CN110334502B - Method for managing edge equipment by cloud authorization - Google Patents
Method for managing edge equipment by cloud authorization Download PDFInfo
- Publication number
- CN110334502B CN110334502B CN201910455562.8A CN201910455562A CN110334502B CN 110334502 B CN110334502 B CN 110334502B CN 201910455562 A CN201910455562 A CN 201910455562A CN 110334502 B CN110334502 B CN 110334502B
- Authority
- CN
- China
- Prior art keywords
- equipment
- tool computer
- local
- management
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention discloses a cloud authorization management method, which comprises the steps of adopting third-party equipment as a medium, acquiring the information of management equipment and the authority of a webpage management interface through data updating and exchange authentication, and then carrying out data exchange authentication authority with the third-party equipment. The invention realizes the grouping of the appointed equipment and the grouping of the authorities through the management authorities distributed to the individual users by the cloud, can rapidly update the centralized management information and prevents the abnormality of authority management.
Description
Technical Field
The invention relates to the field of operation and maintenance management of edge equipment, in particular to a method for managing edge equipment by cloud authorization.
Background
In the deployment implementation scene of local computing, the equipment is often huge and scattered, the network connection of the equipment is complex and various, and the maintenance and management of management personnel are very inconvenient. The traditional management method is that the device is entered through an account number and a password, the method is limited by whether the managed device has an input/output device or not, and often, many edge computing devices are not provided with peripheral devices such as a display.
In addition, for a large number of scattered edge devices, if different login account passwords are used, maintenance is very difficult and not easy to change periodically, and using the same account password has a huge security risk. The maintenance of a large number of devices needs to allocate corresponding management rights to different administrators, and the management difficulty is high.
In the traditional network equipment, unified management can be performed through a cloud, but application scenes of the edge computing equipment are complex and various, external network access is limited or external network access cannot be performed, and the management and maintenance problems of the equipment cannot be solved in the existing mode.
Disclosure of Invention
The present invention aims to provide a method for managing edge devices by cloud authorization, which comprises the following steps:
s1, an administrator logs in a cloud server through a browser of a tool computer to obtain authentication data and a driving file;
s2, loading the driving file by a browser of the tool computer and entering a local equipment discovery page;
s3, the tool computer monitors the connection state with the local equipment and discovers page display through the local equipment, and the tool computer judges whether the local equipment is connected or not, if yes, the step S4 is carried out; if not, turning to S8;
s4, switching a local device discovery page in a browser of the tool computer into a local device management page, and exchanging authentication data between the tool computer and the local device;
s5, the local equipment verifies whether the local equipment has authority to access the equipment management system and replies to the tool computer; if yes, turning to S6; if not, prompting by a tool computer and manually inputting authority verification information by an administrator;
s6, carrying out data interaction between the tool computer and the local equipment and carrying out data management on the local equipment;
s7, disconnecting the tool computer from the local equipment, and switching the browser management page into a local equipment discovery page;
and S8, judging whether the local equipment of the tool computer browser finds out the page is closed, if so, destroying the authentication data, and if not, turning to S3.
The invention realizes the above purpose through the following technical scheme: and the third party equipment is adopted as a medium to acquire the authority of the management equipment information and the web page management interface through data updating and exchange authentication, and then the data exchange authentication authority is carried out with the third party equipment.
The invention has the beneficial effects that: the invention does not require local management equipment to be networked, the management authority collar allocated to the individual user by the cloud is flexible and various, the grouping of the appointed equipment and the grouping of the authorities are realized, the centralized management information can be updated rapidly, and the abnormality of authority management is prevented.
Drawings
Fig. 1 is a flow chart of a method of cloud authorization management edge devices.
Detailed Description
The invention is further described below with reference to the accompanying drawings: the method for managing the edge equipment by the cloud authorization comprises the following steps:
s1, an administrator logs in a cloud server through a browser of a tool computer to obtain authentication data and a driving file;
s2, loading the driving file by a browser of the tool computer and entering a local equipment discovery page;
s3, the tool computer monitors the connection state with the local equipment and discovers page display through the local equipment, and the tool computer judges whether the local equipment is connected or not, if yes, the step S4 is carried out; if not, turning to S8;
s4, switching a local device discovery page in a browser of the tool computer into a local device management page, and exchanging authentication data between the tool computer and the local device;
s5, the local equipment verifies whether the local equipment has authority to access the equipment management system and replies to the tool computer; if yes, turning to S6; if not, prompting by a tool computer and manually inputting authority verification information by an administrator;
s6, carrying out data interaction between the tool computer and the local equipment and carrying out data management on the local equipment;
s7, disconnecting the tool computer from the local equipment, and switching the browser management page into a local equipment discovery page;
and S8, judging whether the local equipment of the tool computer browser finds out the page is closed, if so, destroying the authentication data, and if not, turning to S3.
The authentication data comprises characteristic information of a tool computer, characteristic information of a browser used for logging in a cloud server of the tool computer, time data of logging in a cloud service area and a random number sequence, and the authentication data is encrypted through the characteristic information and the random number sequence, so that the obtained temporary encrypted data is guaranteed to have certain timeliness, and the security in the transferring process is improved.
The data in S6 includes operation data of the local device, system device parameter configuration and system state data.
The driving files comprise USB device driving files, ethernet device driving files and wireless device driving files, and are used for calling hardware resources of the tool computer.
The authentication data comprises authentication data of one or more local devices, and a plurality of data packets form a packet data packet to realize authority management of a plurality of groups of devices.
An administrator logs in to a corresponding cloud management service platform through a tool computer and an account number password, the cloud management service platform generates authentication data of management operation of corresponding equipment and a corresponding driving file of communication connection for the administrator, and the tool computer downloads corresponding data through a browser and checks the corresponding data; the authentication data has timeliness and equipment dependence, namely the browser of the tool computer can only be used within a specified time range, the timeliness and the equipment dependence require the tool computer to upload corresponding characteristic information before the cloud server generates the authentication data, and the characteristic information carries local time, equipment information, browser information and the like of the tool computer.
The tool computer monitors the communication port to obtain the equipment characteristic information such as mac address and equipment number connected to the port; when a large number of devices are connected at the same time, the tool computer can shield the unmanageable devices according to the corresponding manageable device information in the authentication data, so that the channel occupation of invalid communication is avoided, and the device authentication efficiency is improved; the tool computer matches and establishes communication connection one by one according to the device list in the authentication data and the connected device list.
After establishing connection with the equipment, exchanging management authority information with the equipment, wherein the management authority information comprises authority encryption data and identity signature data, and after completing the authority information exchange, switching the tool computer to the equipment management page through a browser to carry out corresponding management.
If the local device is connected to the tool computer through a network (WiFi, ethernet, etc.), the implementation process may be to jump to the management page of the local device by the device discovery page link of the tool computer, where the local device serves as a gateway server to provide a web service to the outside.
If the local equipment is connected with the tool computer through a serial port or a USB interface, the tool computer sends a corresponding data request to the serial port or the USB interface by loading a corresponding driving file, the local equipment returns data to the tool computer after receiving the corresponding request, the browser loads the browser driving file, opens the local equipment discovery page and switches to enter the local equipment management page, the data is filled into the corresponding position of the management page in the browser by the tool computer, and similarly, the tool computer sends data to be received by the local equipment.
After the management of the local equipment is completed, disconnecting the tool computer from the local equipment, and switching the browser management page into a local equipment discovery page; the tool computer judges whether the local equipment of the browser finds out the page is closed or not, if so, the authentication data is destroyed.
The invention adopts the third party equipment, namely the tool computer, as a medium to acquire the authority of the management equipment information and the web page management interface through data updating and exchange authentication, and then performs authority verification with the third party equipment.
The invention does not require local management equipment to be networked, the management authority collar allocated to the individual user by the cloud is flexible and various, the grouping of the appointed equipment and the grouping of the authorities are realized, the centralized management information can be updated rapidly, and the abnormality of authority management is prevented.
The technical scheme of the invention is not limited to the specific embodiment, and all technical modifications made according to the technical scheme of the invention fall within the protection scope of the invention.
Claims (3)
1. The method for managing the edge equipment by the cloud authorization is characterized by comprising the following steps:
s1, an administrator logs in a cloud server through a browser of a tool computer to obtain authentication data and a driving file;
s2, loading the driving file by a browser of the tool computer and entering a local equipment discovery page;
s3, the tool computer monitors the connection state with the local equipment and discovers page display through the local equipment, and the tool computer judges whether the local equipment is connected or not, if yes, the step S4 is carried out; if not, turning to S8;
s4, switching a local device discovery page in a browser of the tool computer into a local device management page, and exchanging authentication data between the tool computer and the local device;
s5, the local equipment verifies whether the local equipment has authority to access the equipment management system and replies to the tool computer; if yes, turning to S6; if not, prompting by a tool computer and manually inputting authority verification information by an administrator;
s6, carrying out data interaction between the tool computer and the local equipment and carrying out data management on the local equipment;
s7, disconnecting the tool computer from the local equipment, and switching the browser management page into a local equipment discovery page;
s8, judging whether the local equipment of the tool computer browser finds out the page is closed or not, if so, destroying authentication data, and if not, turning to S3;
the authentication data comprises characteristic information of a tool computer, characteristic information of a browser used for logging in a cloud server of the tool computer, time data for logging in a cloud service area and a random number sequence, and the authentication data is encrypted by the characteristic information and the random number sequence, so that the obtained temporary encryption data is ensured to have certain timeliness, and the security in the transfer process is improved;
the authentication data comprises authentication data of one or more local devices, and a plurality of data packets form a packet data packet to realize authority management of a plurality of groups of devices;
the authentication data has timeliness and equipment dependence, namely the browser of the tool computer can only be used within a specified time range, the timeliness and the equipment dependence require the tool computer to upload corresponding characteristic information before the cloud server generates the authentication data, and the characteristic information carries the local time, equipment information and browser information of the tool computer;
when a large number of devices are connected at the same time, the tool computer can shield the unmanageable devices according to the corresponding manageable device information in the authentication data, so that the channel occupation of invalid communication is avoided, and the device authentication efficiency is improved; the tool computer matches and establishes communication connection one by one according to the device list in the authentication data and the connected device list.
2. The method of cloud authorization management of edge devices of claim 1, wherein the driver files comprise a USB device driver file, an ethernet device driver file, and a wireless device driver file for invoking hardware resources of a tool computer.
3. The method for cloud authorization management of edge devices according to claim 1, wherein the data in S6 includes operation data of a local device, system device parameter configuration and system state data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910455562.8A CN110334502B (en) | 2019-05-29 | 2019-05-29 | Method for managing edge equipment by cloud authorization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910455562.8A CN110334502B (en) | 2019-05-29 | 2019-05-29 | Method for managing edge equipment by cloud authorization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110334502A CN110334502A (en) | 2019-10-15 |
| CN110334502B true CN110334502B (en) | 2023-05-02 |
Family
ID=68140471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910455562.8A Active CN110334502B (en) | 2019-05-29 | 2019-05-29 | Method for managing edge equipment by cloud authorization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110334502B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101043367A (en) * | 2006-06-29 | 2007-09-26 | 华为技术有限公司 | Multi-apparatus management method and system |
| CN102170452A (en) * | 2011-05-19 | 2011-08-31 | 浪潮电子信息产业股份有限公司 | Authorization and management method for cloud storage system |
| CN103516813B (en) * | 2013-10-22 | 2017-05-10 | 视享信息科技(上海)有限公司 | Multi-user online data interaction cloud system |
| CN106682028B (en) * | 2015-11-10 | 2021-01-26 | 阿里巴巴集团控股有限公司 | Method, device and system for acquiring webpage application |
-
2019
- 2019-05-29 CN CN201910455562.8A patent/CN110334502B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110334502A (en) | 2019-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103001999B (en) | For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network | |
| AU2015296791B2 (en) | Method and system for providing a virtual asset perimeter | |
| CN106599694A (en) | Security protection management methods, computer systems and computer-readable storage media | |
| CN103944890A (en) | Virtual interaction system and method based on client/server mode | |
| US10171504B2 (en) | Network access with dynamic authorization | |
| CN107888613B (en) | Management system based on cloud platform | |
| CN102761494B (en) | A kind of ike negotiation processing method and device | |
| US10485043B2 (en) | Multi-connection access point | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| Kravets et al. | Mobile security solution for enterprise network | |
| EP3565216A1 (en) | System and method for trusted mobile communications | |
| CN109104273A (en) | Message processing method and receiving end server | |
| CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
| CN106535089B (en) | Machine-to-machine virtual private network | |
| US20130166677A1 (en) | Role-based access control method and apparatus in distribution system | |
| CN102571811A (en) | User access authority control system and method thereof | |
| CN102752752B (en) | base station maintenance method and apparatus | |
| US20200374957A1 (en) | Multi-connection access point | |
| Griffioen et al. | VIP Lanes: High-speed custom communication paths for authorized flows | |
| CN110334502B (en) | Method for managing edge equipment by cloud authorization | |
| CN114598724B (en) | Security protection method, device, equipment and storage medium for electric power Internet of things | |
| CN114884771B (en) | Identity network construction method, device and system based on zero trust concept | |
| Gomba et al. | Architecture and security considerations for Internet of Things | |
| CN113259347B (en) | Equipment safety system and equipment behavior management method in industrial Internet | |
| CN106899542A (en) | Safety access method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |