CN106899584A - Management method and its device that a kind of hardware device is accessed - Google Patents

Management method and its device that a kind of hardware device is accessed Download PDF

Info

Publication number
CN106899584A
CN106899584A CN201710091322.5A CN201710091322A CN106899584A CN 106899584 A CN106899584 A CN 106899584A CN 201710091322 A CN201710091322 A CN 201710091322A CN 106899584 A CN106899584 A CN 106899584A
Authority
CN
China
Prior art keywords
hardware device
hardware
accessed
default
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710091322.5A
Other languages
Chinese (zh)
Inventor
周东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yihua Computer Co Ltd
Shenzhen Yihua Time Technology Co Ltd
Shenzhen Yihua Financial Intelligent Research Institute
Original Assignee
Shenzhen Yihua Computer Co Ltd
Shenzhen Yihua Time Technology Co Ltd
Shenzhen Yihua Financial Intelligent Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yihua Computer Co Ltd, Shenzhen Yihua Time Technology Co Ltd, Shenzhen Yihua Financial Intelligent Research Institute filed Critical Shenzhen Yihua Computer Co Ltd
Priority to CN201710091322.5A priority Critical patent/CN106899584A/en
Publication of CN106899584A publication Critical patent/CN106899584A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The present invention is applied to device management techniques field, there is provided management method and its device that a kind of hardware device is accessed, method include:If detecting access hardware device, the corresponding device identification of hardware device is obtained;Judge default equipment registration list whether comprising device identification;If default registering apparatus list includes device identification, set up with hardware device and communicated to connect;According to default equipment legitimate authentication rule, the legitimacy of hardware device is judged;If hardware device is illegal, communication connection is disconnected.The present invention actively sets up communication connection by registered hardware device, and according to default legitimate authentication rule, the legitimacy of determination hardware equipment, solve the administrative skill that existing hardware device is accessed, the legitimacy of hardware device cannot be judged, when the hardware device is utilized by lawless person, the data for easily stealing user equipment (ue) device and the configuration for distorting device, cause potential safety hazard, security and the relatively low problem of confidentiality.

Description

Management method and its device that a kind of hardware device is accessed
Technical field
The invention belongs to device management techniques field, more particularly to a kind of management method that accesses of hardware device and its dress Put.
Background technology
The user of requirement more and more higher with to(for) functions of the equipments, in order to add extra work(to existing apparatus Can be, it is necessary to external other hardware devices.But the administrative skill that existing hardware device is accessed, it is impossible to the legal of hardware device Property is judged, when the hardware device is utilized by lawless person, easily steals the data of user equipment (ue) device and distort dress The configuration put, causes potential safety hazard, and security and confidentiality are relatively low.
The content of the invention
The purpose of the embodiment of the present invention is to provide management method and its device that a kind of hardware device is accessed, it is intended to solved The administrative skill that existing hardware device is accessed, it is impossible to which the legitimacy to hardware device judges, when the hardware device is not by When method molecule is utilized, the data for easily stealing user equipment (ue) device and the configuration for distorting device cause potential safety hazard, security And the relatively low problem of confidentiality.
In a first aspect, the embodiment of the present invention provides the management method that a kind of hardware device is accessed, the hardware device is accessed Management method include:
If detecting access hardware device, the corresponding device identification of the hardware device is obtained;
Judge default equipment registration list whether comprising the device identification;
If default registering apparatus list includes the device identification, set up with the hardware device and communicated to connect;
According to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged;
If the hardware device is illegal, the communication connection is disconnected.
Second aspect, the embodiment of the present invention provides the managing device that a kind of hardware device is accessed, and the hardware device is accessed Managing device include:
Hardware device detection unit, if for detecting access hardware device, obtaining that the hardware device is corresponding to be set Standby mark;
Device identification identifying unit, for judging default equipment registration list whether comprising the device identification;
Communication connection unit, if including the device identification for default registering apparatus list, sets with the hardware Standby foundation communicates to connect;
Legal identifying unit, for according to default equipment legitimate authentication rule, judging the legitimacy of the hardware device;
The illegal execution unit of equipment, if illegal for the hardware device, disconnects the communication connection.
Implement management method that a kind of hardware device provided in an embodiment of the present invention accesses and its device have it is following beneficial Effect:
If the embodiment of the present invention obtains the corresponding equipment mark of the hardware device by detecting access hardware device Know;Judge default equipment registration list whether comprising the device identification;If default registering apparatus list sets comprising described Standby mark, then set up with the hardware device and communicate to connect;According to default equipment legitimate authentication rule, judge that the hardware sets Standby legitimacy;If the hardware device is illegal, the communication connection is disconnected, such that it is able to registered hardware device Communication connection is actively set up, and does not receive all information of its transmission then for unregistered hardware device;And to registered Hardware device, establish communication connection after, again according to default legitimate authentication rule, determination hardware equipment it is legal Property, it is seen then that the embodiment of the present invention is chronically at detection state without the managing device that hardware device is accessed, and resources occupation rate is few, And only to the foundation communication connection of registered hardware device, it is therefore prevented that lawless person steals user and provides by the hardware device for accessing Expect and distort the configuration of device, improve security and confidentiality.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to embodiment or description of the prior art Needed for the accompanying drawing to be used be briefly described, it should be apparent that, drawings in the following description are only more of the invention Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the flow chart of the management method that a kind of hardware device provided in an embodiment of the present invention is accessed;
Fig. 2 is the flow chart of the management method that a kind of hardware device that another embodiment of the present invention is provided is accessed;
Fig. 3 is the structured flowchart of the managing device that a kind of hardware device provided in an embodiment of the present invention is accessed;
Fig. 4 is the structured flowchart of the managing device that a kind of hardware device that another embodiment of the present invention is provided is accessed.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
The embodiment of the present invention actively sets up communication connection by registered hardware device, and for unregistered hardware Equipment does not receive all information of its transmission then;And to registered hardware device, after connection is established communication, again According to default legitimate authentication rule, the legitimacy of determination hardware equipment solves the management skill that existing hardware device is accessed Art, it is impossible to which the legitimacy to hardware device judges, when the hardware device is utilized by lawless person, easily steals user and sets The data of standby device and the configuration of device is distorted, cause potential safety hazard, security and the relatively low problem of confidentiality.
In embodiments of the present invention, the executive agent of flow is the managing device that hardware device is accessed.The hardware device connects The managing device for entering refers specifically to the device with least one hardware device access interface, illustratively, the hardware device The managing device of access is financial terminal, and the financial terminal includes journal printer interface, strip printer interface, terminal interconnection Interface etc..The all hardware equipment access interface that the managing device that the hardware device is accessed is included to it is provided according to the present embodiment Method carry out hardware device access-in management.Fig. 1 shows the management method that hardware device provided in an embodiment of the present invention is accessed Realize flow chart, details are as follows:
In S101, if detecting access hardware device, the corresponding device identification of the hardware device is obtained.
In the present embodiment, when hardware device is accessed by hardware device access interface, hardware device incoming end Generation one is accessed trigger signal by mouth, when the managing device that hardware device is accessed detects the access trigger signal, then really Surely there is hardware device that access operation occurs, carry out access-in management.
In the present embodiment, the managing device that hardware device is accessed can't be always maintained at hardware device access-in management mould Formula, only when connect detect hardware device access interface will generate access trigger signal when, can just start access-in management pattern, And the detection of trigger signal, compared with the monitoring for carrying out hardware device by thread, resource occupation is less, can improve hardware device The managing device of access data utilization rate at one's leisure.
In the present embodiment, when access hardware device is detected, it is hard that the managing device that hardware device is accessed will obtain this The device identification of part equipment.The device identification is included but is not limited to:Manufacturer ID (Vendor Identify, VID), product Identification code (Product Identity, PID) and physical address (Media Access Control Address, MAC ground Location) etc..
Alternatively, in the present embodiment, device identification is used to represent the type of hardware device, for same type of difference Equipment, its device identification can be with identical.Illustratively, existing first laser printer and second laser printer, two are beaten The model of print machine is identical, thus the device identification of first laser printer and the device identification of second laser printer are by one Cause.
Alternatively, in the present embodiment, device identification is obtained by the corresponding driver of the hardware device, when hardware sets After the standby managing device for accessing has been loaded with the driver of the hardware device, when hardware device is inserted into hardware device access interface When, corresponding driver will be activated.And driver sets the device identification of direct access hardware device hardware is forwarded to The standby managing device for accessing.
In S102, judge default equipment registration list whether comprising the device identification.
In the present embodiment, record has registered equipment is corresponding to be set in the managing device memory that hardware device is accessed The equipment registration list of standby identification number composition.After the device identification of the hardware device is got, equipment registration row will be inquired about Table, judges in equipment registration list with the presence or absence of the entry matched with the device identification of the hardware device.
In the present embodiment, when user needs the managing device accessed for hardware device to add new external hardware equipment When, it is necessary to the corresponding device identification of the hardware device is added into the default equipment registration list, and hardware device is carried out Related configuration operation.
In the present embodiment, if default equipment registration list includes the device identification, the related behaviour of S103 is performed Make;If default equipment registration list does not include the device identification, judge that the hardware device is risk hardware device, and close The access interface for accessing the hardware device is closed, until the hardware device extracts the access interface.
In S103, if default registering apparatus list includes the device identification, set up logical with the hardware device Letter connection.
In the present embodiment, if default registering apparatus list includes device identification, then it represents that the hardware device is to have stepped on The hardware device of note, with a certain degree of security, but still needs to carry out the judgement of hardware device legitimacy.
In the present embodiment, when the managing device that hardware device is accessed judges that the hardware device is registered hardware device When, active is in communication with connection, carry out the judgement flow of legitimacy.It should be noted that above-mentioned communication connection is limited The communication connection of property processed, receiving portion accesses the information that hardware device sends.In order to the legitimacy to the hardware device is sentenced It is disconnected, so that the interaction that a communication link enters row information is set up, but because the hardware device there is likely to be security risk, Therefore the communication link needs to limit the information that it is interacted, it is to avoid lawless person distorts user equipment by the communication connection Setting.
It should be noted that in the present embodiment, although hardware device geographically from the point of view of, have access to hardware and set It is not activated yet for the access interface of the managing device for accessing, but its hardware device access interface, and does not set up real communication Connection, it is impossible to carry out information exchange;And only to the hardware device for having completed to register, just activate the access interface, it is allowed to set up logical Letter connection.
In S104, according to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged.
In the present embodiment, the managing device that hardware device is accessed is regular by default legitimate authentication, to the hardware The legitimacy of equipment is judged.Corresponding legal recognize due to for legal hardware device, having been described in its configuration information Card rule of response, when the managing device performs corresponding legitimate authentication flow, legal hardware device can feed back corresponding sound Information is answered, then determines that the hardware device is legal hardware device;And for illegal hardware device, it is pre- due to not learning If legitimate authentication rule, it is impossible to feed back corresponding information.
In the present embodiment, when judging that the hardware device is illegal, then the associative operation of S105 is performed;When judging the hardware Equipment is legal, then the mode altering that will be communicated to connect is connected for general communication, carries out normal information exchange.
In S105, if the hardware device is illegal, the communication connection is disconnected.
In the present embodiment, for illegal hardware device, the communication connection set up in S103 is will be switched off, closing should The access interface of hardware device, has extracted until detecting the hardware device.Thus, it could be seen that the present embodiment is only recognized in legitimacy An interim communication link is set up during card to detect the legitimacy of hardware device, and it is hard for unregistered and illegal Part equipment, will directly disconnect communication connection, so as to prevent lawless person from stealing the data of user and distort device configuration, improve Security.
If above as can be seen that the management method that a kind of hardware device provided in an embodiment of the present invention is accessed passes through to detect Hardware device is accessed, then obtains the corresponding device identification of the hardware device;Judge whether default equipment registration list includes The device identification;If default registering apparatus list includes the device identification, communication link is set up with the hardware device Connect;According to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged;If the hardware device is illegal, The communication connection is then disconnected, such that it is able to actively set up communication connection to registered hardware device, and for unregistered Hardware device does not receive all information of its transmission then;And to registered hardware device, after connection is established communication, Again according to default legitimate authentication rule, the legitimacy of determination hardware equipment, it is seen then that the embodiment of the present invention is without hardware device The managing device of access is chronically at detection state, and resources occupation rate is few, and only to registered hardware device sets up communication link Connect, it is therefore prevented that lawless person steals subscriber data and distorts the configuration of device by the hardware device for accessing, and improves safety Property and confidentiality.
Fig. 2 shows the flow chart of the management method that a kind of hardware device that another embodiment of the present invention is provided is accessed.Ginseng As described in Fig. 2, relative to a upper embodiment, the management method that a kind of hardware device that the present embodiment is provided is accessed is to multiple steps It is defined, details are as follows:
In S201, if detecting access hardware device, the corresponding device identification of the hardware device is obtained.
Because S201 is identical with the step S101 in a upper embodiment, step S101 in an embodiment is specifically referred to Associated description, here is omitted.
In S202, judge default equipment registration list whether comprising the device identification.
Because S202 is identical with the step S102 in a upper embodiment, step S102 in an embodiment is specifically referred to Associated description, here is omitted.
In S203, if default registering apparatus list includes the device identification, set up logical with the hardware device Letter connection.
Because S203 is identical with the step S103 in a upper embodiment, step S103 in an embodiment is specifically referred to Associated description, here is omitted.
Further, it is described according to default equipment legitimate authentication rule as another embodiment of the present invention, judge institute The legitimacy for stating hardware device is specially:
In S204, by default authentication encryption algorithm, the device authentication instruction to generating is encrypted.
In the present embodiment, if hardware device is judged to registered hardware device, a device authentication will be generated and is referred to Information is made, and by default authentication encryption algorithm, device authentication instruction is encrypted, for carrying out legitimacy Authentication operation.
In the present embodiment, in order to improve security and the degree of accuracy of inspection, will be by default authentication encryption algorithm Device authentication instruction is encrypted.The default authentication encryption algorithm can be corresponding with the classification of hardware device.Illustrative Ground, for strip printer, its corresponding default authentication encryption algorithm is the first authentication encryption algorithm;For external-connection displayer, Its corresponding default authentication encryption algorithm is then the second authentication encryption algorithm.
Preferably, in the present embodiment, the authentication encryption algorithm is common authentication enciphered method, i.e., all types of hardware devices Its corresponding authentication encryption algorithm all same.For the ease of compatible newly-increased external hardware equipment, the authentication encryption algorithm is logical With authentication encryption algorithm, when new external hardware equipment is added, it is only necessary to the default equipment registration row in S202 Table adds corresponding hardware identifier and certification decryption corresponding with the authentication encryption algorithm is configured in corresponding hardware device Algorithm, improves the efficiency of hardware device addition operation, simplifies operating procedure.
In S205, the device authentication after encryption is sent to the hardware device and is instructed, so that the hardware device According to default certification decipherment algorithm to encryption after device authentication instruction be decrypted, and feedback device authentication response refers to Order;Wherein described certification decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm.
In the present embodiment, the managing device that hardware device is accessed will be sent by the communication connection channels set up in S203 Device authentication command information after encryption;After the hardware device to be certified gets device authentication instruction, will be by configuring Certification decipherment algorithm in information is decrypted operation to device authentication instruction, and according to the device authentication instruction after decryption, Corresponding device authentication response instruction is generated, the managing device of hardware device access is then fed back to.
Preferably, in the present embodiment, hardware device refers to device authentication response also by default authentication encryption algorithm Order is encrypted operation.
In S206, if receiving the authentication response instruction that the hardware device sends, it is determined that the hardware sets It is standby legal.
In the present embodiment, if receiving the authentication response execution that the hardware device sends, it is determined that hardware device is closed Method, the mode altering that will be communicated to connect is connected for general communication, carries out normal information exchange;If not having within the default time The authentication response instruction is received, then judges that the hardware device is illegal, perform the associative operation of S211.
In embodiments of the present invention, referred to by sending the device authentication processed through default AES to hardware device Order, the legitimacy to hardware device differentiates.It is right because the default authentication encryption algorithm is that each user voluntarily drafts The default authentication encryption algorithm is known in lawless person is more difficult.For illegal hardware device, it is impossible to generate corresponding equipment Authentication response is instructed, and due to the configuration information of legal hardware device in, comprising corresponding decipherment algorithm, therefore can be with Device authentication instruction is understood, and feeds back corresponding response instruction, so as to complete the process of legal verification, improve security.
Further, it is described according to default equipment legitimate authentication rule as another embodiment of the present invention, judge institute Also include after the legitimacy for stating hardware device:
In S207, if the hardware device is legal, by default communication key create-rule, the hardware is determined The corresponding communication key information of equipment.
In the present embodiment, due in the associative operation of S204 to S206, being all by default authentication encryption algorithm Operation is encrypted to interaction data, security performance is relatively low.In order to improve the guarantor of information between user equipment and hardware device Close property, will be by default communication key create-rule, it is determined that communication key information special when being communicated with the hardware device.
In the present embodiment, the communication key information is specifically for the managing device accessed to hardware device and the hardware The communication information of equipment room is encrypted managing device reception or the transmission number that operation and decryption oprerations, i.e. hardware device are accessed It is believed that during breath, all will accordingly be decrypted and cryptographic operation using the communication key information.
In the present embodiment, the default communication key create-rule corresponds to different hardware devices, and generation is corresponding Communication key information, i.e., different its communication key information of hardware device will differ.It can be seen that.In order to be closed in S204 The verification of method, will carry out legal verification operation by the stronger universal key of compatibility;When the legal of hardware device is determined After property, in order to ensure the confidentiality of communication data, encryption and decryption treatment will be carried out using private communication cipher key pair communication data.
Alternatively, in the present embodiment, the default communication key create-rule is specially random key create-rule, leads to Cross random algorithm and generate communication key information at random, the wherein key length of communication key information also determines at random.
In S208, the configuration information of the hardware device is set according to the communication key information.
In the present embodiment, because communication key information is when it is legal hardware device that hardware device is determined Generated.Therefore, the managing device that hardware device is accessed needs the communication key that will be included in the communication key information to accuse Know hardware device, will the communication key set into the configuration information of hardware device, so as to hardware device by the communication it is close Key carries out encryption and decryption to communication data.
It should be noted that in the present embodiment, the configuration information of hardware device is set according to communication key information, not The described default authentication encryption algorithm in configuration information can be covered, although two processes are all that communication data is decrypted Process, but will be stored by different storage regions respectively.
Alternatively, in the present embodiment, if the hardware device has data processing function, the communication key can be believed Breath is sent to hardware device, and hardware device voluntarily extracts the communication key in communication key information, and its configuration information is set Put.
In embodiments of the present invention, by being that hardware device configures special communication key, improve hardware device and The confidentiality and security communicated between the managing device that hardware device is accessed.
Further, it is described that the hardware is set according to the communication key information as another embodiment of the present invention Also include after the configuration information of equipment:
In S209, at predetermined intervals, the communication key information is updated.
In the present embodiment, communication key information will be updated at predetermined intervals, i.e., by above-mentioned communication Key create-rule, generates a new communication key information again.Due to the management accessed when hardware device and hardware device Device is chronically at communications status, if its communication key is cracked by lawless person, will easily steal the Content of Communication of user, causes Potential safety hazard, therefore, the communication key information will be updated at predetermined intervals.
In S210, the configuration information according to the communication key information updating after the renewal.
In the present embodiment, setting is updated to the configuration information of hardware device referring to the associative operation of S208, herein Repeat no more.
In embodiments of the present invention, by regularly updating communication key, security and confidentiality between communication are improve.
In S211, if the hardware device is illegal, the communication connection is disconnected.
Because S211 is identical with the step S105 in a upper embodiment, step S105 in an embodiment is specifically referred to Associated description, here is omitted.
Further, it is described according to default equipment legitimate authentication rule as another embodiment of the present invention, judge institute Also include after the legitimacy for stating hardware device:
In S212, if detect the corresponding communication connection of the hardware device interrupting, obtained described in execution The step of taking the hardware device corresponding device identification.
In the present embodiment, when hardware device is during verifying legitimacy or after the completion of verification, hardware device is accessed Managing device detect communication connection send interrupt, the associative operation of access-in management will be carried out to the hardware device again, i.e., S201 and flow afterwards are performed, detects whether whether the hardware device is registered and legal again.
In embodiments of the present invention, when communication connection is interrupted, access-in management detection is carried out to hardware device again, So as to improve the security and confidentiality of device, it is to avoid lawless person allows illegal hardware by the operation such as quick-speed plug Equipment pretend to be through detection legal hardware device.
Fig. 3 shows the structured flowchart of the managing device that hardware device provided in an embodiment of the present invention is accessed, and the hardware sets The each unit that the standby managing device for accessing includes is used for each step performed in the corresponding embodiments of Fig. 1.Specifically refer to Fig. 1 with The associated description in embodiment corresponding to Fig. 1.For convenience of description, illustrate only part related to the present embodiment.
Referring to Fig. 3, the managing device that the hardware device is accessed includes:
Hardware device detection unit 31, if for detecting access hardware device, obtaining the hardware device corresponding Device identification;
Device identification identifying unit 32, for judging default equipment registration list whether comprising the device identification;
Communication connection unit 33, if including the device identification for default registering apparatus list, with the hardware Equipment sets up communication connection;
Legal identifying unit 34, for according to default equipment legitimate authentication rule, judging the legal of the hardware device Property;
The illegal execution unit 35 of equipment, if illegal for the hardware device, disconnects the communication connection.
Alternatively, it is shown in Figure 4, in another embodiment, the managing device that the hardware device in the embodiment is accessed Including each unit be used for the corresponding embodiment of service chart 2 in each step, details are as follows:
Hardware device detection unit 41, if for detecting access hardware device, obtaining the hardware device corresponding Device identification;
Device identification identifying unit 42, for judging default equipment registration list whether comprising the device identification;
Communication connection unit 43, if including the device identification for default registering apparatus list, with the hardware Equipment sets up communication connection;
Alternatively, the legal identifying unit is specifically included:
Device authentication instructs ciphering unit 44, for by default authentication encryption algorithm, the device authentication to generating to refer to Order is encrypted;
Device authentication instruction sending unit 45, refers to for sending the device authentication after encryption to the hardware device Order so that the hardware device according to default certification decipherment algorithm to encryption after the device authentication instruction be decrypted, And feedback device authentication response is instructed;Wherein described certification decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm;
Authentication response instruction reception unit 46, if referring to for receiving the authentication response that the hardware device sends Order, it is determined that the hardware device is legal.
Alternatively, the managing device that the hardware device is accessed also includes:
Communication key generation unit 47, if legal for the hardware device, generated by default communication key and advised Then, the corresponding communication key information of the hardware device is determined;
Communication key dispensing unit 48, for according to the communication key information set the hardware device with confidence Breath.
Alternatively, the managing device that the hardware device is accessed also includes:
Communication key updating block 49, at predetermined intervals, updating the communication key information;
Cipher key configuration unit 410 is updated, for the configuration information according to the communication key information updating after the renewal.
The illegal execution unit 411 of equipment, if illegal for the hardware device, disconnects the communication connection.
Alternatively, the managing device that the hardware device is accessed also includes:
Communication disruption execution unit 412, if for detect the hardware device it is corresponding it is described communication connection occur in It is disconnected, then perform described the step of obtain the hardware device corresponding device identification.
Therefore, the managing device that hardware device provided in an embodiment of the present invention is accessed can equally set to registered hardware It is standby actively to set up communication connection, and do not receive all information of its transmission then for unregistered hardware device;And to having stepped on The hardware device of note, after connection is established communication, again according to default legitimate authentication rule, the conjunction of determination hardware equipment Method, it is seen then that the embodiment of the present invention is chronically at detection state, resources occupation rate without the managing device that hardware device is accessed It is few, and only to the foundation communication connection of registered hardware device, it is therefore prevented that lawless person steals use by the hardware device for accessing Family data and the configuration of device is distorted, improve security and confidentiality.
It is apparent to those skilled in the art that, for convenience of description and succinctly, only with above-mentioned each work( Energy unit, the division of module are carried out for example, in practical application, as needed can distribute by different above-mentioned functions Functional unit, module are completed, will the internal structure of described device be divided into different functional unit or modules, more than completion The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used Being that unit is individually physically present, it is also possible to which two or more units are integrated in a unit, above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.In addition, each function list Unit, the specific name of module are also only to facilitate mutually differentiation, is not limited to the protection domain of the application.Said system The specific work process of middle unit, module, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Unit and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, depending on the application-specific and design constraint of technical scheme.Professional and technical personnel Described function, but this realization can be realized it is not considered that exceeding using distinct methods to each specific application The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed apparatus and method, can be by other Mode is realized.For example, system embodiment described above is only schematical, for example, the division of the module or unit, It is only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can be with With reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, it is shown or discussed Coupling each other or direct-coupling or communication connection can be by some interfaces, the INDIRECT COUPLING of device or unit or Communication connection, can be electrical, mechanical or other forms.
The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be according to the actual needs selected to realize the mesh of this embodiment scheme 's.
In addition, during each functional module in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that modules are individually physically present, it is also possible to which two or more modules are integrated in a unit.Above-mentioned integrated list Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is to realize in the form of SFU software functional unit and as independent production marketing or use When, can store in a computer read/write memory medium.Based on such understanding, the technical scheme of the embodiment of the present invention The part for substantially being contributed to prior art in other words or all or part of the technical scheme can be with software products Form embody, the computer software product is stored in a storage medium, including some instructions are used to so that one Computer equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform this hair The all or part of step of bright embodiment each embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, Read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic Dish or CD etc. are various can be with the medium of store program codes.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality Example is applied to be described in detail the present invention, it will be understood by those within the art that:It still can be to foregoing each Technical scheme described in embodiment is modified, or carries out equivalent to which part technical characteristic;And these are changed Or replace, do not make the spirit and scope of the essence disengaging various embodiments of the present invention technical scheme of appropriate technical solution, all should It is included within protection scope of the present invention.

Claims (10)

1. the management method that a kind of hardware device is accessed, it is characterised in that the management method that the hardware device is accessed includes:
If detecting access hardware device, the corresponding device identification of the hardware device is obtained;
Judge default equipment registration list whether comprising the device identification;
If default registering apparatus list includes the device identification, set up with the hardware device and communicated to connect;
According to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged;
If the hardware device is illegal, the communication connection is disconnected.
2. the management method that hardware device according to claim 1 is accessed, it is characterised in that described according to default equipment Legitimate authentication rule, judges that the legitimacy of the hardware device is specially:
By default authentication encryption algorithm, the device authentication instruction to generating is encrypted;
Send the device authentication after encryption to the hardware device to instruct, so that the hardware device is according to default certification Decipherment algorithm to encryption after the device authentication instruction be decrypted, and feedback device authentication response instruct;It is wherein described to recognize Card decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm;
If receiving the authentication response instruction that the hardware device sends, it is determined that the hardware device is legal.
3. the management method that hardware device according to claim 1 and 2 is accessed, it is characterised in that described according to default Equipment legitimate authentication rule, also includes after the legitimacy for judging the hardware device:
If the hardware device is legal, by default communication key create-rule, determine that the hardware device is corresponding logical Letter key information;
The configuration information of the hardware device is set according to the communication key information.
4. the management method that hardware device according to claim 3 is accessed, it is characterised in that described close according to the communication Also include after the configuration information of the key information setting hardware device:
At predetermined intervals, the communication key information is updated;
The configuration information according to the communication key information updating after the renewal.
5. the management method that hardware device according to claim 1 is accessed, it is characterised in that described according to default equipment Legitimate authentication rule, also includes after the legitimacy for judging the hardware device:
If detect the corresponding communication connection of the hardware device interrupting, the acquisition hardware device is performed The step of corresponding device identification.
6. the managing device that a kind of hardware device is accessed, it is characterised in that the managing device that the hardware device is accessed includes:
Hardware device detection unit, if for detecting access hardware device, obtaining the corresponding equipment mark of the hardware device Know;
Device identification identifying unit, for judging default equipment registration list whether comprising the device identification;
Communication connection unit, if including the device identification for default registering apparatus list, builds with the hardware device Vertical communication connection;
Legal identifying unit, for according to default equipment legitimate authentication rule, judging the legitimacy of the hardware device;
The illegal execution unit of equipment, if illegal for the hardware device, disconnects the communication connection.
7. the managing device that hardware device according to claim 6 is accessed, it is characterised in that the legal identifying unit tool Body includes:
Device authentication instructs ciphering unit, for by default authentication encryption algorithm, the device authentication instruction to generating to be carried out Encryption;
Device authentication instruction sending unit, instructs for sending the device authentication after encryption to the hardware device, so that The hardware device according to default certification decipherment algorithm to encryption after the device authentication instruction be decrypted, and feedback set Standby authentication response instruction;Wherein described certification decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm;
Authentication response instruction reception unit, if for receiving the authentication response instruction that the hardware device sends, really The fixed hardware device is legal.
8. the managing device that the hardware device according to claim 6 or 7 is accessed, it is characterised in that the hardware device connects The managing device for entering also includes:
Communication key generation unit, if legal for the hardware device, by default communication key create-rule, it is determined that The corresponding communication key information of the hardware device;
Communication key dispensing unit, the configuration information for setting the hardware device according to the communication key information.
9. the managing device that hardware device according to claim 8 is accessed, it is characterised in that what the hardware device was accessed Managing device also includes:
Communication key updating block, at predetermined intervals, updating the communication key information;
Cipher key configuration unit is updated, for the configuration information according to the communication key information updating after the renewal.
10. the managing device that hardware device according to claim 6 is accessed, it is characterised in that the hardware device is accessed Managing device also include:
Communication disruption execution unit, if being interrupted for detecting the corresponding communication connection of the hardware device, holds Row is described the step of obtain the hardware device corresponding device identification.
CN201710091322.5A 2017-02-17 2017-02-17 Management method and its device that a kind of hardware device is accessed Pending CN106899584A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710091322.5A CN106899584A (en) 2017-02-17 2017-02-17 Management method and its device that a kind of hardware device is accessed

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710091322.5A CN106899584A (en) 2017-02-17 2017-02-17 Management method and its device that a kind of hardware device is accessed

Publications (1)

Publication Number Publication Date
CN106899584A true CN106899584A (en) 2017-06-27

Family

ID=59184367

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710091322.5A Pending CN106899584A (en) 2017-02-17 2017-02-17 Management method and its device that a kind of hardware device is accessed

Country Status (1)

Country Link
CN (1) CN106899584A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107195131A (en) * 2017-04-13 2017-09-22 深圳怡化电脑股份有限公司 A kind of method and device of analog hardware equipment
CN108648297A (en) * 2018-04-28 2018-10-12 深圳市元征科技股份有限公司 Equipment detection method and device, storage medium, electronic equipment
CN109067932A (en) * 2018-07-24 2018-12-21 广州贯行电能技术有限公司 A kind of data collection station data transmission method and data service end without fixed IP
CN110232813A (en) * 2019-07-15 2019-09-13 广东电网有限责任公司 A kind of copy controller and copy controller system
CN111711660A (en) * 2020-05-25 2020-09-25 杭州涂鸦信息技术有限公司 Method, device, equipment and storage medium for communication between electronic equipment
CN112272048A (en) * 2020-10-24 2021-01-26 青岛鼎信通讯股份有限公司 Network port locking method applied to medium-voltage carrier communication equipment
CN114710305A (en) * 2020-12-31 2022-07-05 广州视源电子科技股份有限公司 Data processing method, data processing device, computer readable storage medium and processor

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101561855A (en) * 2009-05-27 2009-10-21 北京飞天诚信科技有限公司 Method and system for controlling computer to access USB device
CN102722670A (en) * 2012-05-29 2012-10-10 中国联合网络通信集团有限公司 Mobile storage equipment-based file protection method, equipment and system
CN104537310A (en) * 2014-12-26 2015-04-22 北京奇虎科技有限公司 Method for managing portable storage device and client terminal
CN104615240A (en) * 2014-12-30 2015-05-13 小米科技有限责任公司 Terminal unlocking method and device
CN105915338A (en) * 2016-05-27 2016-08-31 北京中油瑞飞信息技术有限责任公司 Key generation method and key generation system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101561855A (en) * 2009-05-27 2009-10-21 北京飞天诚信科技有限公司 Method and system for controlling computer to access USB device
CN102722670A (en) * 2012-05-29 2012-10-10 中国联合网络通信集团有限公司 Mobile storage equipment-based file protection method, equipment and system
CN104537310A (en) * 2014-12-26 2015-04-22 北京奇虎科技有限公司 Method for managing portable storage device and client terminal
CN104615240A (en) * 2014-12-30 2015-05-13 小米科技有限责任公司 Terminal unlocking method and device
CN105915338A (en) * 2016-05-27 2016-08-31 北京中油瑞飞信息技术有限责任公司 Key generation method and key generation system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107195131A (en) * 2017-04-13 2017-09-22 深圳怡化电脑股份有限公司 A kind of method and device of analog hardware equipment
CN108648297A (en) * 2018-04-28 2018-10-12 深圳市元征科技股份有限公司 Equipment detection method and device, storage medium, electronic equipment
CN109067932A (en) * 2018-07-24 2018-12-21 广州贯行电能技术有限公司 A kind of data collection station data transmission method and data service end without fixed IP
CN110232813A (en) * 2019-07-15 2019-09-13 广东电网有限责任公司 A kind of copy controller and copy controller system
CN111711660A (en) * 2020-05-25 2020-09-25 杭州涂鸦信息技术有限公司 Method, device, equipment and storage medium for communication between electronic equipment
CN112272048A (en) * 2020-10-24 2021-01-26 青岛鼎信通讯股份有限公司 Network port locking method applied to medium-voltage carrier communication equipment
CN114710305A (en) * 2020-12-31 2022-07-05 广州视源电子科技股份有限公司 Data processing method, data processing device, computer readable storage medium and processor

Similar Documents

Publication Publication Date Title
CN106899584A (en) Management method and its device that a kind of hardware device is accessed
EP3099090B1 (en) Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media
CN107645725A (en) Network collocating method and system, routing device and log equipment
CN108541324A (en) A kind of unlocking method of electronic lock device, client and its electronic lock device
CN104144424A (en) Method for establishing connection between devices, configuration device and wireless devices
CN106330857A (en) Client device with certificate and related method
CN103812651B (en) Method of password authentication, apparatus and system
CN106790223A (en) The method and apparatus and its system of a kind of data transfer
CN104868998B (en) A kind of system, apparatus and method that encryption data is supplied to electronic equipment
CN105871777A (en) Wireless router access processing method, wireless router access method and device
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN115208705B (en) Encryption and decryption method and device based on link data self-adaptive adjustment
CN107196917A (en) A kind of service response method and its middleware
CN104243452B (en) A kind of cloud computing access control method and system
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN105610872B (en) Internet-of-things terminal encryption method and internet-of-things terminal encryption device
CN104796262B (en) Data ciphering method and terminal system
CN106550359A (en) The authentication method and system of a kind of terminal and SIM
CN106790036B (en) A kind of information tamper resistant method, device, server and terminal
CN106992978A (en) Network safety managing method and server
CN110519238A (en) A kind of Internet of Things security system and communication means based on cryptographic technique
CN101777097A (en) Monitorable mobile storage device
CN116366364A (en) Terminal data processing method and system for cloud computer
JPH11331181A (en) Network terminal authenticating device
CN107040928B (en) Illegal WIFI detection method, terminal, aaa server and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170627