three that monitoring frontend user will be accessed
Character string is used as string of checking character;
A3, it regard the splicing of the first dynamic code and string of checking character as dynamic verification code.
9. device as claimed in claim 8, it is characterised in that the current time is relative time.
10. a kind of device for being securely accessed by monitoring frontend, the device is applied on monitoring frontend, including:
Keep-alive module is registered, the monitoring is carried for being sent to Platform Server in registration keep Alive Packet, the registration keep Alive Packet
Headend equipment sequence number, synchronous random number;
After access control module, the redirection access request for receiving Platform Server transmission, according to the last time transmission
Keep Alive Packet in the synchronous random number, current time and the role name for accessing monitoring frontend user that carry, use
Dynamic verification code is calculated with Platform Server identical algorithm, to ensure the security of the front end surveillance device video, if meter
Obtained dynamic verification code is consistent with the dynamic verification code in the redirection access request, then performs corresponding monitoring industry
Business.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410151834.2A CN103929482B (en) | 2014-04-15 | 2014-04-15 | A kind of method and apparatus for being securely accessed by monitoring frontend |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410151834.2A CN103929482B (en) | 2014-04-15 | 2014-04-15 | A kind of method and apparatus for being securely accessed by monitoring frontend |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103929482A CN103929482A (en) | 2014-07-16 |
| CN103929482B true CN103929482B (en) | 2017-11-03 |
Family
ID=51147554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410151834.2A Active CN103929482B (en) | 2014-04-15 | 2014-04-15 | A kind of method and apparatus for being securely accessed by monitoring frontend |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103929482B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105391744B (en) * | 2015-12-30 | 2019-10-18 | 浙江宇视科技有限公司 | A kind of method and system of management and monitoring equipment |
| CN105471912B (en) * | 2015-12-31 | 2019-01-22 | 深信服科技股份有限公司 | Monitor the safety defense method and system of network |
| CN106412498B (en) * | 2016-08-31 | 2019-12-13 | 浙江宇视科技有限公司 | monitoring data acquisition method and cloud terminal |
| CN109286600A (en) * | 2017-07-20 | 2019-01-29 | 浙江宇视科技有限公司 | Access control method and device in a kind of video monitoring system |
| CN107833456B (en) * | 2017-10-19 | 2019-05-07 | 东峡大通(北京)管理咨询有限公司 | Vehicle monitoring device management method, device and machine readable storage medium |
| CN109962878B (en) | 2017-12-14 | 2021-04-16 | 大唐移动通信设备有限公司 | Registration method and device of IMS (IP multimedia subsystem) user |
| CN109583186A (en) * | 2018-12-04 | 2019-04-05 | 江西财经大学 | A kind of cloud computing formula image processing system |
| CN111343173B (en) * | 2020-02-21 | 2022-08-26 | 腾讯云计算(北京)有限责任公司 | Data access abnormity monitoring method and device |
| CN112511801A (en) * | 2020-11-19 | 2021-03-16 | 天津凯发电气股份有限公司 | Method for retrieving videos of auxiliary monitoring system by railway telecontrol monitoring system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094394A (en) * | 2007-07-17 | 2007-12-26 | 中国科学院软件研究所 | Method for guaranteeing safe transmission of video data, and video monitoring system |
| CN102185894A (en) * | 2011-04-11 | 2011-09-14 | 中国电信股份有限公司 | Multimedia acquisition and transmission method and system |
| WO2012142797A1 (en) * | 2011-04-18 | 2012-10-26 | 中兴通讯股份有限公司 | Video monitoring system and method |
| CN102984175A (en) * | 2012-12-21 | 2013-03-20 | 浙江宇视科技有限公司 | Front-end monitoring equipment without IP and agent device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026499B (en) * | 2007-01-19 | 2011-11-30 | 北京华纬讯电信技术有限公司 | Method for realizing OPTIONS self-query for video business based on SIP protocol |
| CN102185922B (en) * | 2011-05-13 | 2013-03-20 | 南京视威电子科技股份有限公司 | Point-to-point access method for wireless IoT (Internet of Things) video monitoring terminal based on 2.5G communication and handset mailbox |
| CN103475533B (en) * | 2012-06-08 | 2019-02-15 | 中兴通讯股份有限公司 | Front monitoring front-end cut-in method, apparatus and system |
-
2014
- 2014-04-15 CN CN201410151834.2A patent/CN103929482B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094394A (en) * | 2007-07-17 | 2007-12-26 | 中国科学院软件研究所 | Method for guaranteeing safe transmission of video data, and video monitoring system |
| CN102185894A (en) * | 2011-04-11 | 2011-09-14 | 中国电信股份有限公司 | Multimedia acquisition and transmission method and system |
| WO2012142797A1 (en) * | 2011-04-18 | 2012-10-26 | 中兴通讯股份有限公司 | Video monitoring system and method |
| CN102984175A (en) * | 2012-12-21 | 2013-03-20 | 浙江宇视科技有限公司 | Front-end monitoring equipment without IP and agent device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103929482A (en) | 2014-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103929482B (en) | A kind of method and apparatus for being securely accessed by monitoring frontend | |
| CN103916637B (en) | A kind of method and apparatus for safely sharing monitoring frontend | |
| CN101075875B (en) | Method and system for realizing monopoint login between gate and system | |
| CN108737418B (en) | Identity authentication method and system based on block chain | |
| CN106302502B (en) | A kind of secure access authentication method, user terminal and server-side | |
| US10880306B2 (en) | Verification information update | |
| CN104144419B (en) | Identity authentication method, device and system | |
| CN101990183B (en) | Method, device and system for protecting user information | |
| CN101227468B (en) | Method, device and system for authenticating user to network | |
| CN106657068A (en) | Login authorization method and device, login method and device | |
| US9009793B2 (en) | Dynamic pin dual factor authentication using mobile device | |
| CN105591744A (en) | Network real-name authentication method and system | |
| KR20140106360A (en) | System and Method for OTP authentication | |
| KR20140024437A (en) | Authentication system via two communication devices | |
| CN104734849A (en) | Method and system for conducting authentication on third-party application | |
| CN103634399B (en) | Method and device for realizing cross-domain data transmission | |
| CN111753014B (en) | Identity authentication method and device based on block chain | |
| CN104967597A (en) | Third-party application message authentication method and system based on secure channel | |
| CN106470145B (en) | Instant messaging method and device | |
| CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
| CN104125230B (en) | A kind of short message certification service system and authentication method | |
| US20130333030A1 (en) | Verifying source of email | |
| EP3937040A1 (en) | Systems and methods for securing login access | |
| WO2018196686A1 (en) | Service response method and middleware thereof | |
| CN103905399A (en) | Account registration management method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |