CN104486322B - Terminal access authentication authorization method and terminal access authentication authoring system - Google Patents
Terminal access authentication authorization method and terminal access authentication authoring system Download PDFInfo
- Publication number
- CN104486322B CN104486322B CN201410755407.5A CN201410755407A CN104486322B CN 104486322 B CN104486322 B CN 104486322B CN 201410755407 A CN201410755407 A CN 201410755407A CN 104486322 B CN104486322 B CN 104486322B
- Authority
- CN
- China
- Prior art keywords
- hardware
- terminal device
- certificate server
- identification
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000004891 communication Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 12
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Abstract
The invention discloses terminal access authentication authorization method and terminal access authentication authoring system, and applied to a terminal device, methods described includes:Hardware identification is carried out to the terminal device;If the terminal device initiates authorized application by the hardware identification to certificate server;Receive the soft ware authorization feedback that the certificate server is sent, wherein, the soft ware authorization is fed back to the certificate server for authorized application generation, when the soft ware authorization feedback received, which characterizes, allows the terminal device to access, the terminal device obtains service operation mandate from the certificate server.
Description
Technical field
The invention belongs to technical field of network security, more particularly to terminal access authentication authorization method and terminal access authentication
Authoring system.
Background technology
Traditional or existing terminal Access Control is concentrated on terminal authentication, and mainly client software is tested
Card, handled by the local encryption and decryption of client certificate word string to realize the identification certification to client;Next to that using terminal
The login authentication mode that user name password is carried out, this authentication mode are more the authentications carried out for terminal account number;Its
Terminal software application encryption certification that his such as U-KEY is carried out by external hardware equipment etc. also rests on software view and entered mostly
Row checking and identification, or transmission data are encrypted, or client terminals message is encrypted transmission etc..
And it is current, gone beyond one's commission for the access of such as pseudo-terminal and terminal, unauthorized information of access etc. of bypassing the immediate leadership, then it is existing single
Terminal authentication mode has been difficult to ensure that the general safety of system itself.
The content of the invention
It is an object of the invention to provide a kind of terminal access authentication authorization method and terminal access authentication authoring system, solution
The problem of certainly single terminal authentication mode has been difficult to ensure that the general safety of system itself in the prior art.
In a first aspect, the invention provides a kind of terminal access authentication authorization method, applied to a terminal device, the side
Method includes:Hardware identification is carried out to the terminal device;If the terminal device is by the hardware identification, to authentication service
Device initiates authorized application;The soft ware authorization feedback that the certificate server is sent is received, wherein, the soft ware authorization is fed back to institute
Certificate server is stated for authorized application generation;Allow the terminal when the soft ware authorization feedback received characterizes
When equipment accesses, the terminal device obtains service operation mandate from the certificate server.
Preferably, it is described to terminal device progress hardware identification, including:Hardware ID school is carried out to the terminal device
Test, to judge whether to need to initiate hardware system certification to the certificate server;If judged result is demonstrated the need for described
When certificate server initiates hardware system certification, the hardware attributes information of the terminal device is gathered;By authentication logic to institute
State hardware attributes information to be handled, generate hardware ID corresponding with the hardware attributes information;The hardware ID is sent to
The certificate server, the hardware ID are used for the certificate server and carry out hardware identification to the terminal device;Receive institute
The hardware identification feedback of certificate server feedback is stated, the hardware identification is fed back for confirming that the hardware ID is legal hardware ID
Or illegal hardware ID, the hardware ID are that the legal hardware ID sign terminal device passes through hardware identification.
Preferably, judge whether to need to after certificate server initiation hardware system certification described, the side
Method also includes:If judged result shows that hardware system certification need not be initiated to the certificate server, it is determined that the end
The hardware ID of end equipment is legal hardware ID.
Preferably, if the terminal device is by hardware identification, authorized application is initiated to certificate server, including:If
The terminal device then carries out software merit rating so that the software of the terminal device by hardware identification to the terminal device
System confirms whether the hardware ID is legal hardware ID;Confirm that the hardware ID is legal hardware ID in the software systems
When, initiate the authorized application to the certificate server.
Second aspect, the invention provides a kind of terminal access authentication authoring system, including:Hardware identification module, software
Authorization module, and communication module;The hardware identification module, for carrying out hardware identification to the terminal device;It is described soft
Part authorization module, if calling the communication module to certificate server by the hardware identification for the terminal device
Initiate authorized application;The communication module, it is additionally operable to receive the soft ware authorization feedback that the certificate server is sent, wherein, institute
State soft ware authorization and be fed back to the certificate server for authorized application generation;When the soft ware authorization received is anti-
Feedback is characterized when allowing the terminal device access, and the terminal device obtains service operation mandate from the certificate server.
Preferably, the system also includes parameter collection module, and the hardware identification module is specifically used for the terminal
Whether equipment carries out hardware ID verification, to judge to need to initiate hardware system certification to the certificate server;The parameter
If acquisition module specifically for judged result demonstrate the need for the certificate server initiate hardware system certification when, described in collection
The hardware attributes information of terminal device;The hardware identification module, it is additionally operable to by authentication logic to the hardware attributes information
Handled, generate hardware ID corresponding with the hardware attributes information;The communication module is called, the hardware ID is sent
To the certificate server, the hardware ID is used for the certificate server and carries out hardware identification to the terminal device;
The communication module, specifically it is additionally operable to receive the hardware identification feedback of the certificate server feedback, the hardware
Certification is fed back for confirming that the hardware ID is legal hardware ID or illegal hardware ID, and the hardware ID characterizes for legal hardware ID
The terminal device passes through hardware identification.
Preferably, the hardware identification module, if being specifically additionally operable to that judged result shows need not be to the authentication service
When device initiates hardware system certification, it is determined that the hardware ID of the terminal device is legal hardware ID.
Preferably, the soft ware authorization module, if specifically for the terminal device by hardware identification, to the end
End equipment carries out software merit rating so that the software systems of the terminal device confirm whether the hardware ID is legal hardware ID;
And when it is legal hardware ID that the software systems, which confirm the hardware ID, the communication module is called to the authentication service
Device initiates the authorized application.
Technical scheme provided in an embodiment of the present invention at least has the following technical effect that:
Due to having passed through the combination of hardware identification and soft ware authorization:First, the ardware feature based on terminal device, such as equipment
CPU sequence numbers, mainboard sequence number, MAC (Media access control media access control layers) address informations and operation are
Unite the identification of version information etc., by the hardware identification of certificate server, the hardware identity of terminal device is established, in hardware system
The access safety of first layer is provided on system:Secondly, soft ware authorization is carried out, realizes the broadcasting domain authority of media playback software itself
Management.It can be seen that hardware identification and soft ware authorization two ways effectively integrate, the safety in terminal access preferably ensure that
Property, effectively prevent the various attacks for terminal hardware or software access, terminal device is really used as one
Complete entity carries out Access Control management.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings;
Fig. 1 is the flow chart of the terminal access authentication authorization method in the embodiment of the present invention;
Fig. 2 is the interaction schematic diagram of the terminal access authentication authorization method in the embodiment of the present invention;
Fig. 3 is the module map of the terminal access authentication authoring system in the embodiment of the present invention.
Embodiment
The embodiments of the invention provide a kind of terminal access authentication authorization method and terminal access authentication authoring system, solves
The problem of single terminal authentication mode of the prior art has been difficult to ensure that the general safety of system itself, total thinking
It is as follows:
It is the type and attribute of identification terminal equipment first, the entity identities of terminal device is authenticated, subsequent basis
Authentication result carries out rational soft ware authorization, realizes in the correct media information of correct terminal plays, solves and set in terminal
In standby Access Control the problem of " partially soft " or " partially hard ", terminal device is set to carry out Access Control pipe as a complete entity
Reason.
In order to be better understood from above-mentioned technical proposal, below in conjunction with Figure of description and specific embodiment to upper
State technical scheme to be described in detail, it should be understood that the specific features in the embodiment of the present application and embodiment are to the application
The detailed description of technical scheme, rather than the restriction to technical scheme, in the case where not conflicting, the application is implemented
Technical characteristic in example and embodiment can be mutually combined.
Fig. 1 be the present invention implement in terminal access authentication authorization method flow chart, terminal access authentication authorized party
Method is applied to a terminal device, and the terminal device can be media termination, or other need the terminal for being linked into service equipment to set
It is standby, the type of terminal device is not limited specifically herein.
With reference to shown in figure 1, the terminal access authentication authorization method comprises the following steps:
S101, hardware identification is carried out to terminal device.
Specifically, S101 specifically comprises the following steps:When terminal device is started shooting, hardware ID is carried out to terminal device
Whether (identity writes, identity number) verifies, to judge to need to initiate hardware system certification to certificate server, firmly
Part ID check results prove whether the hardware ID of the terminal device is legal hardware ID;When check results determine the terminal device
When hardware ID is legal hardware ID, then hardware system certification need not be initiated to certificate server, when check results determine the end
The hardware ID of end equipment is not legal hardware ID, then needs to initiate hardware system certification to certificate server.Such as:The terminal is set
Standby equipment is the new equipment not accessed, or does not have terminal device of access etc. in preset time period, can all be verified out
The hardware ID of the terminal device is illegal hardware ID.But it is the new equipment that will do not access in specific implementation process
Hardware ID confirms as illegal hardware ID, or the hardware ID for the terminal device for not having access in preset time period is confirmed as
Illegal hardware ID, those skilled in the art can be configured according to being actually needed, be not limited herein.
Specifically, hardware system certification is initiated to certificate server again, terminal device needs to perform following flow successively:
Step 1, the hardware attributes information of acquisition terminal equipment.
Specifically, the attribute information by parameter collection module acquisition terminal equipment.The hardware attributes information of collection includes
The CPU parameters of terminal device, mainboard parameter, mac address information, OS operating system parameters etc..
For example, CPU sequence numbers, mainboard sequence number, MAC Address and the operating system version of terminal device can be included
Information.
Step 2, by authentication logic hardware attributes information is handled, generate hardware corresponding with hardware attributes information
ID;It is succinct for specification specifically, authentication logic can select existing any algorithm based on generation hardware ID,
Repeat no more herein.
Step 3, hardware ID is sent to certificate server, the hardware ID for being sent to certificate server is used for certificate server
Hardware identification is carried out to the terminal device.
Specifically, the hardware ID of generation is encrypted terminal device, then by calling communication module, by hardware
ID is complained to certificate server, to initiate hardware system certification to certificate server.Certificate server receives terminal device hair
The authentication information sent, wherein, authentication information includes the hardware ID complained to, and certificate server is set based on the hardware ID complained to terminal
It is standby to be authenticated, judge whether the terminal device is legal hardware device, generate hardware identification feedack.It is specifically, hard
Part certification feedack is " certification passes through " or " certification does not pass through ".
Step 4, terminal device receive the hardware identification feedback of certificate server feedback, and hardware identification feeds back hard for confirming
Part ID is legal hardware ID or illegal hardware ID, and hardware ID is that legal hardware ID sign terminal device passes through hardware identification.
If continuing to use the mode of step 3, if the hardware identification received is fed back to " certification passes through ", it is shown to be legal hard
Part ID;If the hardware identification received is fed back to " certification does not pass through ", illegal hardware ID (i.e. illegal hardware ID) is shown to be.
Preferably, in order to improve security, after hardware ID corresponding with hardware attributes information is generated, by encrypting mould
Hardware ID is encrypted block, is then sent to certificate server by communication module again, and server is received including hard
After part ID encryption information, it is decrypted to obtain the hardware ID for needing to be authenticated.
Further, with reference to any one above-mentioned embodiment, if terminal device is entered by hardware identification to terminal device
Row software merit rating so that the software systems of terminal device confirm whether hardware ID is legal hardware ID;Software system upon configuration
When system confirmation hardware ID is legal hardware ID, then, S102 is performed.
If S102, terminal device initiate authorized application by hardware identification to certificate server.
Specifically, if terminal device carries out software I D verifications, to judge whether to need to take from certification by hardware identification
Business device is authorized, and in specific implementation process, is had and is carried out software I D two kinds of judged results of verification:
The first:Software I D check results show to authorize, then directly allow terminal device to be accessed.
Second:Software I D check results demonstrate the need for the mandate of certificate server, then terminal device is to certificate server
Initiate authorized application.Specifically, initiate authorized application can be the Authentication Client program in terminal device, to authentication service
Device sends password to be certified, and certificate server is authenticated to password, generation soft ware authorization feedback.
S103, the soft ware authorization feedback that certificate server is sent is received, wherein, soft ware authorization is fed back to certificate server pin
To authorized application generation.
Specifically, if password authentication is by the way that the soft ware authorization feedback then actually generated can be access token, and certification takes
Access token is sent to terminal device by business device, and service operation mandate is obtained according to access token.If password authentication not by,
The soft ware authorization feedback then actually generated can be mark of refusal access etc..
S104, when the soft ware authorization feedback received characterize allow terminal device to access when, terminal device is from authentication service
Device obtains service operation mandate.
By above-mentioned S102~S104, the technical scheme in the embodiment of the present invention can be according to soft ware authorization feedback result
Initialization is realized to the software systems of terminal device, " authenticating water-mark " is stamped for terminal software system, client software is carried out
Authorize, realize the broadcasting domain rights management of media playback software itself.
Below with reference to Fig. 2, so that media termination accesses as an example, to terminal access authentication authorization method provided by the present invention
Interaction embodiment is described.
S1:Media termination is started shooting;
S2:Media termination carries out hardware ID verification, verifies whether as legal hardware ID;
S3:Media termination judges whether to need to initiate hardware system certification to certificate server according to hardware ID verification, if
It is then to perform S4, otherwise demonstrates the need for first certificate server and initiate hardware system certification, then perform S5~S10 successively.
S4:Media termination carries out software I D verifications.
S5:Media termination call parameters acquisition module, gather the hardware attributes information of media termination;
S6:Media termination generation generation hardware ID corresponding with hardware attributes information;
S7:Media termination encryption hardware ID;
S8:Media termination initiates hardware system certification to certificate server;
S9:Certificate server authentication information is decrypted processing, obtains hardware ID;
S10:Certificate server certification hardware ID whether by, wherein, certification is by performing S11;Otherwise forbid media whole
Terminate into Certificate Authority process terminates.
S11:Media termination judges whether to need to initiate authorized application to certificate server according to software I D verifications.If so,
S12~S14 is then performed successively;If it is not, performing S14, media termination is directly accessed..
S12:Media termination initiates authorized application;
S13:Certificate server receives authorized application, carries out password authentication.Password authentication success, then feed back to media termination
Access token, perform S14;Password authentication is unsuccessful, then forbids media termination to access, and Certificate Authority process terminates;
S14:Media termination is successfully accessed, and is obtained service authorization, is played correct media information.
Based on same inventive concept, the embodiment of the present invention additionally provides a kind of terminal access authentication authoring system, with reference to figure 3
It is shown, including:Hardware identification module 10, soft ware authorization module 20, and communication module 30.
Hardware identification module 10, for carrying out hardware identification to terminal device;
Soft ware authorization module 20, if calling communication module 30 to authentication service by hardware identification for terminal device
Device initiates authorized application;
Communication module 30, it is additionally operable to receive the soft ware authorization feedback that certificate server is sent, wherein, soft ware authorization is fed back to
Certificate server is for authorized application generation;Terminal device is allowed to access when the soft ware authorization feedback received characterizes
When, terminal device obtains service operation mandate from certificate server.
Preferably, the system also includes parameter collection module 40, then hardware identification module 10 is specifically used for setting terminal
It is standby to carry out hardware ID verification, to judge whether to need to initiate hardware system certification to certificate server;
Demonstrate the need for recognizing to certificate server initiation hardware system if parameter collection module 40 is specifically additionally operable to judged result
During card, the hardware attributes information of acquisition terminal equipment;
Hardware identification module 10, it is additionally operable to handle the hardware attributes information by authentication logic, generation and institute
State hardware ID corresponding to hardware attributes information;Communication module 30 is called, hardware ID is sent to certificate server, hardware ID is used for
Certificate server carries out hardware identification to terminal device;
Communication module 30, is specifically additionally operable to receive the hardware identification feedback of certificate server feedback, and hardware identification feedback is used
In confirming that hardware ID is legal hardware ID or illegal hardware ID, hardware ID is that legal hardware ID sign terminal device is recognized by hardware
Card.
Preferably, hardware identification module 10, show to initiate to certificate server if being specifically additionally operable to judged result
During hardware system certification, it is determined that the hardware ID of terminal device is legal hardware ID.
Preferably, in order to improve security, after hardware ID corresponding with hardware attributes information is generated, by encrypting mould
Hardware ID is encrypted block 50, is then sent to certificate server by communication module 30 again, and server receives bag
After the encryption information for including hardware ID, it is decrypted to obtain the hardware ID for needing to be authenticated.
Preferably, soft ware authorization module 20, if being carried out specifically for terminal device by hardware identification to terminal device
Software merit rating so that the software systems of terminal device confirm whether hardware ID is legal hardware ID;And confirm in software systems
When hardware ID is legal hardware ID, communication module 30 is called to initiate authorized application to certificate server.
Because the terminal access authentication authoring system in the embodiment of the present invention is implementation aforementioned terminals access authentication authorized party
Used by method, so based on the terminal access authentication authorization method described in the embodiment of the present invention, the affiliated technology in this area
Personnel can understand the embodiment and its various change form of the terminal access authentication authoring system of the present embodiment, institute
To be no longer discussed in detail for the terminal access authentication authoring system herein.As long as those skilled in the art implement the present invention
High pressure switchgear used by terminal access authentication authoring system in embodiment, belong to the scope of the invention to be protected.
Technical scheme provided in an embodiment of the present invention at least has the following technical effect that:
Due to having passed through the combination of hardware identification and soft ware authorization:First, the ardware feature based on terminal device, such as equipment
CPU sequence numbers, mainboard sequence number, MAC (Media access control media access control layers) address informations and operation are
Unite the identification of version information etc., by the hardware identification of certificate server, the hardware identity of terminal device is established, in hardware system
The access safety of first layer is provided on system:Secondly, soft ware authorization is carried out, realizes the broadcasting domain authority of media playback software itself
Management.It can be seen that hardware identification and soft ware authorization two ways effectively integrate, the safety in terminal access preferably ensure that
Property, effectively prevent the various attacks for terminal hardware or software access, terminal device is really used as one
Complete entity carries out Access Control management.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention
God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these changes and modification.
Claims (8)
- A kind of 1. terminal access authentication authorization method, applied to a terminal device, it is characterised in that methods described includes:Hardware identification is carried out to the terminal device;If the terminal device carries out software I D verifications by the hardware identification;If software I D check results demonstrate the need for the mandate of certificate server, the terminal device initiates to award to certificate server Power application;If software I D check results show to authorize, directly terminal device is allowed to be accessed;Receive the certification The soft ware authorization feedback that server is sent, wherein, the soft ware authorization is fed back to the certificate server and is directed to the mandate Shen It please generate;When the soft ware authorization feedback received, which characterizes, allows the terminal device to access, the terminal device is recognized from described Demonstrate,prove server and obtain service operation mandate.
- 2. the method as described in claim 1, it is characterised in that it is described to terminal device progress hardware identification, including:Hardware ID verification is carried out to the terminal device, to judge whether to need to initiate hardware system to the certificate server Certification;If judged result demonstrates the need for, to during certificate server initiation hardware system certification, gathering the hard of the terminal device Part attribute information;The hardware attributes information is handled by authentication logic, generates hardware corresponding with the hardware attributes information ID;The hardware ID is sent to the certificate server, the hardware ID is set for the certificate server to the terminal It is standby to carry out hardware identification;The hardware identification feedback of the certificate server feedback is received, the hardware identification is fed back for confirming that the hardware ID is Legal hardware ID or illegal hardware ID, the hardware ID are that the legal hardware ID sign terminal device passes through hardware identification.
- 3. method as claimed in claim 2, it is characterised in that judge whether to need to initiate to the certificate server described After hardware system certification, methods described also includes:If judged result shows that hardware system certification need not be initiated to the certificate server, it is determined that the terminal device Hardware ID be legal hardware ID.
- 4. method as claimed in claim 2 or claim 3, it is characterised in that if the terminal device by hardware identification, to certification Server initiates authorized application, including:If the terminal device carries out software merit rating so that the terminal device by hardware identification to the terminal device Software systems confirm whether the hardware ID is legal hardware ID;When it is legal hardware ID that the software systems, which confirm the hardware ID, the mandate Shen is initiated to the certificate server Please.
- A kind of 5. terminal access authentication authoring system, it is characterised in that including:Hardware identification module, soft ware authorization module, and Communication module;The hardware identification module, for carrying out hardware identification to the terminal device;The soft ware authorization module, if carrying out software I D verifications by the hardware identification for the terminal device;It is if soft Part ID check results demonstrate the need for the mandate of certificate server, then the terminal device initiates authorized application to certificate server; If software I D check results show to authorize, directly terminal device is allowed to be accessed;The communication module, it is additionally operable to receive the soft ware authorization feedback that the certificate server is sent, wherein, the soft ware authorization The certificate server is fed back to for authorized application generation;Allow when the soft ware authorization feedback received characterizes During the terminal device access, the terminal device obtains service operation mandate from the certificate server.
- 6. system as claimed in claim 5, it is characterised in that the system also includes parameter collection module, and the hardware is recognized Demonstrate,prove module to be specifically used for carrying out hardware ID verification to the terminal device, to judge whether to need to send out to the certificate server Play hardware system certification;The parameter collection module, if demonstrating the need for recognizing to certificate server initiation hardware system specifically for judged result During card, the hardware attributes information of the terminal device is gathered;The hardware identification module, be additionally operable to handle the hardware attributes information by authentication logic, generation with it is described Hardware ID corresponding to hardware attributes information;The communication module is called, the hardware ID is sent to the certificate server, institute State hardware ID and be used for the certificate server to terminal device progress hardware identification;The communication module, specifically it is additionally operable to receive the hardware identification feedback of the certificate server feedback, the hardware identification Feed back for confirming that the hardware ID is legal hardware ID or illegal hardware ID, the hardware ID is described in legal hardware ID characterizes Terminal device passes through hardware identification.
- 7. system as claimed in claim 6, it is characterised in that the hardware identification module, if being specifically additionally operable to judged result When showing that hardware system certification need not be initiated to the certificate server, it is determined that the hardware ID of the terminal device is legal Hardware ID.
- 8. system as claimed in claims 6 or 7, it is characterised in that the soft ware authorization module, if specifically for the terminal Equipment then carries out software merit rating by hardware identification to the terminal device so that the software systems of the terminal device confirm Whether the hardware ID is legal hardware ID;And when it is legal hardware ID that the software systems, which confirm the hardware ID, adjust With the communication module authorized application is initiated to the certificate server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410755407.5A CN104486322B (en) | 2014-12-10 | 2014-12-10 | Terminal access authentication authorization method and terminal access authentication authoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410755407.5A CN104486322B (en) | 2014-12-10 | 2014-12-10 | Terminal access authentication authorization method and terminal access authentication authoring system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104486322A CN104486322A (en) | 2015-04-01 |
| CN104486322B true CN104486322B (en) | 2017-12-26 |
Family
ID=52760826
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410755407.5A Active CN104486322B (en) | 2014-12-10 | 2014-12-10 | Terminal access authentication authorization method and terminal access authentication authoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104486322B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108595939A (en) * | 2018-03-15 | 2018-09-28 | 北京雷石天地电子技术有限公司 | A kind of method and system authorizing external equipment permission |
| CN109756509B (en) * | 2019-01-24 | 2021-08-06 | 金润方舟科技股份有限公司 | Network authentication system based on information receipt and working method thereof |
| CN112149067B (en) * | 2020-09-29 | 2022-10-18 | 济南博观智能科技有限公司 | Software authorization method, terminal equipment, authorization server and storage medium |
| WO2022188006A1 (en) * | 2021-03-08 | 2022-09-15 | 华为技术有限公司 | Certificate application method and apparatus |
| CN115021936B (en) * | 2022-06-10 | 2023-10-27 | 中国南方电网有限责任公司 | Terminal equipment safety access authentication and authorization method and system of remote site |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296240A (en) * | 2008-06-20 | 2008-10-29 | 中国移动通信集团北京有限公司 | Authentication method and system for access to wireless network |
| CN101299727A (en) * | 2008-06-30 | 2008-11-05 | 中兴通讯股份有限公司 | Traffic mirroring method and system based on user |
| CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
-
2014
- 2014-12-10 CN CN201410755407.5A patent/CN104486322B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296240A (en) * | 2008-06-20 | 2008-10-29 | 中国移动通信集团北京有限公司 | Authentication method and system for access to wireless network |
| CN101299727A (en) * | 2008-06-30 | 2008-11-05 | 中兴通讯股份有限公司 | Traffic mirroring method and system based on user |
| CN101938468A (en) * | 2010-08-06 | 2011-01-05 | 四川长虹电器股份有限公司 | Digital content protecting system |
| CN102158487A (en) * | 2011-04-01 | 2011-08-17 | 福建星网锐捷网络有限公司 | Network access control method, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104486322A (en) | 2015-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108390851B (en) | Safe remote control system and method for industrial equipment | |
| JP6586446B2 (en) | Method for confirming identification information of user of communication terminal and related system | |
| US7953391B2 (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
| CN109005155B (en) | Identity authentication method and device | |
| EP2304636B1 (en) | Mobile device assisted secure computer network communications | |
| CN108123795B (en) | Quantum key chip issuing method, application method, issuing platform and system | |
| CN105791272A (en) | Method and device for secure communication in Internet of Things | |
| CN105072125B (en) | A kind of http communication system and method | |
| CN104486322B (en) | Terminal access authentication authorization method and terminal access authentication authoring system | |
| CN108243176B (en) | Data transmission method and device | |
| US8397281B2 (en) | Service assisted secret provisioning | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN101841525A (en) | Secure access method, system and client | |
| CN106713279A (en) | Video terminal identity authentication system | |
| CN106027251A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
| CN106506161A (en) | Method for secret protection and privacy protection device in vehicle communication | |
| CN103634265A (en) | Method, device and system for security authentication | |
| US10091189B2 (en) | Secured data channel authentication implying a shared secret | |
| CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
| CN106656955A (en) | Communication method and system and user terminal | |
| CN101192927A (en) | Authorization based on identity confidentiality and multiple authentication method | |
| CN110929231A (en) | Digital asset authorization method and device and server | |
| WO2017020530A1 (en) | Enhanced wlan certificate authentication method, device and system | |
| CN111224965A (en) | Information interaction method and device | |
| CN116132986A (en) | Data transmission method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information |
Inventor after: Jiang Yimin Inventor before: Fan Xianchang |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication authorization method and terminal access authentication authorization system Effective date of registration: 20181225 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2018420000074 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20200102 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2018420000074 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication authorization method and terminal access authentication authorization system Effective date of registration: 20200528 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2020420000025 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210603 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2020420000025 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication and authorization method and terminal access authentication and authorization system Effective date of registration: 20210611 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2021420000035 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20220615 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2021420000035 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Terminal access authentication and authorization method and terminal access authentication and authorization system Effective date of registration: 20220617 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2022420000164 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230615 Granted publication date: 20171226 Pledgee: Guanggu Branch of Wuhan Rural Commercial Bank Co.,Ltd. Pledgor: WUHAN OPTICS VALLEY INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2022420000164 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |