CN110417754B - Host proxy service authority authentication based method and device - Google Patents

Host proxy service authority authentication based method and device Download PDF

Info

Publication number
CN110417754B
CN110417754B CN201910625929.6A CN201910625929A CN110417754B CN 110417754 B CN110417754 B CN 110417754B CN 201910625929 A CN201910625929 A CN 201910625929A CN 110417754 B CN110417754 B CN 110417754B
Authority
CN
China
Prior art keywords
host
proxy service
authentication key
server
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910625929.6A
Other languages
Chinese (zh)
Other versions
CN110417754A (en
Inventor
耿志超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Big Data Technologies Co Ltd
Original Assignee
New H3C Big Data Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Big Data Technologies Co Ltd filed Critical New H3C Big Data Technologies Co Ltd
Priority to CN201910625929.6A priority Critical patent/CN110417754B/en
Publication of CN110417754A publication Critical patent/CN110417754A/en
Application granted granted Critical
Publication of CN110417754B publication Critical patent/CN110417754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The disclosure provides a method and a device for authenticating service authority based on a host proxy, and relates to the technical field of communication. The server generates proxy service and then sends the proxy service to the host, the proxy service generates an authentication key according to preset parameters and stores the authentication key, the proxy service also sends the authentication key to the server through the host, after the server sends an operation command carrying the authentication key to the proxy service, the proxy service authenticates the operation authority of the server according to the authentication key, and when the authentication is passed, the operation command is executed. In the method, the operation authority of the server is authenticated through the authentication key generated by the proxy service installed on the host, so that the proxy service is prevented from being used by a third-party server, and the safety of data is ensured.

Description

Host proxy service authority authentication based method and device
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method and an apparatus for authentication based on host proxy service rights.
Background
When the server side collects the data of the remote host, two modes are available: one is that the server side actively sends a request to the remote host to obtain data; another is to install an Agent (Agent) on the remote host, which actively sends data to the server. The user copies the agent program to the remote host through manual operation or by adopting the shell script, the agent service is started through manual operation or by adopting the shell script, data acquisition is carried out, and when data is not acquired, the agent service is closed through manual operation or the shell script, and the operation authority of the user is not generally verified.
However, without verifying the user operation authority, there may be some abnormal operations performed on the remote host by the third-party user who invokes the proxy interface privately, such as deleting important data, closing mailbox services provided on the remote host, and the like, thereby damaging the benefit of the client.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a method and an apparatus for authenticating authority based on host proxy service, in which an authentication key generated by a proxy service installed on a host is used to authenticate an operation authority of a server, so as to avoid the proxy service being used by a third-party server and ensure data security.
In order to achieve the above purpose, the embodiments of the present disclosure adopt the following technical solutions:
in a first aspect, an embodiment of the present disclosure provides a method for authenticating a service right based on a host proxy, where the method is applied to a server, and the server communicates with a host, and the method includes: generating proxy service and issuing the proxy service to the host, so that the proxy service generates an authentication key according to preset parameters and stores the authentication key; receiving the authentication key sent by the proxy service through the host; and sending an operation command carrying the authentication key to the proxy service so that the proxy service authenticates the operation authority of the server according to the authentication key, and executing the operation command when the authentication is passed.
In a second aspect, an embodiment of the present disclosure further provides a method for authenticating a host-based proxy service authority, where the method is applied to a proxy service installed in a host, and the proxy service communicates with a server through the host, where the method includes: generating an authentication key according to preset parameters and storing the authentication key; sending the authentication key to the server; receiving an operation command carrying the authentication key sent by the server, and authenticating the operation authority of the server according to the authentication key; and when the authentication is passed, executing the operation command.
In a third aspect, an embodiment of the present disclosure further provides an apparatus for authenticating a service right based on a host proxy, where the apparatus is applied to a server, and the server communicates with a host, and the apparatus includes: the proxy service generation module is used for generating proxy service and issuing the proxy service to the host, so that the proxy service generates an authentication key according to preset parameters and stores the authentication key; a key receiving module, configured to receive the authentication key sent by the proxy service through the host; and the operation command sending module is used for sending an operation command carrying the authentication key to the proxy service so that the proxy service can authenticate the operation authority of the server according to the authentication key and execute the operation command when the authentication is passed.
In a fourth aspect, an embodiment of the present disclosure further provides an apparatus for authenticating a host proxy service authority, where the apparatus is applied to a proxy service installed in a host, and the proxy service communicates with a server through the host, and the apparatus includes: the key generation module is used for generating an authentication key according to preset parameters and storing the authentication key; a key sending module, configured to send the authentication key to the server; the operation command receiving module is used for receiving the operation command which is sent by the server and carries the authentication key and authenticating the operation authority of the server according to the authentication key; and the operation command execution module is used for executing the operation command when the authentication is passed.
The method and the device for authenticating the authority based on the host proxy service provided by the embodiment of the disclosure have the advantages that the server generates the proxy service and then sends the proxy service to the host, the proxy service generates the authentication key according to the preset parameters and stores the authentication key, the proxy service also sends the authentication key to the server through the host, after the server sends the operation command carrying the authentication key to the proxy service, the proxy service authenticates the operation authority of the server according to the authentication key, and executes the operation command when the authentication is passed. In the disclosure, the server can generate the proxy service and issue the proxy service to the host, the proxy service can generate the authentication key after being started on the host, when the server communicates with the proxy service on the host, the proxy service authenticates the operation authority of the server through the authentication key, and the proxy service can execute the operation command of the server only if the authentication is passed, so that the proxy service is prevented from being used by a third-party server, and the security of data is ensured.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present disclosure and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings may be obtained from the drawings without inventive effort.
Fig. 1 is a schematic application environment diagram illustrating a host proxy service authority authentication method and apparatus according to an embodiment of the present disclosure.
Fig. 2 shows a block schematic diagram of the server shown in fig. 1.
Fig. 3 is a flowchart illustrating a method for authentication based on host proxy service rights according to an embodiment of the present disclosure.
Fig. 4 shows another flowchart of a host-agent-based service right authentication method according to an embodiment of the present disclosure.
Fig. 5 is a schematic flowchart illustrating a host proxy service authority authentication method according to an embodiment of the present disclosure.
Fig. 6 shows a functional module schematic diagram of a device based on host proxy service authority authentication according to an embodiment of the present disclosure.
Fig. 7 shows another functional module schematic diagram of a device based on host proxy service authority authentication according to an embodiment of the present disclosure.
Icon: 100-a server; 200-a host; 300-a network; 400-proxy service; 110-a memory; 120-a processor; 130-a communication module; 510-proxy service generation module; 520-a key receiving module; 530-operation command sending module; 610-a key generation module; 620-key sending module; 630-an operation command receiving module; 640-operating the command execution module.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The components of the embodiments of the present disclosure, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present disclosure, presented in the figures, is not intended to limit the scope of the claimed disclosure, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the disclosure without making creative efforts, shall fall within the protection scope of the disclosure.
It is noted that relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Referring to fig. 1, a schematic diagram of an application environment of a method and an apparatus for authentication based on host proxy service rights according to an embodiment of the present disclosure is shown. The server 100 is communicatively coupled to one or more hosts 200 via a network 300 to enable data communication or interaction between the server 100 and the hosts 200.
In this embodiment, when the server 100 needs to collect data on the host 200, the proxy service 400 may be installed on the host 200, and send a data collection command to the proxy service 400, and the proxy service 400 actively reports the data of the host 200 to the server 100 by executing the data collection command; when the server 100 needs to delete a file on the host 200, a data deletion command may be sent to the proxy service 400, and the proxy service 400 deletes the file on the host 200 by executing the data deletion command. Wherein, the server 100 and the proxy service 400 communicate with each other through the host 200.
Fig. 2 is a block diagram of the server 100 shown in fig. 1. The server 100 includes a memory 110, a processor 120, and a communication module 130. The memory 110, the processor 120, and the communication module 130 are electrically connected to each other directly or indirectly to enable data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
The memory 110 is used to store programs or data. The Memory 110 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 120 is used to read/write data or programs stored in the memory 110 and perform corresponding functions.
The communication module 130 is used for establishing a communication connection between the server 100 and another communication terminal (e.g., the host 200) through the network 300, and for transceiving data through the network 300.
It should be understood that the structure shown in fig. 2 is only a schematic diagram of the structure of the server 100, and in practical applications, the server 100 may also include more or less components than those shown in fig. 2, or have a different configuration than that shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
In this embodiment, in order to avoid the proxy service 400 being used by a third-party server, thereby causing data on the host 200 to be illegally acquired, the proxy service 400 needs to authenticate the operation authority of the server 100 when the server 100 communicates with the proxy service 400. The method for authenticating the authority based on the host proxy service provided by the embodiment of the present disclosure is explained in detail below based on fig. 1. As shown in fig. 3, the method mainly includes:
in step S11, the server generates a proxy service.
In this embodiment, the server 100 may generate the proxy service 400 based on communication parameters for communication with the host 200, which may include information such as an IP address of the host 200, a user name and a password of an operating system of the host 200, and a preset package.
The proxy service 400 includes two parts, namely a fixed program package and an encrypted file, wherein the encrypted file is an encrypted file generated according to information such as the IP address of the host 200, the user name and password of the operating system of the host 200, the type of the operating system of the host 200, and the like, and acts on the program package.
For example, when the server 100 needs to collect data of the host 200, the administrator may fill in communication parameters such as an IP address of the host 200, a user name and a password of an operating system of the host 200, and a type of the operating system of the host 200 on a web page, the web page sends the acquired communication parameters to the server 100, and the server 100 generates the proxy service 400 according to the communication parameters.
In step S12, the server issues the proxy service to the host.
For example, after the server 100 generates the proxy service 400, the host 200 can be found through the IP address of the host 200, the proxy service 400 is issued to the host 200 by using the user name and password of the operating system of the host 200, and the proxy service 400 is started on the host 200.
It should be noted that the proxy service 400 in the present embodiment may be understood as a software program generated by the server 100 and running on the host 200. When the proxy service 400 is issued to the host 200 and installed and started on the host 200, the proxy service 400 and the server 100 do not communicate directly, but data communication or interaction between the proxy service 400 and the server 100 is realized through the host 200. That is, when the proxy service 400 needs to send data to the server 100, the data needs to be sent to the server 100 by the host 200; when the server 100 needs to send data to the proxy service 400, the data needs to be sent to the host 200 and then transmitted from the host 200 to the proxy service 400. Therefore, the interaction process of the server 100 and the proxy service 400 involved in the present disclosure is implemented by the host 200.
Step S13, after the proxy service is started, the proxy service generates an authentication key according to the preset parameters and stores the authentication key.
In this embodiment, the preset parameter may include a first preset parameter or a second preset parameter; wherein, the first preset parameter includes the real-time of the operating system of the host 200, and at least one of the IP address of the host 200 and the mac address of the host 200; the second preset parameter includes a Universal Unique Identifier (UUID) generated by third-party software installed in the host 200, and at least one of the real-time of the operating system of the host 200, the IP address of the host 200, and the mac address of the host 200, and the UUID can be obtained by calling the third-party software by the proxy service 400. Because the UUID and the real-time of the operating system of the host 200 have uniqueness, the authentication keys generated each time can be ensured to be different, and the security of the authentication keys is improved.
Furthermore, since the proxy service 400 needs to authenticate the operation authority of the server 100, the proxy service 400 needs to store an authentication key, for example, a copy of the authentication key may be stored in a storage device of the host 200, and the proxy service 400 determines whether the server 100 has the operation authority of the proxy service 400 by comparing whether the received authentication key is consistent with the authentication key currently stored in the host 200.
For example, after the proxy service 400 is started on the host 200, the authentication key x may be generated according to information such as the real-time of the operating system of the host 200, the IP address of the host 200, and the mac address of the host 200; or generating an authentication key x according to the UUID generated by the third-party software and the IP address of the host. After the authentication key x is generated, the authentication key x is stored in the host 200.
At step S14, the proxy service sends the authentication key to the server through the host.
In this embodiment, the proxy service 400 may transmit an authentication key to the server 100 through the host 200, and the server 100 receives and stores the authentication key. For example, after generating the authentication key x, the proxy service 400 sends a registration request http1 to the server 100 by using the host 200, reports to the server 100 that the proxy service 400 has successfully run on the host 200 through the registration request http1, and informs the server 100 of the authentication key x to be transferred when the proxy service 400 is invoked. That is, the registration request http1 carries the authentication key x generated by the proxy service 400. After the server 100 receives the registration request http1 sent by the host 200, it may be determined that the proxy service 400 has successfully operated on the host 200 by parsing the registration request http1, and store the authentication key x carried in the registration request http1 in the server 100. When the server 100 calls the proxy service 400 installed on the host 200, the authentication key x is passed to perform authentication of the operation right.
It should be noted that, when storing the authentication key and sending the authentication key to the server 100 through the host 200, the proxy service 400 may send the authentication key to the server 100 first and then store the authentication key; or the authentication key may be stored first and then transmitted to the server 100; the authentication key may also be stored while being transmitted to the server 100.
In step S15, the server sends an operation command carrying the authentication key to the proxy service.
For example, assuming that the server 100 needs to know the tomcat log of the host 200, a data acquisition command http2 carrying the authentication key x is sent to the host 200, the host 200 sends the received data acquisition command http2 to the proxy service 400, and the data acquisition command http2 is used to inform the proxy service 400 to send the tomcat log of the host 200 to the device with the IP address xxx.
In step S16, the proxy service authenticates the operation authority of the server based on the authentication key.
For example, after receiving the data acquisition command http2, the proxy service 400 determines whether the authentication key x carried in the data acquisition command http2 is consistent with the authentication key currently stored in the host 200 by the proxy service 400, and if so, determines that the authentication is passed; and if not, determining that the authentication is not passed.
In step S17, the proxy service executes the operation command when the authentication is passed.
In this embodiment, when the operating right authentication of the server 100 is passed, the proxy service 400 executes the data obtaining command http 2.
It can be understood that if there is a data obtaining command http2 that the third-party server sends no authentication key x to the proxy service 400, the proxy service 400 is told to send the tomcat log of the host 200 to the device with the IP address xx.xx.xx.xx.xx.xx, because the data obtaining command http2 sent by the third-party server does not carry the authentication key x, the operation authority of the third-party server cannot pass authentication, and the proxy service 400 cannot execute the data obtaining command http2 sent by the third-party server, so that the proxy service 400 is effectively ensured not to be used by the third-party server, data in the host 200 is further prevented from being illegally obtained by the third-party server, and the security of the data is improved.
In this embodiment, in order to avoid the authentication key being acquired by the third-party server, it may be set that the authentication key is time-efficient, that is, the authentication key is invalid after a certain time, even if the authentication key is acquired by the third-party server, the proxy service 400 is prevented from being used by the third-party server due to the time-efficient.
In this embodiment, the operation command sent by the server 100 may include a modification command, and the server 100 may send the modification command carrying the authentication key to the proxy service 400 at regular time, or send the modification command carrying the authentication key to the proxy service 400 by responding to the operation of replacing the authentication key. The proxy service 400 may modify the authentication key according to the modification command after receiving the modification command through the host 200. Specifically, the proxy service 400 may authenticate the operation authority of the server 100 according to the authentication key carried in the modification command and the authentication key currently stored in the host 200, and execute the modification command to modify the authentication key currently stored in the host 200 when the authentication passes, thereby obtaining a modified authentication key (new authentication key).
In one example, server 100 may be configured to send a modification command to proxy service 400 every 30 seconds, or every monday, early morning, or every day, informing proxy service 400 to modify the authentication key; of course, the administrator may click the "change authentication key" on the web page at any time, and the server 100 sends a modification command to the proxy service 400 in response to the administrator clicking the "change authentication key".
For example, the server 100 sends a modification command http3 carrying the authentication key x to the proxy service 400, and if the proxy service 400 determines that the authentication key x carried in the modification command http3 is correct, the modification command http3 is executed to modify the authentication key x, and a new authentication key y (i.e., a modified authentication key) is generated according to the real-time of the operating system of the host 200, the IP address of the host 200, and the mac address of the host 200, and the new authentication key y is stored in the host 200, and the authentication key x stored before is discarded.
The proxy service sends the modified authentication key to the server through the host, step S18.
In this embodiment, after modifying the authentication key, the proxy service 400 sends the modified authentication key to the server 100, and after receiving the modified authentication key, the server 100 discards the previously stored authentication key, and when subsequently sending an operation command to the proxy service 400, the carried authentication key is the modified authentication key, instead of the previously stored authentication key.
For example, when the server 100 sends the data obtaining command http2 to the proxy service 400, the proxy service 400 executes the data obtaining command http2 only if the new authentication key y needs to be carried in the data obtaining command http 2; if the server 100 carries the original authentication key x in the data acquisition command http2, and after receiving the data acquisition command http2, the proxy service 400 finds that the authentication key x carried by the server is inconsistent with the new authentication key y currently stored in the host 200, the proxy service 400 does not execute the data acquisition command http 2.
Similarly, if the third-party server obtains the authentication key x and sends a file deletion command http4 (e.g., rm-rf /) carrying the authentication key x to the proxy service 400, if the proxy service 400 determines that the authentication key x is correct, the file deletion command http4 is executed, so as to delete the root file system, thereby causing data loss. However, in this embodiment, since the authentication key may be changed periodically or at any time, even if the third-party server knows the authentication key x, it does not know that the proxy service 400 has modified the authentication key into the new authentication key y, and the proxy service 400 is not executed after receiving the delete file command http4, so the third-party server still cannot operate the proxy service 400.
It should be noted that, in this embodiment, in order to avoid the authentication key being illegally intercepted in the transmission process, when the proxy service 400 reports the authentication key to the server 100 and the server 100 issues an operation command to the proxy service 400, the authentication key may be transmitted between the proxy service 400 and the server 100 in the form of a ciphertext, so as to improve the security of the authentication key.
In practical applications, in order to ensure that the authentication key is not obtained by others, the authentication key can be prevented from being cracked by a manner of modifying the authentication key at regular time or modifying the authentication key at any time, and by a manner of retransmitting the proxy service 400 by the server 100 to cover the previous proxy service 400, and the like.
It can be seen that, in the present disclosure, the proxy service 400 is generated by the server 100 and issued to the host 200, after the proxy service 400 is started on the host 200, the proxy service 400 can generate the authentication key, when the server 100 communicates with the proxy service 400 through the host 200, the proxy service 400 authenticates the operation authority of the server 100 through the authentication key, and only if the authentication passes, the proxy service 400 executes the operation command of the server 100, thereby preventing the proxy service 400 from being used by a third-party server, and ensuring the security of data. On the other hand, the authentication key is modified at fixed time or at any time, so that the authentication key has timeliness, and the authentication key is prevented from being acquired by others.
Fig. 4 is a schematic flow chart illustrating a method for host-agent-based service right authentication according to an embodiment of the present disclosure. It should be noted that, the method for authenticating the service authority based on the host proxy according to the embodiment of the present disclosure is not limited by fig. 4 and the following specific sequence, and it should be understood that, in other embodiments, the sequence of some steps in the method for authenticating the service authority based on the host proxy according to the embodiment of the present disclosure may be interchanged according to actual needs, or some steps may be omitted or deleted. The host proxy service authority authentication-based method can be applied to the server 100 shown in fig. 1, and the specific flow shown in fig. 4 will be described in detail below.
And step S21, generating the proxy service and sending the proxy service to the host, so that the proxy service generates and stores the authentication key according to the preset parameters.
In this embodiment, the server 100 may generate the proxy service 400 based on communication parameters for communication with the host 200, which may include an IP address of the host 200, a user name and a password of an operating system of the host 200, and a preset package.
The preset parameters comprise a first preset parameter or a second preset parameter. Wherein, the first preset parameter includes the real-time of the operating system of the host 200, and at least one of the IP address of the host 200 and the mac address of the host 200; the second preset parameter includes a universal unique identification code generated by third-party software installed in the host 200, and at least one of a real time of an operating system of the host 200, an IP address of the host 200, and a mac address of the host 200.
In the present embodiment, the step S21 may correspond to the step S11 to the step S13, and therefore, reference may be made to the corresponding contents of the step S11 to the step S13.
At step S22, the receiving agent service sends the authentication key through the host.
In the present embodiment, the proxy service 400 transmits the generated authentication key to the server 100 through the host 200, and the server 100 receives and stores the authentication key.
The step S22 may correspond to the step S14, and therefore, reference may be made to the corresponding content of the step S14 for those parts not mentioned.
S23, sending an operation command carrying the authentication key to the proxy service, so that the proxy service authenticates the operation authority of the server according to the authentication key, and executing the operation command when the authentication is passed.
In this embodiment, the operation command includes a modification command, and the step S23 specifically includes: and sending a modification command carrying the authentication key to the proxy service 400 in response to the operation of replacing the authentication key, or sending a modification command carrying the authentication key to the proxy service 400 at regular time, so that the proxy service 400 modifies the authentication key according to the modification command.
In the present embodiment, the step S23 may correspond to the step S15 to the step S17, and therefore, reference may be made to the corresponding contents of the step S15 to the step S17.
S24, receiving the modified authentication key sent by the proxy service through the host.
In this embodiment, after modifying the authentication key according to the modification command, the proxy service 400 sends the modified authentication key to the server 100 through the host 200, and the server 100 receives and stores the modified authentication key.
The step S24 may correspond to the step S18, and therefore, reference may be made to the corresponding content of the step S18 for those parts which are not mentioned.
Referring to fig. 5, another flow chart of the method for authenticating a host-based proxy service right according to the embodiment of the present disclosure is shown. It should be noted that, the method for authenticating the service authority based on the host proxy according to the embodiment of the present disclosure is not limited by fig. 5 and the following specific sequence, and it should be understood that, in other embodiments, the sequence of some steps in the method for authenticating the service authority based on the host proxy according to the embodiment of the present disclosure may be interchanged according to actual needs, or some steps may be omitted or deleted. The method for authenticating the authority based on the host proxy service can be applied to the proxy service 400 shown in fig. 1, wherein the proxy service 400 is generated by the server 100 and issued to the host 200. The specific flow shown in fig. 5 will be described in detail below.
And step S31, generating an authentication key according to the preset parameters and storing the authentication key.
In this embodiment, the preset parameter includes a first preset parameter or a second preset parameter. Wherein, the first preset parameter includes the real-time of the operating system of the host 200, and at least one of the IP address of the host 200 and the mac address of the host 200; the second preset parameter includes a universal unique identification code generated by third-party software installed in the host 200, and at least one of a real time of an operating system of the host 200, an IP address of the host 200, and a mac address of the host 200.
In this embodiment, the step S31 may correspond to the step S13, and therefore, reference may be made to the corresponding content of the step S13 for those parts which are not mentioned.
Step S32, the authentication key is sent to the server.
In this embodiment, the step S32 may correspond to the step S14, and therefore, reference may be made to the corresponding content of the step S14 for those parts which are not mentioned.
And step S33, receiving the operation command carrying the authentication key sent by the server, and authenticating the operation authority of the server according to the authentication key.
In the present embodiment, the step S33 may correspond to the steps S15 to S16, and therefore, reference may be made to the corresponding contents of the steps S15 to S16.
In step S34, when the authentication passes, the operation command is executed.
Optionally, the operation command includes a modification command, and the step S34 specifically includes: when the authentication passes, a modification command is executed to modify the authentication key.
In this embodiment, the step S34 may correspond to the step S17, and therefore, reference may be made to the corresponding content of the step S17 for those parts which are not mentioned.
After the step S34, the method further includes:
step S35, the modified authentication key is sent to the server.
In this embodiment, the step S35 may correspond to the step S18, and therefore, reference may be made to the corresponding content of the step S18 for those parts which are not mentioned.
In order to perform the corresponding steps in the above embodiments and various possible manners, an implementation manner of the device based on host proxy service authority authentication is given below. Fig. 6 is a functional module diagram of a device for authenticating a host proxy service right according to an embodiment of the present disclosure. It should be noted that the basic principle and the resulting technical effect of the device based on host proxy service right authentication provided in this embodiment are the same as those of the above embodiment, and for the sake of brief description, no part of this embodiment is mentioned, and reference may be made to the corresponding contents in the above embodiment. The apparatus for authentication based on host proxy service authority is applicable to the server 100 described above, and includes a proxy service generating module 510, a key receiving module 520, and an operation command transmitting module 530.
Alternatively, the modules may be stored in the memory 110 shown in fig. 2 in the form of software or Firmware (Firmware) or be fixed in an Operating System (OS) of the server 100, and may be executed by the processor 120 in fig. 2. Meanwhile, data, codes of programs, and the like required to execute the above-described modules may be stored in the memory 110.
The proxy service generation module 510 is configured to generate the proxy service 400 and issue the proxy service 400 to the host 200, so that the proxy service 400 generates an authentication key according to preset parameters and stores the authentication key.
The proxy service generating module 510 may generate the proxy service 400 based on communication parameters of communication with the host 200 and a preset package, where the communication parameters include an IP address of the host 200, a user name and a password of an operating system of the host 200.
It is understood that the proxy service generating module 510 may perform the above step S21.
The key receiving module 520 is used to receive the authentication key sent by the proxy service 400 through the host 200.
In this embodiment, the preset parameter includes a first preset parameter or a second preset parameter. Wherein, the first preset parameter includes the real-time of the operating system of the host 200, and at least one of the IP address of the host 200 and the mac address of the host 200; the second preset parameter includes a universal unique identification code generated by third-party software installed in the host 200, and at least one of a real time of an operating system of the host 200, an IP address of the host 200, and a mac address of the host 200.
It is understood that the key receiving module 520 may perform the above step S22.
The operation command sending module 530 is configured to send an operation command carrying an authentication key to the proxy service 400, so that the proxy service 400 authenticates the operation right of the server 100 according to the authentication key, and executes the operation command when the authentication is passed.
In this embodiment, the operation command includes a modification command, and the operation command sending module 530 is specifically configured to send a modification command carrying an authentication key to the proxy service 400 in response to an operation of replacing the authentication key, or send a modification command carrying an authentication key to the proxy service 400 at regular time, so that the proxy service 400 modifies the authentication key according to the modification command.
It is understood that the operation command transmitting module 530 may perform the above step S23.
The key receiving module 520 is also used to receive the modified authentication key sent by the proxy service 400 through the host 200.
It is understood that the key receiving module 520 may also perform the step S24.
Fig. 7 is a schematic diagram of another functional module of the apparatus for authenticating a host proxy service right according to the embodiment of the present disclosure. The device based on the host proxy service authority authentication can be applied to the proxy service 400, and the functions realized by the device based on the host proxy service authority authentication correspond to the steps executed by the method. The apparatus for authentication based on host agent service authority includes a key generation module 610, a key transmission module 620, an operation command receiving module 630, and an operation command execution module 640.
Alternatively, the key generation module 610, the key sending module 620, the operation command receiving module 630 and the operation command executing module 640 may be understood as program instructions/modules in the proxy service 400, and after the proxy service 400 is started on the host 200, various functional applications and data processing are executed through these modules.
The key generation module 610 is configured to generate an authentication key according to preset parameters and store the authentication key.
In this embodiment, the preset parameter includes a first preset parameter or a second preset parameter. Wherein, the first preset parameter includes the real-time of the operating system of the host 200, and at least one of the IP address of the host 200 and the mac address of the host 200; the second preset parameter includes a universal unique identification code generated by third-party software installed in the host 200, and at least one of a real time of an operating system of the host 200, an IP address of the host 200, and a mac address of the host 200.
It is understood that the key generation module 610 may perform the above step S31.
The key transmission module 620 is configured to transmit the authentication key to the server 100.
It is understood that the key transmission module 620 may perform the above step S32.
The operation command receiving module 630 is configured to receive an operation command carrying an authentication key sent by the server 100, and authenticate the operation authority of the server 100 according to the authentication key.
It is understood that the operation command receiving module 630 may perform the step S33 described above.
The operation command executing module 640 is configured to execute the operation command when the authentication passes.
In this embodiment, the operation command includes a modification command, and the operation command execution module 640 is specifically configured to execute the modification command to modify the authentication key when the authentication passes.
It is understood that the operation command execution module 640 may execute the above step S34.
The key transmission module 620 is also configured to transmit the modified authentication key to the server 100.
It is understood that the key sending module 620 may also perform the step S35.
To sum up, according to the method and apparatus for authenticating authority based on host proxy service provided by the embodiments of the present disclosure, a server generates proxy service, and then issues the proxy service to a host, the proxy service generates an authentication key according to preset parameters, and stores the authentication key, the proxy service further sends the authentication key to the server through the host, after sending an operation command carrying the authentication key to the proxy service, the proxy service authenticates the operation authority of the server according to the authentication key, and when the authentication is passed, executes the operation command. In the disclosure, the server can generate the proxy service and issue the proxy service to the host, the proxy service can generate the authentication key after being started on the host, when the server communicates with the proxy service on the host, the proxy service authenticates the operation authority of the server through the authentication key, and the proxy service can execute the operation command of the server only if the authentication is passed, so that the proxy service is prevented from being used by a third-party server, and the security of data is ensured. In addition, the authentication key is modified at regular time or at any time, so that the authentication key has timeliness and is prevented from being acquired by others.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present disclosure may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure, and various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (9)

1. A method for authenticating service authority based on host proxy, which is applied to a server, the server is communicated with a host, and the method comprises the following steps:
generating proxy service based on communication parameters communicated with the host and a preset program package and sending the proxy service to the host so that the proxy service generates an authentication key according to the preset parameters and stores the authentication key; the communication parameters comprise the IP address of the host, the user name and the password of the operating system and the type of the operating system; the proxy service comprises the program package and an encrypted file generated according to the IP address of the host, the user name and the password of the operating system and the type of the operating system;
receiving the authentication key sent by the proxy service through the host;
sending an operation command carrying the authentication key to the proxy service so that the proxy service authenticates the operation authority of the server according to the authentication key and executes the operation command when the authentication is passed; the operation command comprises a modification command;
the step of sending the operation command carrying the authentication key to the proxy service includes: and responding to the operation of replacing the authentication key to send a modification command carrying the authentication key to the proxy service, or sending a modification command carrying the authentication key to the proxy service at regular time, so that the proxy service modifies the authentication key according to the modification command.
2. The method according to claim 1, wherein the preset parameter comprises a first preset parameter or a second preset parameter;
the first preset parameter comprises real-time of an operating system of the host and at least one of an IP address of the host and a mac address of the host;
the second preset parameter comprises a universal unique identification code generated by third-party software installed on the host computer, and at least one of real-time of an operating system of the host computer, an IP address of the host computer and a mac address of the host computer.
3. The method of claim 1, further comprising:
and receiving the modified authentication key sent by the proxy service through the host.
4. A host-based proxy service authority authentication method is applied to proxy services installed in a host, the proxy services are communicated with a server through the host, the proxy services are generated by the server based on communication parameters communicated with the host and a preset program package, and the communication parameters comprise an IP address of the host, a user name and a password of an operating system and the type of the operating system; the proxy service comprises the program package and an encrypted file generated according to the IP address of the host, the user name and the password of the operating system and the type of the operating system; the method comprises the following steps:
generating an authentication key according to preset parameters and storing the authentication key;
sending the authentication key to the server;
receiving an operation command carrying the authentication key sent by the server, and authenticating the operation authority of the server according to the authentication key;
when the authentication is passed, executing the operation command; the operation command comprises a modification command which is sent to the proxy service by the server in response to the operation of replacing the authentication key or sent to the proxy service by the server at regular time; when the authentication is passed, the step of executing the operation command comprises: when the authentication is passed, the modification command is executed to modify the authentication key.
5. The method of claim 4, further comprising:
sending the modified authentication key to the server.
6. An apparatus for authentication based on host proxy service authority, applied to a server, the server communicating with a host, the apparatus comprising:
the proxy service generation module is used for generating proxy service based on communication parameters communicated with the host and a preset program package and sending the proxy service to the host so that the proxy service generates an authentication key according to the preset parameters and stores the authentication key; the communication parameters comprise the IP address of the host, the user name and the password of the operating system and the type of the operating system; the proxy service comprises the program package and an encrypted file generated according to the IP address of the host, the user name and the password of the operating system and the type of the operating system;
a key receiving module, configured to receive the authentication key sent by the proxy service through the host;
an operation command sending module, configured to send an operation command carrying the authentication key to the proxy service, so that the proxy service authenticates the operation right of the server according to the authentication key, and executes the operation command when the authentication is passed; the operation command comprises a modification command;
the operation command sending module is used for responding to the operation of replacing the authentication key and sending a modification command carrying the authentication key to the proxy service, or sending the modification command carrying the authentication key to the proxy service at regular time, so that the proxy service modifies the authentication key according to the modification command.
7. The apparatus of claim 6, wherein the key receiving module is further configured to receive a modified authentication key sent by the proxy service through the host.
8. The device is characterized by being applied to proxy service installed in a host, wherein the proxy service is communicated with a server through the host, the proxy service is generated by the server based on communication parameters and a preset program package, the communication parameters comprise an IP address of the host, a user name and a password of an operating system, and the type of the operating system; the proxy service comprises the program package and an encrypted file generated according to the IP address of the host, the user name and the password of the operating system and the type of the operating system; the device comprises:
the key generation module is used for generating an authentication key according to preset parameters and storing the authentication key;
a key sending module, configured to send the authentication key to the server;
the operation command receiving module is used for receiving the operation command which is sent by the server and carries the authentication key and authenticating the operation authority of the server according to the authentication key;
an operation command executing module, configured to execute the operation command when the authentication passes, where the operation command includes a modification command, and the modification command is sent to the proxy service by the server in response to an operation of replacing an authentication key or sent to the proxy service by the server at regular time; the operation command execution module is used for executing the modification command to modify the authentication key when the authentication is passed.
9. The apparatus of claim 8, wherein the key sending module is further configured to send the modified authentication key to the server.
CN201910625929.6A 2019-07-11 2019-07-11 Host proxy service authority authentication based method and device Active CN110417754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910625929.6A CN110417754B (en) 2019-07-11 2019-07-11 Host proxy service authority authentication based method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910625929.6A CN110417754B (en) 2019-07-11 2019-07-11 Host proxy service authority authentication based method and device

Publications (2)

Publication Number Publication Date
CN110417754A CN110417754A (en) 2019-11-05
CN110417754B true CN110417754B (en) 2021-12-07

Family

ID=68361138

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910625929.6A Active CN110417754B (en) 2019-07-11 2019-07-11 Host proxy service authority authentication based method and device

Country Status (1)

Country Link
CN (1) CN110417754B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114401133B (en) * 2022-01-13 2023-12-01 中电福富信息科技有限公司 Equipment monitoring vulnerability detection system based on agent

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350717A (en) * 2007-07-18 2009-01-21 中国移动通信集团公司 Method and system for logging on third party server through instant communication software
CN101493779A (en) * 2009-02-27 2009-07-29 中国工商银行股份有限公司 Remote terminal control method
CN103458034A (en) * 2013-09-04 2013-12-18 国云科技股份有限公司 Method for having access to SPICE protocol remote desktop through WEB page
CN108989302A (en) * 2018-07-04 2018-12-11 光大环保技术研究院(南京)有限公司 A kind of OPC based on key acts on behalf of connection system and connection method
CN109120616A (en) * 2018-08-16 2019-01-01 上海达梦数据库有限公司 A kind of identity identifying method, device, agency service end and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100925328B1 (en) * 2007-11-27 2009-11-04 한국전자통신연구원 Method and apparatus of managing entitlement management message for supporting mobility of dcas host
US9515999B2 (en) * 2011-12-21 2016-12-06 Ssh Communications Security Oyj Automated access, key, certificate, and credential management

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350717A (en) * 2007-07-18 2009-01-21 中国移动通信集团公司 Method and system for logging on third party server through instant communication software
CN101493779A (en) * 2009-02-27 2009-07-29 中国工商银行股份有限公司 Remote terminal control method
CN103458034A (en) * 2013-09-04 2013-12-18 国云科技股份有限公司 Method for having access to SPICE protocol remote desktop through WEB page
CN108989302A (en) * 2018-07-04 2018-12-11 光大环保技术研究院(南京)有限公司 A kind of OPC based on key acts on behalf of connection system and connection method
CN109120616A (en) * 2018-08-16 2019-01-01 上海达梦数据库有限公司 A kind of identity identifying method, device, agency service end and storage medium

Also Published As

Publication number Publication date
CN110417754A (en) 2019-11-05

Similar Documents

Publication Publication Date Title
JP3995338B2 (en) Network connection control method and system
US10574698B1 (en) Configuration and deployment of decoy content over a network
CN107122674B (en) Access method of oracle database applied to operation and maintenance auditing system
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
KR101177456B1 (en) Method for authenticating a user by using server and image forming apparatus using it
CN107483495B (en) Big data cluster host management method, management system and server
JP2009087035A (en) Encryption client device, encryption package distribution system, encryption container distribution system, encryption management server device, solftware module management device and software module management program
JP6572750B2 (en) Authentication control program, authentication control device, and authentication control method
CN106559405B (en) Portal authentication method and equipment
CN111460410A (en) Server login method, device and system and computer readable storage medium
CN113839966A (en) Security management system based on micro-service
JP3871630B2 (en) Access control apparatus and method
JP2022528711A (en) Destination addressing associated with the distributed ledger
CN110417754B (en) Host proxy service authority authentication based method and device
CN113194099B (en) Data proxy method and proxy server
CN111405550A (en) WhatsApp key file extraction method and device
CN111245791B (en) Single sign-on method for realizing management and IT service through reverse proxy
KR102118380B1 (en) An access control system of controlling server jobs by users
CN112953720A (en) Network request processing method, device, equipment and storage medium
JP2012064007A (en) Information processor, communication relay method and program
CN108989302B (en) OPC proxy connection system and connection method based on secret key
KR20060058546A (en) Method and apparatus for providing database encryption and access control
CN116132157A (en) Request tamper-proof method and device based on webpage element visibility verification
CN112364308A (en) Online authorized android APK signature method and device
KR100907416B1 (en) Web application patch automatic distribution system and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant