CN110365701B - Client terminal equipment management method and device, computing equipment and storage medium - Google Patents

Client terminal equipment management method and device, computing equipment and storage medium Download PDF

Info

Publication number
CN110365701B
CN110365701B CN201910694060.0A CN201910694060A CN110365701B CN 110365701 B CN110365701 B CN 110365701B CN 201910694060 A CN201910694060 A CN 201910694060A CN 110365701 B CN110365701 B CN 110365701B
Authority
CN
China
Prior art keywords
user terminal
terminal equipment
token
port
security policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910694060.0A
Other languages
Chinese (zh)
Other versions
CN110365701A (en
Inventor
王华涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cloudminds Shanghai Robotics Co Ltd
Original Assignee
Cloudminds Robotics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloudminds Robotics Co Ltd filed Critical Cloudminds Robotics Co Ltd
Priority to CN201910694060.0A priority Critical patent/CN110365701B/en
Publication of CN110365701A publication Critical patent/CN110365701A/en
Application granted granted Critical
Publication of CN110365701B publication Critical patent/CN110365701B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the invention relates to the technical field of communication, and discloses a management method and a device of client terminal equipment, computing equipment and a storage medium, wherein the method comprises the following steps: authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the authentication is passed, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving a token which is transmitted by a user terminal equipment management server and acquired from user terminal equipment and verifying the token; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server so as to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy. Through the mode, the embodiment of the invention can improve the safety of CPE equipment management by dynamically loading the safety strategy through the dynamic service port.

Description

Client terminal equipment management method and device, computing equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a management method and device of client terminal equipment, computing equipment and a storage medium.
Background
In current networks, Customer Premises Equipment (CPE) is widely used. With the increased degree of equipment intelligence, CPEs can be configured and upgraded without user intervention, which is often referred to as zero-touch deployment. However, when zero-contact deployment is to be implemented, some information needs to be preconfigured in advance in the CPE, and many times, the CPE is deployed in an intranet environment, and management of the CPE needs to use an intranet penetration technology to open some service ports of the CPE, and access connection is strictly limited.
In the traditional intranet penetration method, an intranet device does not change a service port mapped to the outside, and a mapping server on a public network simply authenticates the connection of the intranet device and does not manage a corresponding strategy.
Disclosure of Invention
In view of the above problems, embodiments of the present invention provide a management method for a client terminal device, a mobile device, a computing device, and a storage medium, which overcome or at least partially solve the above problems.
According to an aspect of an embodiment of the present invention, there is provided a method for managing a client terminal device, the method including: authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server so as to establish association between a mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
In an optional manner, the obtaining, when the user terminal device passes the authentication, the port number and the token of the outward mapping port of the user terminal device according to the current timestamp, the sequence number, and the physical address includes: connecting the current timestamp, the serial number and the character string of the physical address; and acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the connected character string.
In an optional manner, the obtaining, according to the connected character string, the port number and the token of the outward mapping port of the user terminal device includes: applying a Hash algorithm to the connected character strings to obtain a first number; performing a remainder operation on the first number and a preset number to obtain a second number, wherein the second number is a port number of the outward mapping port of the user terminal equipment; and coding the connected character strings to obtain the tokens of the user terminal equipment and the user terminal equipment management server.
According to another aspect of the embodiments of the present invention, there is provided a method for managing a client terminal device, the method including: acquiring a connection establishment request sent by user terminal equipment, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment; responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification; acquiring a security policy which is returned by the user terminal equipment controller and matched with the token; and establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
In an optional manner, the establishing an association between the mapped port according to the security policy and the external mapped port of the ue includes: judging whether the external mapping port of the user terminal equipment conforms to the security policy; if the mapping port accords with the security policy, establishing association between the mapping port and the external mapping port of the user terminal equipment; and if the security policy is not met, disconnecting the connection with the user terminal equipment.
In an optional manner, after the mapping port is associated with the outward mapping port of the user terminal device according to the security policy, the method further includes: connecting the user terminal equipment needing to be managed through the mapping port; and viewing or modifying the configuration of the user terminal equipment through the mapping port.
According to still another aspect of the embodiments of the present invention, there is provided a management apparatus of a client terminal device, including: the authentication unit is used for authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment; the token generation unit is used for acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address when the user terminal equipment passes the authentication, and sending the port number and the token to the user terminal equipment; the token verification unit is used for receiving and verifying the token which is transmitted by the user terminal equipment management server and acquired from the user terminal equipment; and the policy matching unit is used for returning a security policy matched with the token to the user terminal equipment management server when the token passes the verification so as to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
According to still another aspect of the embodiments of the present invention, there is provided a management apparatus of a client terminal device, including: a request obtaining unit, configured to obtain a connection establishment request sent by a user terminal device, where the connection establishment request includes a token and a port number of an external mapping port of the user terminal device; the request response unit is used for responding to the connection establishment request and sending the token to the user terminal equipment controller for verification; a policy obtaining unit, configured to obtain a security policy that is returned by the user terminal device controller and matches the token; and the association establishing unit is used for establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
According to still another aspect of an embodiment of the present invention, there is provided a computing device including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the steps of the management method of the client terminal equipment.
According to another aspect of the embodiments of the present invention, there is provided a computer storage medium, wherein at least one executable instruction is stored in the storage medium, and the executable instruction causes the processor to execute the steps of the management method of the client terminal device.
The management method of the client terminal equipment of the embodiment of the invention comprises the following steps; authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy, and dynamically loading the security policy through a dynamic service port to improve the security of CPE equipment management.
The foregoing description is only an overview of the technical solutions of the embodiments of the present invention, and the embodiments of the present invention can be implemented according to the content of the description in order to make the technical means of the embodiments of the present invention more clearly understood, and the detailed description of the present invention is provided below in order to make the foregoing and other objects, features, and advantages of the embodiments of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic structural diagram illustrating a management system of a client terminal device according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a management method for a client terminal device according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a management method for another client terminal device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating a management apparatus of a client terminal device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram illustrating a management apparatus of another client terminal device according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a computing device provided by an embodiment of the invention;
fig. 7 is a schematic structural diagram of another computing device provided in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Fig. 1 is a schematic structural diagram illustrating a management system of a client terminal device according to an embodiment of the present invention, where as shown in fig. 1, the management system of the client terminal device includes: a Customer Premises Equipment (CPE)10, a customer premises equipment management server 20 and a customer premises equipment controller 30. The user terminal device 10 is located in an intranet, in which Fast Reverse Proxy (frp) client software is installed, and information such as a domain name, an externally mapped port, and the like of a pre-configured frp server, and information of a software Defined border (SDP) controller are configured. The user terminal equipment management server 20 and the user terminal equipment controller 30 are located in the public network, and the user terminal equipment management server 20 is installed with frp server software for pre-configuring information of the SDP controller. Control channels are provided between the user terminal equipment 10 and the user terminal equipment controller 30, and between the user terminal equipment controller 30 and the user terminal equipment management server 20 for transmitting control signals, and control channels and data channels are provided between the user terminal equipment 10 and the user terminal equipment management server 20 for transmitting control signals and data information, respectively.
The architecture of a software Defined border (SDP) consists of two parts: an SDP host and an SDP controller. The SDP host may initiate or accept a connection, managed through interaction of control channels with the SDP controller. Within software-defined boundaries, greater scalability can be achieved with control plane and data plane separation. The SDP controller can authenticate and authorize, the SDP host can be connected to the SDP controller to perform identity authentication, and obtain the list information of the service host from the SDP controller, and the SDP accepts the communication between the host and the SDP host, and communicates with the SDP controller to obtain the service policy.
frp is open-source intranet penetration software, can realize network connection of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) of an intranet and an extranet, and can be mapped to an internal service port of a frp client through an extranet port of a frp server, so that services such as an internal Secure Shell (SSH) and a web can be provided for external access. The embodiment of the invention combines the SDP characteristic and the CPE according to the requirement that the SDP needs to penetrate the intranet, thereby improving the safety of the CPE on the external mapping port.
In the embodiment of the present invention, the user terminal equipment (CPE)10, the user terminal equipment management server 20, and the user terminal equipment controller 30 may include a mobile terminal such as a mobile phone, a tablet pc, a notebook pc, a palm pc, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, a smart band, a pedometer, and a fixed terminal such as a Personal computer.
In the embodiment of the present invention, the user terminal device 10 transmits its serial number and a Media Access Control (MAC) address, i.e. a physical address, of an ethernet network card to the user terminal device controller 30 for authentication. When the user terminal device 10 passes the authentication, the user terminal device controller 30 connects the character strings of the current timestamp, the serial number of the CPE 10, and the network card MAC address when the authentication passes, performs hash operation on the connected character strings by using a BKDRHash method, performs remainder operation on the first number and the preset number obtained after the hash operation, and uses the second number obtained after the remainder operation as the port number of an external mapping port of the CPE 10, where the external mapping port is a port of the CPE 10 for external mapping network (WEB) service. Connecting character strings of several items of information, namely the current timestamp, the serial number of the CPE 10 and the MAC address of the network card when the authentication passes, performing MD5 encoding on the connected character strings, and using the MD5 encoding as tokens (tokens) of the CPE and the CPE management server. The user terminal device controller 30 returns the port number and token of the outward mapping port of the CPE 10 to the frp client of the CPE 10; and recording the port number and token of the external mapping port. The CPE 10 fails authentication and the customer premises equipment controller 30 will return an error message to the CPE 10.
The CPE 10 requests connection to the user terminal equipment management server 20, and transmits the token and the port number of the outward mapping port to the user terminal equipment management server 20. After receiving the request, the user terminal device management server 20 transmits the token to the user terminal device controller 30 for authentication. After the token is verified by the user terminal device controller 30, the security policy rule matched with the token is returned to the user terminal device management server 20, and if the token is verified unsuccessfully, the verification is returned to be failed, and the connection is disconnected.
After receiving the token verification passing response from the user terminal device controller 30, the user terminal device management server 20 receives the security policy matched with the token, first determines whether the public network outlet ip of the CPE 10, i.e., the outward mapping port, meets the security policy, and if not, disconnects the connection with the CPE 10. If the security policy is met, a security tunnel is established with the CPE 10, and a mapping port of the ue management server 20 is associated with an external mapping port of the CPE 10, thereby implementing intranet penetration.
The user accesses the mapping port of the user terminal device management server 20, connects to the CPE 10 to be managed through the browser, and views or modifies the configuration of the CPE 10, thereby implementing management of the CPE 10 on the intranet. When the connection network between the CPE 10 and the ue management server 20 is disconnected, the foregoing steps need to be repeated to obtain a new external mapping port of the CPE 10, and the security of the external mapping port is ensured by using the dynamic external mapping port, so that the security of the CPE 10 device management is improved.
Fig. 2 is a flowchart illustrating a method for managing a client terminal device according to an embodiment of the present invention, which is applied to the user terminal device controller 30. As shown in fig. 2, the management method of the client terminal device includes:
step S11: and authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment.
After the authentication of the user terminal device is passed, the subsequent step S12 is executed. And if the authentication of the user terminal equipment is not passed, returning a CPE error message to the user terminal equipment.
Step S12: and when the user terminal equipment passes the authentication, acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment.
When the user terminal equipment passes the authentication, connecting the current timestamp, the serial number and the character string of the physical address when passing the authentication; and acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the connected character string. Specifically, a hash algorithm is applied to the connected character string to obtain a first number; performing a remainder operation on the first number and a preset number to obtain a second number, wherein the second number is a port number of the outward mapping port of the user terminal equipment; and coding the connected character strings to obtain the tokens of the user terminal equipment and the user terminal equipment management server.
In the embodiment of the invention, a BKDRHAsh method is used for carrying out Hash operation according to the connected character string, and a first number obtained after the Hash operation and a preset number are subjected to remainder operation; and the second number obtained after the remainder is used as the port number of the outward mapping port of the user terminal equipment. The external mapping port of the user terminal device is a port of the external mapping WEB service of the user terminal device. The hash operation method of the embodiment of the invention is not limited to the BKDRHash method, and can be other hash operation methods; similarly, the preset number may be a number set by the user according to needs, such as 10086, and is not limited herein. And performing MD5 encoding on the connected character strings, and using MD5 encoding as tokens (tokens) of the user terminal equipment and the user terminal equipment management server. In other embodiments of the present invention, other codes may be performed on the connected character strings, and the present invention is not limited herein.
And after the port number and the token of the external mapping port of the user terminal equipment are obtained, the port number and the token of the external mapping port are sent to the user terminal equipment, and the port number and the token of the external mapping port are recorded.
Step S13: and receiving the token which is transmitted by the user terminal equipment management server and acquired from the user terminal equipment, and verifying the token.
And the user terminal equipment receives the port number and the token of the external mapping port and then sends the port number and the token to the user terminal equipment management server to request to establish connection with the user terminal equipment management server. In step S13, a token transmitted from the user terminal device by the user terminal device management server is received and verified.
Step S14: and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server so as to establish association between a mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
And when the token is verified, returning the security policy matched with the token to the user terminal equipment management server. When the external service port of the user terminal equipment conforms to the security policy, the user terminal equipment management server establishes association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment, so that intranet penetration is realized, further, the management of the user terminal equipment can be realized, and the management security of CPE equipment is improved. And the user terminal equipment management server disconnects the connection with the user terminal equipment when the external service port of the user terminal equipment does not conform to the security policy.
In the embodiment of the invention, when the token is not verified, a result of verification failure is returned, and the connection with the user terminal equipment management server is disconnected.
When the connection network between the user terminal equipment management server and the user terminal equipment is disconnected, the steps S11-S14 need to be repeated, a new external mapping port of the user terminal equipment is dynamically obtained, the security of the external mapping port of the user terminal equipment is guaranteed, and the security policy is dynamically loaded through the dynamic external mapping port, so that the security of the CPE equipment management is improved.
The management method of the client terminal equipment of the embodiment of the invention comprises the following steps; authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy, and dynamically loading the security policy through a dynamic service port to improve the security of CPE equipment management.
Fig. 3 is a flowchart illustrating a method for managing a client terminal device according to an embodiment of the present invention, which is applied to the user terminal device management server 20. As shown in fig. 3, the management method of the client terminal device includes:
step S21: the method comprises the steps of obtaining a connection establishment request sent by user terminal equipment, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment.
Before step S21, the client terminal device sends the serial number and the physical address to the user terminal device controller, and the user terminal device controller authenticates the user terminal device and generates a port number and a token of the outward mapping port of the user terminal device when the authentication is passed. In step S21, a connection establishment request including the port number of the outward mapping port and the token, which is sent by the client terminal device, is received.
Step S22: responding to the connection establishment request, and sending the token to the user terminal equipment controller for verification.
And sending the token to the user terminal equipment controller, and verifying the received token through the user terminal equipment controller.
Step S23: and acquiring the security policy which is returned by the user terminal equipment controller and matched with the token.
When the token passes the verification, the user terminal equipment controller returns the security policy matching the token. And when the token fails to be verified, the user terminal equipment controller returns a verification failure result and disconnects the connection.
Step S24: and establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
In step S24, determining whether the outward mapping port of the user terminal device conforms to the security policy; if the mapping port accords with the security policy, establishing association between the mapping port and the external mapping port of the user terminal equipment; and if the security policy is not met, disconnecting the connection with the user terminal equipment.
After the mapping port is associated with the external mapping port of the user terminal equipment, the user terminal equipment needing to be managed can be connected through the mapping port; and checking or modifying the configuration of the user terminal equipment through the mapping port, thereby realizing the management of the user terminal equipment of the intranet. When the connection network with the user terminal equipment is disconnected, the steps S21-S24 need to be repeated, the new outward mapping port of the user terminal equipment is used, the security of the outward mapping port of the user terminal equipment is guaranteed, and the security policy is dynamically loaded through the dynamic outward mapping port, so that the security of the management of the CPE equipment is improved.
The management method of the client terminal equipment of the embodiment of the invention comprises the following steps; acquiring a connection establishment request sent by user terminal equipment, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment; responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification; acquiring a security policy which is returned by the user terminal equipment controller and matched with the token; and establishing association between the security policy mapping port and the outward mapping port of the user terminal equipment, and dynamically loading a security policy through a dynamic service port to improve the security of CPE equipment management.
Fig. 4 is a schematic diagram showing a configuration of a management apparatus of a client terminal device according to an embodiment of the present invention, which is applied to the user terminal device controller 30 in fig. 1. As shown in fig. 4, the management apparatus of the client terminal device includes: authentication unit 41, token generation unit 42, token verification unit 43, and policy matching unit 44.
The authentication unit 41 is configured to authenticate the user terminal device according to a serial number and a physical address of the user terminal device; the token generating unit 42 is configured to, when the user terminal device passes authentication, obtain a port number and a token of an external mapping port of the user terminal device according to the current timestamp, the sequence number, and the physical address, and send the port number and the token to the user terminal device; the token verifying unit 43 is configured to receive and verify the token acquired from the user terminal device and transmitted by the user terminal device management server; the policy matching unit 44 is configured to, when the token passes the verification, return a security policy matched with the token to the ue management server, so as to establish an association between a mapping port of the ue management server and the external mapping port of the ue according to the security policy.
In an alternative manner, the token generation unit 52 is configured to: connecting the current timestamp, the serial number and the character string of the physical address; and acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the connected character string.
In an alternative manner, the token generation unit 52 is configured to: applying a Hash algorithm to the connected character strings to obtain a first number; performing a remainder operation on the first number and a preset number to obtain a second number, wherein the second number is a port number of the outward mapping port of the user terminal equipment; and coding the connected character strings to obtain the tokens of the user terminal equipment and the user terminal equipment management server.
The embodiment of the invention authenticates the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy, and dynamically loading the security policy through a dynamic service port to improve the security of CPE equipment management.
Fig. 5 is a schematic structural diagram illustrating a management apparatus of a client terminal device according to an embodiment of the present invention, which is applied to the user terminal device management server 20 in fig. 1. As shown in fig. 5, the management apparatus of the client terminal device includes: a request acquisition unit 51, a request response unit 52, a policy acquisition unit 53, and an association establishing unit 54.
The request obtaining unit 51 is configured to obtain a connection establishment request sent by a user terminal device, where the connection establishment request includes a port number and a token of an external mapping port of the user terminal device; the request response unit 52 is configured to respond to the connection establishment request and send the token to the user terminal device controller for verification; the policy obtaining unit 53 is configured to obtain a security policy that is returned by the user terminal device controller and matches the token; the association establishing unit 54 is configured to establish an association between a mapping port and the external mapping port of the ue according to the security policy.
In an alternative manner, the association establishing unit 54 is configured to: judging whether the external mapping port of the user terminal equipment conforms to the security policy; if the mapping port accords with the security policy, establishing association between the mapping port and the external mapping port of the user terminal equipment; and if the security policy is not met, disconnecting the connection with the user terminal equipment.
In an optional manner, the management apparatus of the client terminal device further includes a device management unit, and the device management unit 55 is further configured to: connecting the user terminal equipment needing to be managed through the mapping port; and viewing or modifying the configuration of the user terminal equipment through the mapping port.
The method comprises the steps that a connection establishment request sent by user terminal equipment is obtained, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment; responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification; acquiring a security policy which is returned by the user terminal equipment controller and matched with the token; and establishing association between the security policy mapping port and the outward mapping port of the user terminal equipment, and dynamically loading a security policy through a dynamic service port to improve the security of CPE equipment management.
An embodiment of the present invention provides a non-volatile computer storage medium, where the computer storage medium stores at least one executable instruction, and the computer executable instruction may execute the management method of the client terminal device in any method embodiment described above.
The executable instructions may be specifically configured to cause the processor to:
authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment;
when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment;
receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment;
and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server so as to establish association between a mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
In an alternative, the executable instructions cause the processor to:
connecting the current timestamp, the serial number and the character string of the physical address;
and acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the connected character string.
In an alternative, the executable instructions cause the processor to:
applying a Hash algorithm to the connected character strings to obtain a first number;
performing a remainder operation on the first number and a preset number to obtain a second number, wherein the second number is a port number of the outward mapping port of the user terminal equipment;
and coding the connected character strings to obtain the tokens of the user terminal equipment and the user terminal equipment management server.
The management method of the client terminal equipment of the embodiment of the invention comprises the following steps; authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy, and dynamically loading the security policy through a dynamic service port to improve the security of CPE equipment management.
An embodiment of the present invention provides another non-volatile computer storage medium, where the computer storage medium stores at least one executable instruction, and the computer executable instruction may execute the management method of the client terminal device in any method embodiment described above.
The executable instructions may be specifically configured to cause the processor to:
acquiring a connection establishment request sent by user terminal equipment, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment;
responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification;
acquiring a security policy which is returned by the user terminal equipment controller and matched with the token;
and establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
In an alternative, the executable instructions cause the processor to:
judging whether the external mapping port of the user terminal equipment conforms to the security policy;
if the mapping port accords with the security policy, establishing association between the mapping port and the external mapping port of the user terminal equipment;
and if the security policy is not met, disconnecting the connection with the user terminal equipment.
In an alternative, the executable instructions cause the processor to:
connecting the user terminal equipment needing to be managed through the mapping port;
and viewing or modifying the configuration of the user terminal equipment through the mapping port.
The method comprises the steps that a connection establishment request sent by user terminal equipment is obtained, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment; responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification; acquiring a security policy which is returned by the user terminal equipment controller and matched with the token; and establishing association between the security policy mapping port and the outward mapping port of the user terminal equipment, and dynamically loading a security policy through a dynamic service port to improve the security of CPE equipment management.
Fig. 6 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and a specific embodiment of the present invention does not limit a specific implementation of the device.
As shown in fig. 6, the computing device may include: a processor (processor)602, a communication Interface 604, a memory 606, and a communication bus 608.
Wherein: the processor 602, communication interface 604, and memory 606 communicate with one another via a communication bus 608. A communication interface 604 for communicating with network elements of other devices, such as clients or other servers. The processor 602 is configured to execute the program 610, and may specifically perform relevant steps in the management method embodiment of the client terminal device.
In particular, program 610 may include program code comprising computer operating instructions.
The processor 602 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 606 for storing a program 610. Memory 606 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 610 may specifically be configured to cause the processor 602 to perform the following operations:
authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment;
when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment;
receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment;
and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server so as to establish association between a mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
In an alternative, the program 610 causes the processor to:
connecting the current timestamp, the serial number and the character string of the physical address;
and acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the connected character string.
In an alternative, the program 610 causes the processor to:
applying a Hash algorithm to the connected character strings to obtain a first number;
performing a remainder operation on the first number and a preset number to obtain a second number, wherein the second number is a port number of the outward mapping port of the user terminal equipment;
and coding the connected character strings to obtain the tokens of the user terminal equipment and the user terminal equipment management server.
The embodiment of the invention authenticates the user terminal equipment according to the serial number and the physical address of the user terminal equipment; when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment; receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment; and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy, and dynamically loading the security policy through a dynamic service port to improve the security of CPE equipment management.
Fig. 7 is a schematic structural diagram of another computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the device.
As shown in fig. 7, the computing device may include: a processor (processor)702, a Communications Interface 704, a memory 706, and a communication bus 708.
Wherein: the processor 702, communication interface 704, and memory 706 communicate with each other via a communication bus 708. A communication interface 704 for communicating with network elements of other devices, such as clients or other servers. The processor 702 is configured to execute the program 710, and may specifically execute relevant steps in the management method embodiment of the client terminal device.
In particular, the program 710 may include program code that includes computer operating instructions.
The processor 702 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the present invention. The device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
The memory 706 stores a program 710. The memory 706 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 710 may specifically be used to cause the processor 702 to perform the following operations:
acquiring a connection establishment request sent by user terminal equipment, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment;
responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification;
acquiring a security policy which is returned by the user terminal equipment controller and matched with the token;
and establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
In an alternative, the program 710 causes the processor to:
judging whether the external mapping port of the user terminal equipment conforms to the security policy;
if the mapping port accords with the security policy, establishing association between the mapping port and the external mapping port of the user terminal equipment;
and if the security policy is not met, disconnecting the connection with the user terminal equipment.
In an alternative, the program 710 causes the processor to:
connecting the user terminal equipment needing to be managed through the mapping port;
and viewing or modifying the configuration of the user terminal equipment through the mapping port.
The method comprises the steps that a connection establishment request sent by user terminal equipment is obtained, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment; responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification; acquiring a security policy which is returned by the user terminal equipment controller and matched with the token; and establishing association between the security policy mapping port and the outward mapping port of the user terminal equipment, and dynamically loading a security policy through a dynamic service port to improve the security of CPE equipment management.
The algorithms or displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present invention are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.

Claims (10)

1. A method for managing a client terminal device, the method comprising:
authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment;
when the user terminal equipment passes the authentication, acquiring a port number and a token of an external mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address, and sending the port number and the token to the user terminal equipment;
receiving and verifying the token which is transmitted by a user terminal equipment management server and acquired from the user terminal equipment;
and when the token passes the verification, returning a security policy matched with the token to the user terminal equipment management server so as to establish association between a mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
2. The method of claim 1, wherein the obtaining the port number and the token of the outward mapping port of the user terminal device according to the current timestamp, the sequence number and the physical address when the user terminal device passes the authentication comprises:
connecting the current timestamp, the serial number and the character string of the physical address;
and acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the connected character string.
3. The method according to claim 2, wherein the obtaining the port number and the token of the outward mapping port of the user terminal device according to the connected character string comprises:
applying a Hash algorithm to the connected character strings to obtain a first number;
performing a remainder operation on the first number and a preset number to obtain a second number, wherein the second number is a port number of the outward mapping port of the user terminal equipment;
and coding the connected character strings to obtain the tokens of the user terminal equipment and the user terminal equipment management server.
4. A method for managing a client terminal device, the method comprising:
acquiring a connection establishment request sent by user terminal equipment, wherein the connection establishment request comprises a port number and a token of an external mapping port of the user terminal equipment;
responding to the connection establishment request, and sending the token to a user terminal equipment controller for verification;
acquiring a security policy which is returned by the user terminal equipment controller and matched with the token;
and establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
5. The method of claim 4, wherein said associating the mapped port with the outbound mapped port of the user terminal device according to the security policy comprises:
judging whether the external mapping port of the user terminal equipment conforms to the security policy;
if the mapping port accords with the security policy, establishing association between the mapping port and the external mapping port of the user terminal equipment;
and if the security policy is not met, disconnecting the connection with the user terminal equipment.
6. The method of claim 4, wherein after the mapping the port to the outward mapping port of the user terminal device according to the security policy is associated, the method further comprises:
connecting the user terminal equipment needing to be managed through the mapping port;
and viewing or modifying the configuration of the user terminal equipment through the mapping port.
7. An apparatus for managing a client terminal device, the apparatus comprising:
the authentication unit is used for authenticating the user terminal equipment according to the serial number and the physical address of the user terminal equipment;
the token generation unit is used for acquiring the port number and the token of the outward mapping port of the user terminal equipment according to the current timestamp, the sequence number and the physical address when the user terminal equipment passes the authentication, and sending the port number and the token to the user terminal equipment;
the token verification unit is used for receiving and verifying the token which is transmitted by the user terminal equipment management server and acquired from the user terminal equipment;
and the policy matching unit is used for returning a security policy matched with the token to the user terminal equipment management server when the token passes the verification so as to establish association between the mapping port of the user terminal equipment management server and the external mapping port of the user terminal equipment according to the security policy.
8. An apparatus for managing a client terminal device, the apparatus comprising:
a request obtaining unit, configured to obtain a connection establishment request sent by a user terminal device, where the connection establishment request includes a token and a port number of an external mapping port of the user terminal device;
the request response unit is used for responding to the connection establishment request and sending the token to the user terminal equipment controller for verification;
a policy obtaining unit, configured to obtain a security policy that is returned by the user terminal device controller and matches the token;
and the association establishing unit is used for establishing association between the mapping port and the external mapping port of the user terminal equipment according to the security policy.
9. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is intended to store at least one executable instruction which causes the processor to carry out the steps of the management method of a client terminal device according to any one of claims 1 to 3 or according to any one of claims 4 to 6.
10. A computer storage medium, characterized in that the storage medium has stored therein at least one executable instruction causing a processor to execute the steps of the method for managing a client terminal device according to any one of claims 1-3 or according to any one of claims 4-6.
CN201910694060.0A 2019-07-30 2019-07-30 Client terminal equipment management method and device, computing equipment and storage medium Active CN110365701B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910694060.0A CN110365701B (en) 2019-07-30 2019-07-30 Client terminal equipment management method and device, computing equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910694060.0A CN110365701B (en) 2019-07-30 2019-07-30 Client terminal equipment management method and device, computing equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110365701A CN110365701A (en) 2019-10-22
CN110365701B true CN110365701B (en) 2021-12-31

Family

ID=68222825

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910694060.0A Active CN110365701B (en) 2019-07-30 2019-07-30 Client terminal equipment management method and device, computing equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110365701B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110843816B (en) * 2019-11-29 2020-12-08 北京智联友道科技有限公司 Monitoring system of urban rail ventilation air-conditioning system
CN111182537A (en) * 2019-12-31 2020-05-19 北京指掌易科技有限公司 Network access method, device and system for mobile application
CN111601073A (en) * 2020-04-15 2020-08-28 深圳新贝奥科技有限公司 Method for pushing video code stream to cloud server through local area network
CN112491603A (en) * 2020-11-17 2021-03-12 广州西麦科技股份有限公司 Equipment configuration method, device, equipment and storage medium
CN113438246B (en) * 2021-06-29 2023-05-30 四川巧夺天工信息安全智能设备有限公司 Data security and authority management and control method for intelligent terminal
CN115695405B (en) * 2021-07-28 2024-06-18 中移物联网有限公司 Equipment control method, device, control terminal, execution terminal and service terminal
CN113904939B (en) * 2021-10-27 2023-07-28 中国联合网络通信集团有限公司 Method, device and storage medium for managing target terminal

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465852A (en) * 2008-10-24 2009-06-24 广东威创视讯科技股份有限公司 Method for implementing network inner penetration in network videoconference system
CN102801591A (en) * 2012-07-02 2012-11-28 耿直 Real-time data transmission method based on local area network
CN104506368A (en) * 2014-12-30 2015-04-08 浪潮(北京)电子信息产业有限公司 Method and equipment for managing switchboard equipment in unified manner
CN105991293A (en) * 2016-07-26 2016-10-05 努比亚技术有限公司 Verification method and verification device
CN106330938A (en) * 2016-08-31 2017-01-11 四川省魅力传媒有限公司 Media terminal management system and method
CN108965320A (en) * 2018-08-08 2018-12-07 湖南中车时代通信信号有限公司 A kind of system and method for general railway intranet and extranet data interaction
CN109150805A (en) * 2017-06-19 2019-01-04 亿阳安全技术有限公司 The method for managing security and system of application programming interface
CN109309666A (en) * 2018-08-22 2019-02-05 中国平安财产保险股份有限公司 Interface security control method and terminal device in a kind of network security
CN110049059A (en) * 2019-04-26 2019-07-23 深圳市网心科技有限公司 A kind of outer net equipment and Intranet communication between devices method and relevant apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7669229B2 (en) * 2002-11-13 2010-02-23 Intel Corporation Network protecting authentication proxy

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101465852A (en) * 2008-10-24 2009-06-24 广东威创视讯科技股份有限公司 Method for implementing network inner penetration in network videoconference system
CN102801591A (en) * 2012-07-02 2012-11-28 耿直 Real-time data transmission method based on local area network
CN104506368A (en) * 2014-12-30 2015-04-08 浪潮(北京)电子信息产业有限公司 Method and equipment for managing switchboard equipment in unified manner
CN105991293A (en) * 2016-07-26 2016-10-05 努比亚技术有限公司 Verification method and verification device
CN106330938A (en) * 2016-08-31 2017-01-11 四川省魅力传媒有限公司 Media terminal management system and method
CN109150805A (en) * 2017-06-19 2019-01-04 亿阳安全技术有限公司 The method for managing security and system of application programming interface
CN108965320A (en) * 2018-08-08 2018-12-07 湖南中车时代通信信号有限公司 A kind of system and method for general railway intranet and extranet data interaction
CN109309666A (en) * 2018-08-22 2019-02-05 中国平安财产保险股份有限公司 Interface security control method and terminal device in a kind of network security
CN110049059A (en) * 2019-04-26 2019-07-23 深圳市网心科技有限公司 A kind of outer net equipment and Intranet communication between devices method and relevant apparatus

Also Published As

Publication number Publication date
CN110365701A (en) 2019-10-22

Similar Documents

Publication Publication Date Title
CN110365701B (en) Client terminal equipment management method and device, computing equipment and storage medium
US11716390B2 (en) Systems and methods for remote management of appliances
US9369286B2 (en) System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications
US10516666B2 (en) Authentication method, apparatus, and system
JP6875482B2 (en) Computer-readable storage media for legacy integration and methods and systems for using it
WO2022247751A1 (en) Method, system and apparatus for remotely accessing application, device, and storage medium
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
CN112491776B (en) Security authentication method and related equipment
CN113614719A (en) Computing system and method for providing session access based on authentication tokens having different authentication credentials
CN110401641A (en) User authen method, device, electronic equipment
CN104662871A (en) Method and device for securely accessing a web service
JP5122587B2 (en) Connection control method, connection control server device, connection control client device, connection control system, and program
CN115065703B (en) Internet of things system, authentication and communication method thereof and related equipment
CN116192483A (en) Authentication method, device, equipment and medium
CN109495431A (en) Connection control method, device and system and interchanger
CN110943962B (en) Authentication method, network equipment, authentication server and forwarding equipment
US10972455B2 (en) Secure authentication in TLS sessions
TWI546688B (en) Method for processing url and associated server and non-transitory computer readable storage medium
US11888898B2 (en) Network configuration security using encrypted transport
JP6346208B2 (en) Communications system
US11520937B2 (en) NVMe over fabrics authentication system
US20230308448A1 (en) System, method, and pattern for integrating incompatible oidc implementations
CN116846630A (en) Trusted network application access method, device and computer readable medium
CN117319023A (en) Method and device for establishing secure connection
CN117278562A (en) Load balancing method, device, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20210318

Address after: 200000 second floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Applicant after: Dalu Robot Co.,Ltd.

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: Shenzhen Qianhaida Yunyun Intelligent Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 201111 Building 8, No. 207, Zhongqing Road, Minhang District, Shanghai

Patentee after: Dayu robot Co.,Ltd.

Address before: 200000 second floor, building 2, no.1508, Kunyang Road, Minhang District, Shanghai

Patentee before: Dalu Robot Co.,Ltd.

CP03 Change of name, title or address