CN106899584A - Management method and its device that a kind of hardware device is accessed - Google Patents
Management method and its device that a kind of hardware device is accessed Download PDFInfo
- Publication number
- CN106899584A CN106899584A CN201710091322.5A CN201710091322A CN106899584A CN 106899584 A CN106899584 A CN 106899584A CN 201710091322 A CN201710091322 A CN 201710091322A CN 106899584 A CN106899584 A CN 106899584A
- Authority
- CN
- China
- Prior art keywords
- hardware device
- hardware
- accessed
- default
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The present invention is applied to device management techniques field, there is provided management method and its device that a kind of hardware device is accessed, method include:If detecting access hardware device, the corresponding device identification of hardware device is obtained;Judge default equipment registration list whether comprising device identification;If default registering apparatus list includes device identification, set up with hardware device and communicated to connect;According to default equipment legitimate authentication rule, the legitimacy of hardware device is judged;If hardware device is illegal, communication connection is disconnected.The present invention actively sets up communication connection by registered hardware device, and according to default legitimate authentication rule, the legitimacy of determination hardware equipment, solve the administrative skill that existing hardware device is accessed, the legitimacy of hardware device cannot be judged, when the hardware device is utilized by lawless person, the data for easily stealing user equipment (ue) device and the configuration for distorting device, cause potential safety hazard, security and the relatively low problem of confidentiality.
Description
Technical field
The invention belongs to device management techniques field, more particularly to a kind of management method that accesses of hardware device and its dress
Put.
Background technology
The user of requirement more and more higher with to(for) functions of the equipments, in order to add extra work(to existing apparatus
Can be, it is necessary to external other hardware devices.But the administrative skill that existing hardware device is accessed, it is impossible to the legal of hardware device
Property is judged, when the hardware device is utilized by lawless person, easily steals the data of user equipment (ue) device and distort dress
The configuration put, causes potential safety hazard, and security and confidentiality are relatively low.
The content of the invention
The purpose of the embodiment of the present invention is to provide management method and its device that a kind of hardware device is accessed, it is intended to solved
The administrative skill that existing hardware device is accessed, it is impossible to which the legitimacy to hardware device judges, when the hardware device is not by
When method molecule is utilized, the data for easily stealing user equipment (ue) device and the configuration for distorting device cause potential safety hazard, security
And the relatively low problem of confidentiality.
In a first aspect, the embodiment of the present invention provides the management method that a kind of hardware device is accessed, the hardware device is accessed
Management method include:
If detecting access hardware device, the corresponding device identification of the hardware device is obtained;
Judge default equipment registration list whether comprising the device identification;
If default registering apparatus list includes the device identification, set up with the hardware device and communicated to connect;
According to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged;
If the hardware device is illegal, the communication connection is disconnected.
Second aspect, the embodiment of the present invention provides the managing device that a kind of hardware device is accessed, and the hardware device is accessed
Managing device include:
Hardware device detection unit, if for detecting access hardware device, obtaining that the hardware device is corresponding to be set
Standby mark;
Device identification identifying unit, for judging default equipment registration list whether comprising the device identification;
Communication connection unit, if including the device identification for default registering apparatus list, sets with the hardware
Standby foundation communicates to connect;
Legal identifying unit, for according to default equipment legitimate authentication rule, judging the legitimacy of the hardware device;
The illegal execution unit of equipment, if illegal for the hardware device, disconnects the communication connection.
Implement management method that a kind of hardware device provided in an embodiment of the present invention accesses and its device have it is following beneficial
Effect:
If the embodiment of the present invention obtains the corresponding equipment mark of the hardware device by detecting access hardware device
Know;Judge default equipment registration list whether comprising the device identification;If default registering apparatus list sets comprising described
Standby mark, then set up with the hardware device and communicate to connect;According to default equipment legitimate authentication rule, judge that the hardware sets
Standby legitimacy;If the hardware device is illegal, the communication connection is disconnected, such that it is able to registered hardware device
Communication connection is actively set up, and does not receive all information of its transmission then for unregistered hardware device;And to registered
Hardware device, establish communication connection after, again according to default legitimate authentication rule, determination hardware equipment it is legal
Property, it is seen then that the embodiment of the present invention is chronically at detection state without the managing device that hardware device is accessed, and resources occupation rate is few,
And only to the foundation communication connection of registered hardware device, it is therefore prevented that lawless person steals user and provides by the hardware device for accessing
Expect and distort the configuration of device, improve security and confidentiality.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to embodiment or description of the prior art
Needed for the accompanying drawing to be used be briefly described, it should be apparent that, drawings in the following description are only more of the invention
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the flow chart of the management method that a kind of hardware device provided in an embodiment of the present invention is accessed;
Fig. 2 is the flow chart of the management method that a kind of hardware device that another embodiment of the present invention is provided is accessed;
Fig. 3 is the structured flowchart of the managing device that a kind of hardware device provided in an embodiment of the present invention is accessed;
Fig. 4 is the structured flowchart of the managing device that a kind of hardware device that another embodiment of the present invention is provided is accessed.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
The embodiment of the present invention actively sets up communication connection by registered hardware device, and for unregistered hardware
Equipment does not receive all information of its transmission then;And to registered hardware device, after connection is established communication, again
According to default legitimate authentication rule, the legitimacy of determination hardware equipment solves the management skill that existing hardware device is accessed
Art, it is impossible to which the legitimacy to hardware device judges, when the hardware device is utilized by lawless person, easily steals user and sets
The data of standby device and the configuration of device is distorted, cause potential safety hazard, security and the relatively low problem of confidentiality.
In embodiments of the present invention, the executive agent of flow is the managing device that hardware device is accessed.The hardware device connects
The managing device for entering refers specifically to the device with least one hardware device access interface, illustratively, the hardware device
The managing device of access is financial terminal, and the financial terminal includes journal printer interface, strip printer interface, terminal interconnection
Interface etc..The all hardware equipment access interface that the managing device that the hardware device is accessed is included to it is provided according to the present embodiment
Method carry out hardware device access-in management.Fig. 1 shows the management method that hardware device provided in an embodiment of the present invention is accessed
Realize flow chart, details are as follows:
In S101, if detecting access hardware device, the corresponding device identification of the hardware device is obtained.
In the present embodiment, when hardware device is accessed by hardware device access interface, hardware device incoming end
Generation one is accessed trigger signal by mouth, when the managing device that hardware device is accessed detects the access trigger signal, then really
Surely there is hardware device that access operation occurs, carry out access-in management.
In the present embodiment, the managing device that hardware device is accessed can't be always maintained at hardware device access-in management mould
Formula, only when connect detect hardware device access interface will generate access trigger signal when, can just start access-in management pattern,
And the detection of trigger signal, compared with the monitoring for carrying out hardware device by thread, resource occupation is less, can improve hardware device
The managing device of access data utilization rate at one's leisure.
In the present embodiment, when access hardware device is detected, it is hard that the managing device that hardware device is accessed will obtain this
The device identification of part equipment.The device identification is included but is not limited to:Manufacturer ID (Vendor Identify, VID), product
Identification code (Product Identity, PID) and physical address (Media Access Control Address, MAC ground
Location) etc..
Alternatively, in the present embodiment, device identification is used to represent the type of hardware device, for same type of difference
Equipment, its device identification can be with identical.Illustratively, existing first laser printer and second laser printer, two are beaten
The model of print machine is identical, thus the device identification of first laser printer and the device identification of second laser printer are by one
Cause.
Alternatively, in the present embodiment, device identification is obtained by the corresponding driver of the hardware device, when hardware sets
After the standby managing device for accessing has been loaded with the driver of the hardware device, when hardware device is inserted into hardware device access interface
When, corresponding driver will be activated.And driver sets the device identification of direct access hardware device hardware is forwarded to
The standby managing device for accessing.
In S102, judge default equipment registration list whether comprising the device identification.
In the present embodiment, record has registered equipment is corresponding to be set in the managing device memory that hardware device is accessed
The equipment registration list of standby identification number composition.After the device identification of the hardware device is got, equipment registration row will be inquired about
Table, judges in equipment registration list with the presence or absence of the entry matched with the device identification of the hardware device.
In the present embodiment, when user needs the managing device accessed for hardware device to add new external hardware equipment
When, it is necessary to the corresponding device identification of the hardware device is added into the default equipment registration list, and hardware device is carried out
Related configuration operation.
In the present embodiment, if default equipment registration list includes the device identification, the related behaviour of S103 is performed
Make;If default equipment registration list does not include the device identification, judge that the hardware device is risk hardware device, and close
The access interface for accessing the hardware device is closed, until the hardware device extracts the access interface.
In S103, if default registering apparatus list includes the device identification, set up logical with the hardware device
Letter connection.
In the present embodiment, if default registering apparatus list includes device identification, then it represents that the hardware device is to have stepped on
The hardware device of note, with a certain degree of security, but still needs to carry out the judgement of hardware device legitimacy.
In the present embodiment, when the managing device that hardware device is accessed judges that the hardware device is registered hardware device
When, active is in communication with connection, carry out the judgement flow of legitimacy.It should be noted that above-mentioned communication connection is limited
The communication connection of property processed, receiving portion accesses the information that hardware device sends.In order to the legitimacy to the hardware device is sentenced
It is disconnected, so that the interaction that a communication link enters row information is set up, but because the hardware device there is likely to be security risk,
Therefore the communication link needs to limit the information that it is interacted, it is to avoid lawless person distorts user equipment by the communication connection
Setting.
It should be noted that in the present embodiment, although hardware device geographically from the point of view of, have access to hardware and set
It is not activated yet for the access interface of the managing device for accessing, but its hardware device access interface, and does not set up real communication
Connection, it is impossible to carry out information exchange;And only to the hardware device for having completed to register, just activate the access interface, it is allowed to set up logical
Letter connection.
In S104, according to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged.
In the present embodiment, the managing device that hardware device is accessed is regular by default legitimate authentication, to the hardware
The legitimacy of equipment is judged.Corresponding legal recognize due to for legal hardware device, having been described in its configuration information
Card rule of response, when the managing device performs corresponding legitimate authentication flow, legal hardware device can feed back corresponding sound
Information is answered, then determines that the hardware device is legal hardware device;And for illegal hardware device, it is pre- due to not learning
If legitimate authentication rule, it is impossible to feed back corresponding information.
In the present embodiment, when judging that the hardware device is illegal, then the associative operation of S105 is performed;When judging the hardware
Equipment is legal, then the mode altering that will be communicated to connect is connected for general communication, carries out normal information exchange.
In S105, if the hardware device is illegal, the communication connection is disconnected.
In the present embodiment, for illegal hardware device, the communication connection set up in S103 is will be switched off, closing should
The access interface of hardware device, has extracted until detecting the hardware device.Thus, it could be seen that the present embodiment is only recognized in legitimacy
An interim communication link is set up during card to detect the legitimacy of hardware device, and it is hard for unregistered and illegal
Part equipment, will directly disconnect communication connection, so as to prevent lawless person from stealing the data of user and distort device configuration, improve
Security.
If above as can be seen that the management method that a kind of hardware device provided in an embodiment of the present invention is accessed passes through to detect
Hardware device is accessed, then obtains the corresponding device identification of the hardware device;Judge whether default equipment registration list includes
The device identification;If default registering apparatus list includes the device identification, communication link is set up with the hardware device
Connect;According to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged;If the hardware device is illegal,
The communication connection is then disconnected, such that it is able to actively set up communication connection to registered hardware device, and for unregistered
Hardware device does not receive all information of its transmission then;And to registered hardware device, after connection is established communication,
Again according to default legitimate authentication rule, the legitimacy of determination hardware equipment, it is seen then that the embodiment of the present invention is without hardware device
The managing device of access is chronically at detection state, and resources occupation rate is few, and only to registered hardware device sets up communication link
Connect, it is therefore prevented that lawless person steals subscriber data and distorts the configuration of device by the hardware device for accessing, and improves safety
Property and confidentiality.
Fig. 2 shows the flow chart of the management method that a kind of hardware device that another embodiment of the present invention is provided is accessed.Ginseng
As described in Fig. 2, relative to a upper embodiment, the management method that a kind of hardware device that the present embodiment is provided is accessed is to multiple steps
It is defined, details are as follows:
In S201, if detecting access hardware device, the corresponding device identification of the hardware device is obtained.
Because S201 is identical with the step S101 in a upper embodiment, step S101 in an embodiment is specifically referred to
Associated description, here is omitted.
In S202, judge default equipment registration list whether comprising the device identification.
Because S202 is identical with the step S102 in a upper embodiment, step S102 in an embodiment is specifically referred to
Associated description, here is omitted.
In S203, if default registering apparatus list includes the device identification, set up logical with the hardware device
Letter connection.
Because S203 is identical with the step S103 in a upper embodiment, step S103 in an embodiment is specifically referred to
Associated description, here is omitted.
Further, it is described according to default equipment legitimate authentication rule as another embodiment of the present invention, judge institute
The legitimacy for stating hardware device is specially:
In S204, by default authentication encryption algorithm, the device authentication instruction to generating is encrypted.
In the present embodiment, if hardware device is judged to registered hardware device, a device authentication will be generated and is referred to
Information is made, and by default authentication encryption algorithm, device authentication instruction is encrypted, for carrying out legitimacy
Authentication operation.
In the present embodiment, in order to improve security and the degree of accuracy of inspection, will be by default authentication encryption algorithm
Device authentication instruction is encrypted.The default authentication encryption algorithm can be corresponding with the classification of hardware device.Illustrative
Ground, for strip printer, its corresponding default authentication encryption algorithm is the first authentication encryption algorithm;For external-connection displayer,
Its corresponding default authentication encryption algorithm is then the second authentication encryption algorithm.
Preferably, in the present embodiment, the authentication encryption algorithm is common authentication enciphered method, i.e., all types of hardware devices
Its corresponding authentication encryption algorithm all same.For the ease of compatible newly-increased external hardware equipment, the authentication encryption algorithm is logical
With authentication encryption algorithm, when new external hardware equipment is added, it is only necessary to the default equipment registration row in S202
Table adds corresponding hardware identifier and certification decryption corresponding with the authentication encryption algorithm is configured in corresponding hardware device
Algorithm, improves the efficiency of hardware device addition operation, simplifies operating procedure.
In S205, the device authentication after encryption is sent to the hardware device and is instructed, so that the hardware device
According to default certification decipherment algorithm to encryption after device authentication instruction be decrypted, and feedback device authentication response refers to
Order;Wherein described certification decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm.
In the present embodiment, the managing device that hardware device is accessed will be sent by the communication connection channels set up in S203
Device authentication command information after encryption;After the hardware device to be certified gets device authentication instruction, will be by configuring
Certification decipherment algorithm in information is decrypted operation to device authentication instruction, and according to the device authentication instruction after decryption,
Corresponding device authentication response instruction is generated, the managing device of hardware device access is then fed back to.
Preferably, in the present embodiment, hardware device refers to device authentication response also by default authentication encryption algorithm
Order is encrypted operation.
In S206, if receiving the authentication response instruction that the hardware device sends, it is determined that the hardware sets
It is standby legal.
In the present embodiment, if receiving the authentication response execution that the hardware device sends, it is determined that hardware device is closed
Method, the mode altering that will be communicated to connect is connected for general communication, carries out normal information exchange;If not having within the default time
The authentication response instruction is received, then judges that the hardware device is illegal, perform the associative operation of S211.
In embodiments of the present invention, referred to by sending the device authentication processed through default AES to hardware device
Order, the legitimacy to hardware device differentiates.It is right because the default authentication encryption algorithm is that each user voluntarily drafts
The default authentication encryption algorithm is known in lawless person is more difficult.For illegal hardware device, it is impossible to generate corresponding equipment
Authentication response is instructed, and due to the configuration information of legal hardware device in, comprising corresponding decipherment algorithm, therefore can be with
Device authentication instruction is understood, and feeds back corresponding response instruction, so as to complete the process of legal verification, improve security.
Further, it is described according to default equipment legitimate authentication rule as another embodiment of the present invention, judge institute
Also include after the legitimacy for stating hardware device:
In S207, if the hardware device is legal, by default communication key create-rule, the hardware is determined
The corresponding communication key information of equipment.
In the present embodiment, due in the associative operation of S204 to S206, being all by default authentication encryption algorithm
Operation is encrypted to interaction data, security performance is relatively low.In order to improve the guarantor of information between user equipment and hardware device
Close property, will be by default communication key create-rule, it is determined that communication key information special when being communicated with the hardware device.
In the present embodiment, the communication key information is specifically for the managing device accessed to hardware device and the hardware
The communication information of equipment room is encrypted managing device reception or the transmission number that operation and decryption oprerations, i.e. hardware device are accessed
It is believed that during breath, all will accordingly be decrypted and cryptographic operation using the communication key information.
In the present embodiment, the default communication key create-rule corresponds to different hardware devices, and generation is corresponding
Communication key information, i.e., different its communication key information of hardware device will differ.It can be seen that.In order to be closed in S204
The verification of method, will carry out legal verification operation by the stronger universal key of compatibility;When the legal of hardware device is determined
After property, in order to ensure the confidentiality of communication data, encryption and decryption treatment will be carried out using private communication cipher key pair communication data.
Alternatively, in the present embodiment, the default communication key create-rule is specially random key create-rule, leads to
Cross random algorithm and generate communication key information at random, the wherein key length of communication key information also determines at random.
In S208, the configuration information of the hardware device is set according to the communication key information.
In the present embodiment, because communication key information is when it is legal hardware device that hardware device is determined
Generated.Therefore, the managing device that hardware device is accessed needs the communication key that will be included in the communication key information to accuse
Know hardware device, will the communication key set into the configuration information of hardware device, so as to hardware device by the communication it is close
Key carries out encryption and decryption to communication data.
It should be noted that in the present embodiment, the configuration information of hardware device is set according to communication key information, not
The described default authentication encryption algorithm in configuration information can be covered, although two processes are all that communication data is decrypted
Process, but will be stored by different storage regions respectively.
Alternatively, in the present embodiment, if the hardware device has data processing function, the communication key can be believed
Breath is sent to hardware device, and hardware device voluntarily extracts the communication key in communication key information, and its configuration information is set
Put.
In embodiments of the present invention, by being that hardware device configures special communication key, improve hardware device and
The confidentiality and security communicated between the managing device that hardware device is accessed.
Further, it is described that the hardware is set according to the communication key information as another embodiment of the present invention
Also include after the configuration information of equipment:
In S209, at predetermined intervals, the communication key information is updated.
In the present embodiment, communication key information will be updated at predetermined intervals, i.e., by above-mentioned communication
Key create-rule, generates a new communication key information again.Due to the management accessed when hardware device and hardware device
Device is chronically at communications status, if its communication key is cracked by lawless person, will easily steal the Content of Communication of user, causes
Potential safety hazard, therefore, the communication key information will be updated at predetermined intervals.
In S210, the configuration information according to the communication key information updating after the renewal.
In the present embodiment, setting is updated to the configuration information of hardware device referring to the associative operation of S208, herein
Repeat no more.
In embodiments of the present invention, by regularly updating communication key, security and confidentiality between communication are improve.
In S211, if the hardware device is illegal, the communication connection is disconnected.
Because S211 is identical with the step S105 in a upper embodiment, step S105 in an embodiment is specifically referred to
Associated description, here is omitted.
Further, it is described according to default equipment legitimate authentication rule as another embodiment of the present invention, judge institute
Also include after the legitimacy for stating hardware device:
In S212, if detect the corresponding communication connection of the hardware device interrupting, obtained described in execution
The step of taking the hardware device corresponding device identification.
In the present embodiment, when hardware device is during verifying legitimacy or after the completion of verification, hardware device is accessed
Managing device detect communication connection send interrupt, the associative operation of access-in management will be carried out to the hardware device again, i.e.,
S201 and flow afterwards are performed, detects whether whether the hardware device is registered and legal again.
In embodiments of the present invention, when communication connection is interrupted, access-in management detection is carried out to hardware device again,
So as to improve the security and confidentiality of device, it is to avoid lawless person allows illegal hardware by the operation such as quick-speed plug
Equipment pretend to be through detection legal hardware device.
Fig. 3 shows the structured flowchart of the managing device that hardware device provided in an embodiment of the present invention is accessed, and the hardware sets
The each unit that the standby managing device for accessing includes is used for each step performed in the corresponding embodiments of Fig. 1.Specifically refer to Fig. 1 with
The associated description in embodiment corresponding to Fig. 1.For convenience of description, illustrate only part related to the present embodiment.
Referring to Fig. 3, the managing device that the hardware device is accessed includes:
Hardware device detection unit 31, if for detecting access hardware device, obtaining the hardware device corresponding
Device identification;
Device identification identifying unit 32, for judging default equipment registration list whether comprising the device identification;
Communication connection unit 33, if including the device identification for default registering apparatus list, with the hardware
Equipment sets up communication connection;
Legal identifying unit 34, for according to default equipment legitimate authentication rule, judging the legal of the hardware device
Property;
The illegal execution unit 35 of equipment, if illegal for the hardware device, disconnects the communication connection.
Alternatively, it is shown in Figure 4, in another embodiment, the managing device that the hardware device in the embodiment is accessed
Including each unit be used for the corresponding embodiment of service chart 2 in each step, details are as follows:
Hardware device detection unit 41, if for detecting access hardware device, obtaining the hardware device corresponding
Device identification;
Device identification identifying unit 42, for judging default equipment registration list whether comprising the device identification;
Communication connection unit 43, if including the device identification for default registering apparatus list, with the hardware
Equipment sets up communication connection;
Alternatively, the legal identifying unit is specifically included:
Device authentication instructs ciphering unit 44, for by default authentication encryption algorithm, the device authentication to generating to refer to
Order is encrypted;
Device authentication instruction sending unit 45, refers to for sending the device authentication after encryption to the hardware device
Order so that the hardware device according to default certification decipherment algorithm to encryption after the device authentication instruction be decrypted,
And feedback device authentication response is instructed;Wherein described certification decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm;
Authentication response instruction reception unit 46, if referring to for receiving the authentication response that the hardware device sends
Order, it is determined that the hardware device is legal.
Alternatively, the managing device that the hardware device is accessed also includes:
Communication key generation unit 47, if legal for the hardware device, generated by default communication key and advised
Then, the corresponding communication key information of the hardware device is determined;
Communication key dispensing unit 48, for according to the communication key information set the hardware device with confidence
Breath.
Alternatively, the managing device that the hardware device is accessed also includes:
Communication key updating block 49, at predetermined intervals, updating the communication key information;
Cipher key configuration unit 410 is updated, for the configuration information according to the communication key information updating after the renewal.
The illegal execution unit 411 of equipment, if illegal for the hardware device, disconnects the communication connection.
Alternatively, the managing device that the hardware device is accessed also includes:
Communication disruption execution unit 412, if for detect the hardware device it is corresponding it is described communication connection occur in
It is disconnected, then perform described the step of obtain the hardware device corresponding device identification.
Therefore, the managing device that hardware device provided in an embodiment of the present invention is accessed can equally set to registered hardware
It is standby actively to set up communication connection, and do not receive all information of its transmission then for unregistered hardware device;And to having stepped on
The hardware device of note, after connection is established communication, again according to default legitimate authentication rule, the conjunction of determination hardware equipment
Method, it is seen then that the embodiment of the present invention is chronically at detection state, resources occupation rate without the managing device that hardware device is accessed
It is few, and only to the foundation communication connection of registered hardware device, it is therefore prevented that lawless person steals use by the hardware device for accessing
Family data and the configuration of device is distorted, improve security and confidentiality.
It is apparent to those skilled in the art that, for convenience of description and succinctly, only with above-mentioned each work(
Energy unit, the division of module are carried out for example, in practical application, as needed can distribute by different above-mentioned functions
Functional unit, module are completed, will the internal structure of described device be divided into different functional unit or modules, more than completion
The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used
Being that unit is individually physically present, it is also possible to which two or more units are integrated in a unit, above-mentioned integrated
Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.In addition, each function list
Unit, the specific name of module are also only to facilitate mutually differentiation, is not limited to the protection domain of the application.Said system
The specific work process of middle unit, module, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Unit and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, depending on the application-specific and design constraint of technical scheme.Professional and technical personnel
Described function, but this realization can be realized it is not considered that exceeding using distinct methods to each specific application
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed apparatus and method, can be by other
Mode is realized.For example, system embodiment described above is only schematical, for example, the division of the module or unit,
It is only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can be with
With reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, it is shown or discussed
Coupling each other or direct-coupling or communication connection can be by some interfaces, the INDIRECT COUPLING of device or unit or
Communication connection, can be electrical, mechanical or other forms.
The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be according to the actual needs selected to realize the mesh of this embodiment scheme
's.
In addition, during each functional module in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that modules are individually physically present, it is also possible to which two or more modules are integrated in a unit.Above-mentioned integrated list
Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is to realize in the form of SFU software functional unit and as independent production marketing or use
When, can store in a computer read/write memory medium.Based on such understanding, the technical scheme of the embodiment of the present invention
The part for substantially being contributed to prior art in other words or all or part of the technical scheme can be with software products
Form embody, the computer software product is stored in a storage medium, including some instructions are used to so that one
Computer equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform this hair
The all or part of step of bright embodiment each embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk,
Read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic
Dish or CD etc. are various can be with the medium of store program codes.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality
Example is applied to be described in detail the present invention, it will be understood by those within the art that:It still can be to foregoing each
Technical scheme described in embodiment is modified, or carries out equivalent to which part technical characteristic;And these are changed
Or replace, do not make the spirit and scope of the essence disengaging various embodiments of the present invention technical scheme of appropriate technical solution, all should
It is included within protection scope of the present invention.
Claims (10)
1. the management method that a kind of hardware device is accessed, it is characterised in that the management method that the hardware device is accessed includes:
If detecting access hardware device, the corresponding device identification of the hardware device is obtained;
Judge default equipment registration list whether comprising the device identification;
If default registering apparatus list includes the device identification, set up with the hardware device and communicated to connect;
According to default equipment legitimate authentication rule, the legitimacy of the hardware device is judged;
If the hardware device is illegal, the communication connection is disconnected.
2. the management method that hardware device according to claim 1 is accessed, it is characterised in that described according to default equipment
Legitimate authentication rule, judges that the legitimacy of the hardware device is specially:
By default authentication encryption algorithm, the device authentication instruction to generating is encrypted;
Send the device authentication after encryption to the hardware device to instruct, so that the hardware device is according to default certification
Decipherment algorithm to encryption after the device authentication instruction be decrypted, and feedback device authentication response instruct;It is wherein described to recognize
Card decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm;
If receiving the authentication response instruction that the hardware device sends, it is determined that the hardware device is legal.
3. the management method that hardware device according to claim 1 and 2 is accessed, it is characterised in that described according to default
Equipment legitimate authentication rule, also includes after the legitimacy for judging the hardware device:
If the hardware device is legal, by default communication key create-rule, determine that the hardware device is corresponding logical
Letter key information;
The configuration information of the hardware device is set according to the communication key information.
4. the management method that hardware device according to claim 3 is accessed, it is characterised in that described close according to the communication
Also include after the configuration information of the key information setting hardware device:
At predetermined intervals, the communication key information is updated;
The configuration information according to the communication key information updating after the renewal.
5. the management method that hardware device according to claim 1 is accessed, it is characterised in that described according to default equipment
Legitimate authentication rule, also includes after the legitimacy for judging the hardware device:
If detect the corresponding communication connection of the hardware device interrupting, the acquisition hardware device is performed
The step of corresponding device identification.
6. the managing device that a kind of hardware device is accessed, it is characterised in that the managing device that the hardware device is accessed includes:
Hardware device detection unit, if for detecting access hardware device, obtaining the corresponding equipment mark of the hardware device
Know;
Device identification identifying unit, for judging default equipment registration list whether comprising the device identification;
Communication connection unit, if including the device identification for default registering apparatus list, builds with the hardware device
Vertical communication connection;
Legal identifying unit, for according to default equipment legitimate authentication rule, judging the legitimacy of the hardware device;
The illegal execution unit of equipment, if illegal for the hardware device, disconnects the communication connection.
7. the managing device that hardware device according to claim 6 is accessed, it is characterised in that the legal identifying unit tool
Body includes:
Device authentication instructs ciphering unit, for by default authentication encryption algorithm, the device authentication instruction to generating to be carried out
Encryption;
Device authentication instruction sending unit, instructs for sending the device authentication after encryption to the hardware device, so that
The hardware device according to default certification decipherment algorithm to encryption after the device authentication instruction be decrypted, and feedback set
Standby authentication response instruction;Wherein described certification decipherment algorithm is the decipherment algorithm matched with authentication encryption algorithm;
Authentication response instruction reception unit, if for receiving the authentication response instruction that the hardware device sends, really
The fixed hardware device is legal.
8. the managing device that the hardware device according to claim 6 or 7 is accessed, it is characterised in that the hardware device connects
The managing device for entering also includes:
Communication key generation unit, if legal for the hardware device, by default communication key create-rule, it is determined that
The corresponding communication key information of the hardware device;
Communication key dispensing unit, the configuration information for setting the hardware device according to the communication key information.
9. the managing device that hardware device according to claim 8 is accessed, it is characterised in that what the hardware device was accessed
Managing device also includes:
Communication key updating block, at predetermined intervals, updating the communication key information;
Cipher key configuration unit is updated, for the configuration information according to the communication key information updating after the renewal.
10. the managing device that hardware device according to claim 6 is accessed, it is characterised in that the hardware device is accessed
Managing device also include:
Communication disruption execution unit, if being interrupted for detecting the corresponding communication connection of the hardware device, holds
Row is described the step of obtain the hardware device corresponding device identification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710091322.5A CN106899584A (en) | 2017-02-17 | 2017-02-17 | Management method and its device that a kind of hardware device is accessed |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710091322.5A CN106899584A (en) | 2017-02-17 | 2017-02-17 | Management method and its device that a kind of hardware device is accessed |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106899584A true CN106899584A (en) | 2017-06-27 |
Family
ID=59184367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710091322.5A Pending CN106899584A (en) | 2017-02-17 | 2017-02-17 | Management method and its device that a kind of hardware device is accessed |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106899584A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107195131A (en) * | 2017-04-13 | 2017-09-22 | 深圳怡化电脑股份有限公司 | A kind of method and device of analog hardware equipment |
CN108648297A (en) * | 2018-04-28 | 2018-10-12 | 深圳市元征科技股份有限公司 | Equipment detection method and device, storage medium, electronic equipment |
CN109067932A (en) * | 2018-07-24 | 2018-12-21 | 广州贯行电能技术有限公司 | A kind of data collection station data transmission method and data service end without fixed IP |
CN110232813A (en) * | 2019-07-15 | 2019-09-13 | 广东电网有限责任公司 | A kind of copy controller and copy controller system |
CN111711660A (en) * | 2020-05-25 | 2020-09-25 | 杭州涂鸦信息技术有限公司 | Method, device, equipment and storage medium for communication between electronic equipment |
CN112272048A (en) * | 2020-10-24 | 2021-01-26 | 青岛鼎信通讯股份有限公司 | Network port locking method applied to medium-voltage carrier communication equipment |
CN114710305A (en) * | 2020-12-31 | 2022-07-05 | 广州视源电子科技股份有限公司 | Data processing method, data processing device, computer readable storage medium and processor |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101561855A (en) * | 2009-05-27 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method and system for controlling computer to access USB device |
CN102722670A (en) * | 2012-05-29 | 2012-10-10 | 中国联合网络通信集团有限公司 | Mobile storage equipment-based file protection method, equipment and system |
CN104537310A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method for managing portable storage device and client terminal |
CN104615240A (en) * | 2014-12-30 | 2015-05-13 | 小米科技有限责任公司 | Terminal unlocking method and device |
CN105915338A (en) * | 2016-05-27 | 2016-08-31 | 北京中油瑞飞信息技术有限责任公司 | Key generation method and key generation system |
-
2017
- 2017-02-17 CN CN201710091322.5A patent/CN106899584A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101561855A (en) * | 2009-05-27 | 2009-10-21 | 北京飞天诚信科技有限公司 | Method and system for controlling computer to access USB device |
CN102722670A (en) * | 2012-05-29 | 2012-10-10 | 中国联合网络通信集团有限公司 | Mobile storage equipment-based file protection method, equipment and system |
CN104537310A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method for managing portable storage device and client terminal |
CN104615240A (en) * | 2014-12-30 | 2015-05-13 | 小米科技有限责任公司 | Terminal unlocking method and device |
CN105915338A (en) * | 2016-05-27 | 2016-08-31 | 北京中油瑞飞信息技术有限责任公司 | Key generation method and key generation system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107195131A (en) * | 2017-04-13 | 2017-09-22 | 深圳怡化电脑股份有限公司 | A kind of method and device of analog hardware equipment |
CN108648297A (en) * | 2018-04-28 | 2018-10-12 | 深圳市元征科技股份有限公司 | Equipment detection method and device, storage medium, electronic equipment |
CN109067932A (en) * | 2018-07-24 | 2018-12-21 | 广州贯行电能技术有限公司 | A kind of data collection station data transmission method and data service end without fixed IP |
CN110232813A (en) * | 2019-07-15 | 2019-09-13 | 广东电网有限责任公司 | A kind of copy controller and copy controller system |
CN111711660A (en) * | 2020-05-25 | 2020-09-25 | 杭州涂鸦信息技术有限公司 | Method, device, equipment and storage medium for communication between electronic equipment |
CN112272048A (en) * | 2020-10-24 | 2021-01-26 | 青岛鼎信通讯股份有限公司 | Network port locking method applied to medium-voltage carrier communication equipment |
CN114710305A (en) * | 2020-12-31 | 2022-07-05 | 广州视源电子科技股份有限公司 | Data processing method, data processing device, computer readable storage medium and processor |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106899584A (en) | Management method and its device that a kind of hardware device is accessed | |
EP3099090B1 (en) | Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media | |
CN107645725A (en) | Network collocating method and system, routing device and log equipment | |
CN108541324A (en) | A kind of unlocking method of electronic lock device, client and its electronic lock device | |
CN104144424A (en) | Method for establishing connection between devices, configuration device and wireless devices | |
CN106330857A (en) | Client device with certificate and related method | |
CN103812651B (en) | Method of password authentication, apparatus and system | |
CN106790223A (en) | The method and apparatus and its system of a kind of data transfer | |
CN104868998B (en) | A kind of system, apparatus and method that encryption data is supplied to electronic equipment | |
CN105871777A (en) | Wireless router access processing method, wireless router access method and device | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN115208705B (en) | Encryption and decryption method and device based on link data self-adaptive adjustment | |
CN107196917A (en) | A kind of service response method and its middleware | |
CN104243452B (en) | A kind of cloud computing access control method and system | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
CN104796262B (en) | Data ciphering method and terminal system | |
CN106550359A (en) | The authentication method and system of a kind of terminal and SIM | |
CN106790036B (en) | A kind of information tamper resistant method, device, server and terminal | |
CN106992978A (en) | Network safety managing method and server | |
CN110519238A (en) | A kind of Internet of Things security system and communication means based on cryptographic technique | |
CN101777097A (en) | Monitorable mobile storage device | |
CN116366364A (en) | Terminal data processing method and system for cloud computer | |
JPH11331181A (en) | Network terminal authenticating device | |
CN107040928B (en) | Illegal WIFI detection method, terminal, aaa server and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170627 |