CN110719247A - Terminal network access method and device - Google Patents

Terminal network access method and device Download PDF

Info

Publication number
CN110719247A
CN110719247A CN201810760140.7A CN201810760140A CN110719247A CN 110719247 A CN110719247 A CN 110719247A CN 201810760140 A CN201810760140 A CN 201810760140A CN 110719247 A CN110719247 A CN 110719247A
Authority
CN
China
Prior art keywords
authentication
video network
authentication data
terminal
video
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810760140.7A
Other languages
Chinese (zh)
Other versions
CN110719247B (en
Inventor
胡贵超
赵明
牛永会
王艳辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visionvera Information Technology Co Ltd
Original Assignee
Visionvera Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visionvera Information Technology Co Ltd filed Critical Visionvera Information Technology Co Ltd
Priority to CN201810760140.7A priority Critical patent/CN110719247B/en
Publication of CN110719247A publication Critical patent/CN110719247A/en
Application granted granted Critical
Publication of CN110719247B publication Critical patent/CN110719247B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication

Abstract

The embodiment of the invention provides a terminal network access method and device, which are applied to a video network. The method comprises the following steps: after receiving a connection response signaling sent by a video network terminal, the video network server acquires initial authentication data and performs authentication processing on the initial authentication data to obtain equipment authentication information; the video network server sends an authentication signaling to the video network terminal, wherein the authentication signaling comprises equipment authentication information; the video network server receives an authentication response signaling returned by the video network terminal aiming at the authentication signaling; the authentication response signaling comprises recovered authentication data, and the recovered authentication data is obtained by recovering the equipment authentication information by the video network terminal; and the video network server determines whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data. The embodiment of the invention avoids the problem of data leakage in the video network after the terminal of the non-video network is accessed into the video network, and improves the security of the video network data.

Description

Terminal network access method and device
Technical Field
The invention relates to the technical field of video networking, in particular to a terminal networking method and a terminal networking device.
Background
The video networking is an important milestone for network development, is a real-time network, can realize high-definition video real-time transmission, and pushes a plurality of internet applications to high-definition video, and high-definition faces each other. The video networking adopts a real-time high-definition video exchange technology, can integrate required services such as dozens of services of video, voice, pictures, characters, communication, data and the like, such as high-definition video conference, video monitoring, intelligent monitoring analysis, emergency command, digital broadcast television, delayed television, network teaching, live broadcast, VOD on demand, television mail, personalized recording, intranet (self-office) channels, intelligent video broadcasting control, information distribution and the like, on a system platform, and realizes high-definition quality video playing through a television or a computer.
If the terminal wants to communicate through the video network, the terminal needs to be accessed into the video network firstly. In the prior art, when a terminal wants to access the video network, the terminal, whether the terminal is the video network or the non-video network, can receive the network access information sent by the video network server, and access the video network through the network access information.
However, data leakage in the video network may be caused after the non-video network terminal accesses the video network, and the security of the video network data is low.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are provided to provide a terminal network accessing method and a corresponding terminal network accessing device, which overcome or at least partially solve the above problems.
In order to solve the above problem, an embodiment of the present invention discloses a terminal network access method, which is applied to a video network, and the method includes:
after receiving a connection response signaling sent by a video network terminal, a video network server acquires initial authentication data and performs authentication processing on the initial authentication data to obtain equipment authentication information;
the video networking server sends an authentication signaling to the video networking terminal; the authentication signaling comprises the device authentication information;
the video network server receives an authentication response signaling returned by the video network terminal aiming at the authentication signaling; the authentication response signaling comprises recovered authentication data, and the recovered authentication data is obtained by recovering the equipment authentication information by the video networking terminal;
and the video network server determines whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data.
Preferably, the step of performing authentication processing on the initial authentication data to obtain device authentication information includes: the video network server encrypts the initial authentication data by adopting a preset authentication encryption algorithm to obtain encrypted authentication data; the video network server generates equipment authentication information according to the encrypted authentication data and the type of the authentication encryption algorithm; and the recovered authentication data is obtained by decrypting the encrypted authentication data by the video networking terminal by adopting the authentication encryption algorithm.
Preferably, the step of performing authentication processing on the initial authentication data to obtain device authentication information includes: the video network server compresses the initial authentication data by adopting a preset authentication compression algorithm and encrypts the initial authentication data by adopting a preset authentication encryption algorithm to obtain authentication data after compression and encryption; the video network server generates equipment authentication information according to the authentication data after compression and encryption, the type of the authentication compression algorithm and the type of the authentication encryption algorithm; and the recovered authentication data is obtained by decrypting the authentication data after compression and encryption by the video network terminal by adopting the authentication encryption algorithm and decompressing by adopting the authentication compression algorithm.
Preferably, the step of determining, by the video network server, whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data includes: the video network server compares the recovered authentication data with the initial authentication data; and if the recovered authentication data is consistent with the initial authentication data, determining that the video networking terminal is allowed to access the network.
Preferably, the connection response signaling, the authentication signaling and the authentication response signaling are all signaling based on a 64-bit video networking protocol encapsulation.
On the other hand, the embodiment of the invention also discloses a terminal network access method, which is applied to the video network and comprises the following steps:
the video network terminal receives an authentication signaling sent by the video network server; the authentication signaling comprises equipment authentication information, and the equipment authentication information is obtained by acquiring initial authentication data and performing authentication processing on the initial authentication data after the video network server receives a connection response signaling sent by the video network terminal;
the video network terminal recovers the equipment authentication information to obtain recovered authentication data;
the video network terminal returns an authentication response signaling to the video network server; the authentication response signaling comprises the recovered authentication data; and the recovered authentication data and the initial authentication data are used as the basis for the video network server to determine whether the video network terminal is allowed to access the network.
Preferably, the device authentication information is generated by the video network server by encrypting the initial authentication data by adopting a preset authentication encryption algorithm to obtain encrypted authentication data and according to the encrypted authentication data and the type of the authentication encryption algorithm; the step that the video network terminal recovers the equipment authentication information to obtain recovered authentication data comprises the following steps: and the video network terminal decrypts the encrypted authentication data by adopting the authentication encryption algorithm to obtain the recovered authentication data.
Preferably, the device authentication information is generated by the video network server by compressing the initial authentication data by using a preset authentication compression algorithm, encrypting the initial authentication data by using a preset authentication encryption algorithm to obtain compressed and encrypted authentication data, and generating the authentication information according to the compressed and encrypted authentication data, the type of the authentication compression algorithm and the type of the authentication encryption algorithm; the step that the video network terminal recovers the equipment authentication information to obtain recovered authentication data comprises the following steps: and the video network terminal decrypts the authentication data after the compression and encryption by adopting the authentication and encryption algorithm and decompresses by adopting the authentication and compression algorithm to obtain the recovered authentication data.
On the other hand, the embodiment of the invention also discloses a terminal network access device, which is applied to the video network and comprises the following components:
the authentication module is used for acquiring initial authentication data after receiving a connection response signaling sent by the video networking terminal, and authenticating the initial authentication data to obtain equipment authentication information;
the first sending module is used for sending an authentication signaling to the video networking terminal; the authentication signaling comprises the device authentication information;
the first receiving module is used for receiving an authentication response signaling returned by the video network terminal aiming at the authentication signaling; the authentication response signaling comprises recovered authentication data, and the recovered authentication data is obtained by recovering the equipment authentication information by the video networking terminal;
and the determining module is used for determining whether the video network terminal is allowed to access the network according to the recovered authentication data and the initial authentication data.
On the other hand, the embodiment of the invention also discloses a terminal network access device, which is applied to the video network and comprises the following components:
the second receiving module is used for receiving the authentication signaling sent by the video network server; the authentication signaling comprises equipment authentication information, and the equipment authentication information is obtained by acquiring initial authentication data and performing authentication processing on the initial authentication data after the video network server receives a connection response signaling sent by the video network terminal;
the recovery module is used for recovering the equipment authentication information to obtain recovered authentication data;
the second sending module is used for returning an authentication response signaling to the video networking server; the authentication response signaling comprises the recovered authentication data; and the recovered authentication data and the initial authentication data are used as the basis for the video network server to determine whether the video network terminal is allowed to access the network.
In the embodiment of the invention, after receiving a connection response signaling sent by a video network terminal, a video network server acquires initial authentication data and performs authentication processing on the initial authentication data to obtain equipment authentication information; the video network server sends an authentication signaling to the video network terminal, wherein the authentication signaling comprises equipment authentication information; the video network terminal recovers the equipment authentication information to obtain recovered authentication data and returns an authentication response signaling to the video network server, wherein the authentication response signaling comprises the recovered authentication data; and the video network server determines whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data. Therefore, the authentication mechanism of the terminal to be accessed is added, the video network server and the video network terminal can negotiate related information of the authentication process in advance, and when the terminal is to be accessed to the video network, the video network server can verify whether the terminal is allowed to be accessed to the network, so that the problem of data leakage in the video network after the terminal which is not the video network is accessed to the video network is solved, and the security of the video network data is improved.
Drawings
FIG. 1 is a schematic networking diagram of a video network of the present invention;
FIG. 2 is a schematic diagram of a hardware architecture of a node server according to the present invention;
fig. 3 is a schematic diagram of a hardware structure of an access switch of the present invention;
fig. 4 is a schematic diagram of a hardware structure of an ethernet protocol conversion gateway according to the present invention;
fig. 5 is a flowchart illustrating steps of a terminal network access method according to a first embodiment of the present invention;
fig. 6 is a flowchart illustrating steps of a terminal network access method according to a second embodiment of the present invention;
FIG. 7 is a diagram of device interaction for a video network according to a third embodiment of the present invention;
fig. 8 is a schematic signaling interaction diagram of a terminal network access process according to a third embodiment of the present invention;
fig. 9 is a block diagram of a terminal network access device according to a fourth embodiment of the present invention;
fig. 10 is a block diagram of a terminal network access device according to a fifth embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
To better understand the embodiments of the present invention, the following description refers to the internet of view:
some of the technologies applied in the video networking are as follows:
network Technology (Network Technology)
Network technology innovation in video networking has improved over traditional Ethernet (Ethernet) to face the potentially enormous video traffic on the network. Unlike pure network Packet Switching (Packet Switching) or network circuit Switching (circuit Switching), the Packet Switching is adopted by the technology of the video networking to meet the Streaming requirement. The video networking technology has the advantages of flexibility, simplicity and low price of packet switching, and simultaneously has the quality and safety guarantee of circuit switching, thereby realizing the seamless connection of the whole network switching type virtual circuit and the data format.
Switching Technology (Switching Technology)
The video network adopts two advantages of asynchronism and packet switching of the Ethernet, eliminates the defects of the Ethernet on the premise of full compatibility, has end-to-end seamless connection of the whole network, is directly communicated with a user terminal, and directly bears an IP data packet. The user data does not require any format conversion across the entire network. The video networking is a higher-level form of the Ethernet, is a real-time exchange platform, can realize the real-time transmission of the whole-network large-scale high-definition video which cannot be realized by the existing Internet, and pushes a plurality of network video applications to high-definition and unification.
Server Technology (Server Technology)
The server technology on the video networking and unified video platform is different from the traditional server, the streaming media transmission of the video networking and unified video platform is established on the basis of connection orientation, the data processing capacity of the video networking and unified video platform is independent of flow and communication time, and a single network layer can contain signaling and data transmission. For voice and video services, the complexity of video networking and unified video platform streaming media processing is much simpler than that of data processing, and the efficiency is greatly improved by more than one hundred times compared with that of a traditional server.
Storage Technology (Storage Technology)
The super-high speed storage technology of the unified video platform adopts the most advanced real-time operating system in order to adapt to the media content with super-large capacity and super-large flow, the program information in the server instruction is mapped to the specific hard disk space, the media content is not passed through the server any more, and is directly sent to the user terminal instantly, and the general waiting time of the user is less than 0.2 second. The optimized sector distribution greatly reduces the mechanical motion of the magnetic head track seeking of the hard disk, the resource consumption only accounts for 20% of that of the IP internet of the same grade, but concurrent flow which is 3 times larger than that of the traditional hard disk array is generated, and the comprehensive efficiency is improved by more than 10 times.
Network Security Technology (Network Security Technology)
The structural design of the video network completely eliminates the network security problem troubling the internet structurally by the modes of independent service permission control each time, complete isolation of equipment and user data and the like, generally does not need antivirus programs and firewalls, avoids the attack of hackers and viruses, and provides a structural carefree security network for users.
Service Innovation Technology (Service Innovation Technology)
The unified video platform integrates services and transmission, and is not only automatically connected once whether a single user, a private network user or a network aggregate. The user terminal, the set-top box or the PC are directly connected to the unified video platform to obtain various multimedia video services in various forms. The unified video platform adopts a menu type configuration table mode to replace the traditional complex application programming, can realize complex application by using very few codes, and realizes infinite new service innovation.
Networking of the video network is as follows:
the video network is a centralized control network structure, and the network can be a tree network, a star network, a ring network and the like, but on the basis of the centralized control node, the whole network is controlled by the centralized control node in the network.
As shown in fig. 1, the video network is divided into an access network and a metropolitan network.
The devices of the access network part can be mainly classified into 3 types: node server, access switch, terminal (including various set-top boxes, coding boards, memories, etc.). The node server is connected to an access switch, which may be connected to a plurality of terminals and may be connected to an ethernet network.
The node server is a node which plays a centralized control function in the access network and can control the access switch and the terminal. The node server can be directly connected with the access switch or directly connected with the terminal.
Similarly, devices of the metropolitan network portion may also be classified into 3 types: a metropolitan area server, a node switch and a node server. The metro server is connected to a node switch, which may be connected to a plurality of node servers.
The node server is a node server of the access network part, namely the node server belongs to both the access network part and the metropolitan area network part.
The metropolitan area server is a node which plays a centralized control function in the metropolitan area network and can control a node switch and a node server. The metropolitan area server can be directly connected with the node switch or directly connected with the node server.
Therefore, the whole video network is a network structure with layered centralized control, and the network controlled by the node server and the metropolitan area server can be in various structures such as tree, star and ring.
The access network part can form a unified video platform (the part in the dotted circle), and a plurality of unified video platforms can form a video network; each unified video platform may be interconnected via metropolitan area and wide area video networking.
Video networking device classification
1.1 devices in the video network of the embodiment of the present invention can be mainly classified into 3 types: servers, switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.). The video network as a whole can be divided into a metropolitan area network (or national network, global network, etc.) and an access network.
1.2 wherein the devices of the access network part can be mainly classified into 3 types: node servers, access switches (including ethernet gateways), terminals (including various set-top boxes, code boards, memories, etc.).
The specific hardware structure of each access network device is as follows:
a node server:
as shown in fig. 2, the system mainly includes a network interface module 201, a switching engine module 202, a CPU module 203, and a disk array module 204;
the network interface module 201, the CPU module 203, and the disk array module 204 all enter the switching engine module 202; the switching engine module 202 performs an operation of looking up the address table 205 on the incoming packet, thereby obtaining the direction information of the packet; and stores the packet in a queue of the corresponding packet buffer 206 based on the packet's steering information; if the queue of the packet buffer 206 is nearly full, it is discarded; the switching engine module 202 polls all packet buffer queues for forwarding if the following conditions are met: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero. The disk array module 204 mainly implements control over the hard disk, including initialization, read-write, and other operations on the hard disk; the CPU module 203 is mainly responsible for protocol processing with an access switch and a terminal (not shown in the figure), configuring an address table 205 (including a downlink protocol packet address table, an uplink protocol packet address table, and a data packet address table), and configuring the disk array module 204.
The access switch:
as shown in fig. 3, the network interface module mainly includes a network interface module (a downlink network interface module 301 and an uplink network interface module 302), a switching engine module 303 and a CPU module 304;
wherein, the packet (uplink data) coming from the downlink network interface module 301 enters the packet detection module 305; the packet detection module 305 detects whether the Destination Address (DA), the Source Address (SA), the packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id) and enters the switching engine module 303, otherwise, discards the stream identifier; the packet (downstream data) coming from the upstream network interface module 302 enters the switching engine module 303; the data packet coming from the CPU module 204 enters the switching engine module 303; the switching engine module 303 performs an operation of looking up the address table 306 on the incoming packet, thereby obtaining the direction information of the packet; if the packet entering the switching engine module 303 is from the downstream network interface to the upstream network interface, the packet is stored in the queue of the corresponding packet buffer 307 in association with the stream-id; if the queue of the packet buffer 307 is nearly full, it is discarded; if the packet entering the switching engine module 303 is not from the downlink network interface to the uplink network interface, the data packet is stored in the queue of the corresponding packet buffer 307 according to the guiding information of the packet; if the queue of the packet buffer 307 is nearly full, it is discarded.
The switching engine module 303 polls all packet buffer queues, which in this embodiment of the present invention is divided into two cases:
if the queue is from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queued packet counter is greater than zero; 3) obtaining a token generated by a code rate control module;
if the queue is not from the downlink network interface to the uplink network interface, the following conditions are met for forwarding: 1) the port send buffer is not full; 2) the queue packet counter is greater than zero.
The rate control module 208 is configured by the CPU module 204, and generates tokens for packet buffer queues from all downstream network interfaces to upstream network interfaces at programmable intervals to control the rate of upstream forwarding.
The CPU module 304 is mainly responsible for protocol processing with the node server, configuration of the address table 306, and configuration of the code rate control module 308.
Ethernet protocol conversion gateway
As shown in fig. 4, the apparatus mainly includes a network interface module (a downlink network interface module 401 and an uplink network interface module 402), a switching engine module 403, a CPU module 404, a packet detection module 405, a rate control module 408, an address table 406, a packet buffer 407, a MAC adding module 409, and a MAC deleting module 410.
Wherein, the data packet coming from the downlink network interface module 401 enters the packet detection module 405; the packet detection module 405 detects whether the ethernet MAC DA, the ethernet MAC SA, the ethernet length or frame type, the video network destination address DA, the video network source address SA, the video network packet type, and the packet length of the packet meet the requirements, and if so, allocates a corresponding stream identifier (stream-id); then, the MAC deletion module 410 subtracts MAC DA, MAC SA, length or frame type (2byte) and enters the corresponding receiving buffer, otherwise, discards it;
the downlink network interface module 401 detects the sending buffer of the port, and if there is a packet, acquires the ethernet MAC DA of the corresponding terminal according to the video networking destination address DA of the packet, adds the ethernet MAC DA of the terminal, the MACSA of the ethernet coordination gateway, and the ethernet length or frame type, and sends the packet.
The other modules in the ethernet protocol gateway function similarly to the access switch.
A terminal:
the system mainly comprises a network interface module, a service processing module and a CPU module; for example, the set-top box mainly comprises a network interface module, a video and audio coding and decoding engine module and a CPU module; the coding board mainly comprises a network interface module, a video and audio coding engine module and a CPU module; the memory mainly comprises a network interface module, a CPU module and a disk array module.
1.3 devices of the metropolitan area network part can be mainly classified into 2 types: node server, node exchanger, metropolitan area server. The node switch mainly comprises a network interface module, a switching engine module and a CPU module; the metropolitan area server mainly comprises a network interface module, a switching engine module and a CPU module.
2. Video networking packet definition
2.1 Access network packet definition
The data packet of the access network mainly comprises the following parts: destination Address (DA), Source Address (SA), reserved bytes, payload (pdu), CRC.
As shown in the following table, the data packet of the access network mainly includes the following parts:
DA SA Reserved Payload CRC
wherein:
the Destination Address (DA) is composed of 8 bytes (byte), the first byte represents the type of the data packet (such as various protocol packets, multicast data packets, unicast data packets, etc.), there are 256 possibilities at most, the second byte to the sixth byte are metropolitan area network addresses, and the seventh byte and the eighth byte are access network addresses;
the Source Address (SA) is also composed of 8 bytes (byte), defined as the same as the Destination Address (DA);
the reserved byte consists of 2 bytes;
the payload part has different lengths according to different types of data packets, and is 64 bytes if the data packet is a variety of protocol packets, and is 32+1024 or 1056 bytes if the data packet is a unicast data packet, of course, the length is not limited to the above 2 types;
the CRC consists of 4 bytes and is calculated in accordance with the standard ethernet CRC algorithm.
2.2 metropolitan area network packet definition
The topology of a metropolitan area network is a graph and there may be 2, or even more than 2, connections between two devices, i.e., there may be more than 2 connections between a node switch and a node server, a node switch and a node switch, and a node switch and a node server. However, the metro network address of the metro network device is unique, and in order to accurately describe the connection relationship between the metro network devices, parameters are introduced in the embodiment of the present invention: a label to uniquely describe a metropolitan area network device.
In this specification, the definition of the Label is similar to that of the Label of MPLS (Multi-Protocol Label Switch), and assuming that there are two connections between the device a and the device B, there are 2 labels for the packet from the device a to the device B, and 2 labels for the packet from the device B to the device a. The label is classified into an incoming label and an outgoing label, and assuming that the label (incoming label) of the packet entering the device a is 0x0000, the label (outgoing label) of the packet leaving the device a may become 0x 0001. The network access process of the metro network is a network access process under centralized control, that is, address allocation and label allocation of the metro network are both dominated by the metro server, and the node switch and the node server are both passively executed, which is different from label allocation of MPLS, and label allocation of MPLS is a result of mutual negotiation between the switch and the server.
As shown in the following table, the data packet of the metro network mainly includes the following parts:
DA SA Reserved label (R) Payload CRC
Namely Destination Address (DA), Source Address (SA), Reserved byte (Reserved), tag, payload (pdu), CRC. The format of the tag may be defined by reference to the following: the tag is 32 bits with the upper 16 bits reserved and only the lower 16 bits used, and its position is between the reserved bytes and payload of the packet.
Based on the characteristics of the video network, the terminal network access scheme provided by the embodiment of the invention is added with a terminal authentication mechanism, so that the terminal of the non-video network can be prohibited from accessing the network, and the security of video network data is improved.
Example one
Referring to fig. 5, a flowchart illustrating a step of a terminal network access method according to a first embodiment of the present invention is shown. The method can be applied to the video network, and introduces the terminal network access method from the video network server side. The video network terminal can be a set-top box and the like.
The terminal network access method of the embodiment of the invention can comprise the following steps:
step 501, after receiving a connection response signaling sent by a video network terminal, a video network server obtains initial authentication data, and performs authentication processing on the initial authentication data to obtain equipment authentication information.
The embodiment of the invention sets a new video networking protocol, which is applied to the process of accessing the video networking terminal to the video networking. Preferably, the video networking protocol can be a 64-bit video networking protocol, and various signaling transmitted between the video networking terminal and the video networking server can be signaling encapsulated based on the 64-bit video networking protocol.
In the embodiment of the invention, when the video network server detects that the video network terminal wants to access the video network, the video network server can send the connection signaling to the video network terminal through the video network in the form of the broadcast packet.
The connection signaling is the first step in the network entry process. The administrator (i.e. the video network server) transmits the necessary initial parameters including the device types, the device identifications and the like of the two parties to the administrator (i.e. the video network terminal) through the message. The signaling is encapsulated using a connection protocol, i.e. the type of the video networking address is a connection address. The 9 bytes of the connection address of the administrator are all 0xff, and the 9 bytes of the connection address of the managed are all the logical port addresses thereof.
After receiving the connection signaling, the video network terminal may return a connection response signaling to the video network server through the video network for the connection signaling. After receiving a connection response signaling sent by a video network terminal, the video network server acquires initial authentication data and performs authentication processing on the initial authentication data to obtain equipment authentication information.
The initial authentication data can be used as a basis for authenticating the video networking terminal. The server of the video network can also store the initial authentication data for subsequent authentication.
In a preferred embodiment, the initial authentication data may be preset. Accordingly, the process of obtaining initial authentication data may include: and the video network server acquires preset initial authentication data.
In a preferred embodiment, the initial authentication data may also be randomly generated. Accordingly, the process of obtaining initial authentication data may include: the server of the video network randomly generates initial authentication data. Such as a random number, may be generated as the initial authentication data.
The video network server can perform authentication processing on the initial authentication data to obtain equipment authentication information, so that a subsequent video network terminal performs related processing according to the equipment authentication information.
In a preferred embodiment, the initial authentication data may be encrypted by the video network server in order to improve the security of the data. Therefore, the step of performing authentication processing on the initial authentication data by the video network server to obtain the device authentication information may include: the video network server encrypts the initial authentication data by adopting a preset authentication encryption algorithm to obtain encrypted authentication data; and generating equipment authentication information according to the encrypted authentication data and the type of the authentication encryption algorithm. In particular, the video network server may generate device authentication information including encrypted authentication data and the type of authentication encryption algorithm. For a specific encryption process, those skilled in the art may perform related processing according to actual experience, and this is not discussed in detail in the embodiments of the present invention.
Preferably, the Base64 algorithm may be used as the authentication encryption algorithm to encrypt the initial authentication data, so the type of the authentication encryption algorithm is the Base64 algorithm. The Base64 algorithm is one of the encoding methods for transmitting 8-Bit byte codes, and the Base64 algorithm is a method for representing binary data based on 64 printable characters. Of course, those skilled in the art may also use any other suitable encryption algorithm to encrypt the initial authentication data, and the embodiment of the present invention is not limited thereto.
In a preferred embodiment, to increase the security of the data and reduce the amount of data transmitted over the network, the video network server may compress and encrypt the initial authentication data. Therefore, the step of performing authentication processing on the initial authentication data by the video network server to obtain the device authentication information may include: the video network server compresses the initial authentication data by adopting a preset authentication compression algorithm and encrypts the initial authentication data by adopting a preset authentication encryption algorithm to obtain authentication data after compression and encryption; and the video network server generates equipment authentication information according to the authentication data after compression and encryption, the type of the authentication compression algorithm and the type of the authentication encryption algorithm. Specifically, the video network server may generate device authentication information including the compression-encrypted authentication data, the type of the authentication compression algorithm, and the type of the authentication encryption algorithm. For the specific compression process and encryption process, those skilled in the art may perform related processing according to actual experience, and this will not be discussed in detail in the embodiments of the present invention.
Preferably, a PackBits algorithm may be adopted as the authentication compression algorithm, and thus the type of the authentication compression algorithm is the PackBits algorithm. The PackBits algorithm Chinese translation is a compression algorithm, is a rapid and simple lossless compression scheme, and is used for running length coding of data. This compression scheme is one of the types of compression that can be used in TIFF files. TGA files also use this RLE (Run-Length Encoding) compression scheme, but treat the data stream as pixels rather than bytes. A PackBits data stream consists of packets containing a byte header. The header is a signed byte; the data may be signed, unsigned, or packed (e.g., MacPaint pixels). The Base64 algorithm may be used as the authentication encryption algorithm to encrypt the initial authentication data, so the type of the authentication encryption algorithm is the Base64 algorithm. Of course, any other suitable encryption algorithm and compression algorithm may be used by those skilled in the art, and the embodiment of the present invention is not limited thereto.
Step 502, the video network server sends an authentication signaling to the video network terminal.
And the video network server adds the equipment authentication information into an authentication signaling and sends the authentication signaling to the video network terminal through the video network.
The authentication signaling is the second step in the network entry process. The manager (namely the video network server) can authenticate the identity of the managed person (namely the video network terminal) through the message, thereby improving the security of the network. The signaling is encapsulated using a connection protocol, i.e. the type of the video networking address is a connection address. The 9 bytes of the connection address of the administrator are all 0xff, and the 9 bytes of the connection address of the managed are all the logical port addresses thereof.
Step 503, the video network server receives an authentication response signaling returned by the video network terminal for the authentication signaling.
After receiving the authentication signaling, the video networking terminal may recover the device authentication information included in the authentication signaling to obtain recovered authentication data.
In a preferred embodiment, the device authentication information may include encrypted authentication data and a type of authentication encryption algorithm, corresponding to a manner in which the above-mentioned video network server encrypts the initial authentication data. Therefore, the terminal of the video network can decrypt the encrypted authentication data included in the device authentication information by using the authentication encryption algorithm corresponding to the type of the authentication encryption algorithm included in the device authentication information, so as to obtain decrypted authentication data, and the decrypted authentication data is used as recovered authentication data. For example, the video network server encrypts the initial authentication data by using the Base64 algorithm, and the video network terminal decrypts the encrypted authentication data by using the Base64 algorithm. For a specific decryption process, a person skilled in the art may perform related processing according to actual experience, and this is not discussed in detail in the embodiments of the present invention.
In a preferred embodiment, the device authentication information may include compressed and encrypted authentication data, a type of authentication compression algorithm, and a type of authentication encryption algorithm, corresponding to a manner in which the above-mentioned video network server compresses and encrypts the initial authentication data. Therefore, the terminal of the video network can decrypt the compressed and encrypted authentication data included in the device authentication information by using the authentication encryption algorithm corresponding to the type of the authentication encryption algorithm included in the device authentication information, and decompress the compressed and encrypted authentication data by using the authentication compression algorithm corresponding to the type of the authentication compression algorithm included in the device authentication information, so as to obtain the decrypted and decompressed authentication data, and the decrypted and decompressed authentication data is used as the recovered authentication data. For example, the video network server compresses by using a PackBits algorithm, encrypts by using a Base64 algorithm, decrypts by using a Base64 algorithm, and decompresses by using a PackBits algorithm. For the specific decryption process and decompression process, those skilled in the art may perform related processing according to actual experience, and this is not discussed in detail in the embodiments of the present invention.
And the video network terminal adds the recovered authentication data into an authentication response signaling, and returns the authentication response signaling comprising the recovered authentication data to the video network server through the video network aiming at the authentication signaling.
Step 504, the video network server determines whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data.
And after receiving the authentication response signaling sent by the video network terminal, the video network server acquires the recovered authentication data included in the authentication response signaling, and determines whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data stored before.
In a preferred embodiment, this step 504 may include: the video network server compares the recovered authentication data with the initial authentication data; if the recovered authentication data is consistent with the initial authentication data, determining that the video networking terminal is allowed to access the network; and if not, forbidding the video networking terminal to access the network.
If the terminal of the video network and the server of the video network negotiate in advance and agree with an authentication encryption algorithm, an authentication compression algorithm and the like, the terminal of the video network recovers the equipment authentication information sent by the server of the video network, and the obtained recovered authentication data is consistent with the initial authentication data, so that the server of the video network allows the terminal of the video network to access the network. If the terminal is a non-video network terminal, even if the terminal receives the connection signaling in the form of the broadcast packet sent by the video network server, the terminal cannot accurately recover the equipment authentication information sent by the video network server because the terminal does not negotiate with the video network server, and the recovered authentication data consistent with the initial authentication data is obtained, so that the video network server prohibits the non-video network terminal from accessing the network.
In the embodiment of the invention, after the video network server determines that the video network terminal is allowed to access the network, the video network server can also send a login signaling to the video network terminal through the video network.
The login signaling is the third step in the network access process. The administrator (i.e. the video network server) transmits necessary network access parameters including the device numbers, logical addresses and the like of the two parties to the administrator (i.e. the video network terminal) through the message. The signaling is encapsulated using a connection protocol, i.e. the type of the video networking address is a connection address. The 9 bytes of the connection address of the administrator are all 0xff, and the 9 bytes of the connection address of the managed are all the logical port addresses thereof.
After the video network terminal receives the login signaling, a login response signaling can be returned to the video network server through the video network aiming at the login signaling. After the video network server receives the login response signaling, the video network terminal is successfully accessed to the video network.
The embodiment of the invention adds an authentication mechanism for the terminal to be accessed, the video network server and the video network terminal can negotiate related information of an authentication process in advance, and when the terminal is to be accessed into the video network, the video network server can verify whether the terminal is allowed to be accessed into the network, so that the problem of data leakage in the video network after the terminal which is not the video network is accessed into the video network is avoided, and the security of the video network data is improved.
Example two
Referring to fig. 6, a flowchart illustrating a step of a terminal network access method according to a second embodiment of the present invention is shown. The method is applied to the video network, and introduces a terminal network access method from a video network terminal side.
The terminal network access method of the embodiment of the invention can comprise the following steps:
step 601, the terminal of the video network receives the authentication signaling sent by the server of the video network.
As described in the first embodiment, when the video network server detects that there is a video network terminal that wants to access the video network, the video network server may send a connection signaling to the video network terminal through the video network in the form of a broadcast packet. After receiving the connection signaling, the video network terminal may return a connection response signaling to the video network server through the video network for the connection signaling. After receiving a connection response signaling sent by a video network terminal, the video network server acquires initial authentication data and performs authentication processing on the initial authentication data to obtain equipment authentication information. And the video network server sends the authentication signaling comprising the equipment authentication information to the video network terminal through the video network.
Step 602, the video network terminal performs recovery processing on the device authentication information to obtain recovered authentication data.
And after receiving the authentication signaling, the video network terminal recovers the equipment authentication information contained in the authentication signaling to obtain recovered authentication data.
In a preferred implementation manner, corresponding to the way in which the video network server encrypts the initial authentication data in the first embodiment, the device authentication information is generated by the video network server by encrypting the initial authentication data by using a preset authentication encryption algorithm to obtain encrypted authentication data, and according to the encrypted authentication data and the type of the authentication encryption algorithm. This step 602 may include: and the video network terminal decrypts the encrypted authentication data by adopting the authentication encryption algorithm to obtain the recovered authentication data.
In a preferred embodiment, corresponding to the way in which the video network server compresses and encrypts the initial authentication data in the first embodiment, the device authentication information is generated by the video network server by compressing the initial authentication data by using a preset authentication compression algorithm, encrypting the initial authentication data by using a preset authentication encryption algorithm to obtain compressed and encrypted authentication data, and generating the authentication information according to the compressed and encrypted authentication data, the type of the authentication compression algorithm, and the type of the authentication encryption algorithm. This step 602 may include: and the video network terminal decrypts the authentication data after the compression and encryption by adopting the authentication and encryption algorithm and decompresses by adopting the authentication and compression algorithm to obtain the recovered authentication data.
Step 603, the terminal of the video network returns an authentication response signaling to the server of the video network.
And the video network terminal adds the recovered authentication data into an authentication response signaling, and returns the authentication response signaling comprising the recovered authentication data to the video network server through the video network aiming at the authentication signaling.
After receiving the authentication response signaling sent by the video network terminal, the video network server acquires the recovered authentication data included in the authentication response signaling, namely, whether the video network terminal is allowed to access the network is determined according to the recovered authentication data and the initial authentication data stored before.
And after determining that the video network terminal is allowed to access the network, the video network server can also send a login signaling to the video network terminal through the video network. After the video network terminal receives the login signaling, a login response signaling can be returned to the video network server through the video network aiming at the login signaling. After the video network server receives the login response signaling, the video network terminal is successfully accessed to the video network.
The process of the embodiment of the present invention is substantially similar to that of the first embodiment, and specific reference is made to the description of the first embodiment, and the embodiment of the present invention is not discussed in detail herein.
EXAMPLE III
Referring to fig. 7, a schematic diagram of device interaction of a video network according to a third embodiment of the present invention is shown. As can be seen from fig. 7, the terminal and the server of the video network can implement bidirectional interaction through the video network, that is, various signaling, data, and the like sent between the terminal and the server of the video network are all sent through the video network.
At present, the network access process based on the 16-bit video networking protocol is as follows:
query signaling (8a01 protocol) for S- > C devices;
query response signaling (8a03 protocol) for C- > S devices;
network entry signaling (8a11 protocol) for S- > C devices;
network entry response signaling (8a12 protocol) for C- > S devices;
5. and the equipment successfully accesses the network and receives the heartbeat signaling.
Wherein, S represents a server, namely a video network server; and C represents a client, namely a video networking terminal.
The video network server sends the query signaling in a broadcast packet mode, and the query signaling can be received by both a video network terminal and a non-video network terminal, so that data leakage is easily caused. Aiming at the problems, the embodiment of the invention provides a new network access process based on a 64-bit video networking protocol.
Referring to fig. 8, a signaling interaction diagram of a terminal network access process according to a third embodiment of the present invention is shown. The terminal network access process is based on a 64-bit video networking protocol.
The network access process based on the 64-bit visual networking protocol can comprise the following steps:
connection signaling (0001 protocol) for S- > C devices;
connection response signaling (1001 protocol) for C- > S devices;
authentication signaling (0002 protocol) of S- > C devices;
authentication response signaling (1002 protocol) of C- > S devices;
s- > C device' S login signaling (0003 protocol);
c- > S device' S login response signaling (1003 protocol);
7. the device successfully accesses the network, and the heartbeat signaling (2001 protocol) of the S- > C device;
heartbeat response signaling (3001 protocol) of C- > S devices.
Wherein, S represents a server, namely a video network server; and C represents a client, namely a video network terminal. Specifically, as shown in fig. 8, the video networking terminal sends a signaling to the video networking server through the terminal protocol network access module, or receives a signaling sent by the video networking server; and the video network server sends a signaling to the terminal protocol network access module through the server protocol network access module or receives the signaling sent by the terminal protocol network access module. And the terminal protocol network access module and the server protocol network access module perform bidirectional interaction through the video network.
In the embodiment of the invention, a base64 encryption algorithm and a packetbit compression algorithm are added in the stages of the steps 3 and 4, so that the completeness of the video networking is enhanced, and some security problems are avoided. Specifically, the terminal network access process may include the following steps:
1. the server sends connection signaling (0001 protocol) in the form of broadcast packets.
2. The client receives the broadcast packet of the server and replies a connection response signaling (1001 protocol) to the server.
3. The server sends authentication signaling (0002 protocol) to the client.
3.1 the authentication signaling contains compressed and encrypted authentication data and types of authentication algorithms (base64 encryption algorithm and packetbit compression algorithm), wherein the compressed and encrypted authentication data is data obtained by compressing an initial authentication random number through the packetbit compression algorithm and encrypting through a base64 encryption algorithm;
3.2 the server will save a copy of unprocessed initial authentication random number locally, and then compare it for use.
4. The client replies authentication response signaling (1002 protocol) to the server.
4.1 after receiving the authentication signaling sent by the server, the client decrypts the compressed and encrypted authentication data through the corresponding base64 encryption algorithm, decompresses the authentication data through the corresponding packetbit compression algorithm, and completes the recovery processing of the data to obtain the recovered authentication data;
4.2 the client sends an authentication response signaling to the server including the recovered authentication data.
5. The server sends a login signaling (0003 protocol) to the client.
5.1 after receiving the authentication response signaling, the server compares the initial authentication random number recorded locally with the recovered authentication data, if the initial authentication random number is consistent with the recovered authentication data, the server can continue to perform equipment login operation and send a login signaling to the client; if the two are not consistent, subsequent steps are not available, the login signaling is not sent to the client, and the terminal cannot access the network.
6. The client sends a login response signaling (1003 protocol) to the server.
7. The server sends heartbeat signaling (2001 protocol) to the client. And after the server receives the login response signaling sent by the client, the client successfully accesses the network.
8. The client replies heartbeat response signaling (3001 protocol) to the server.
The server is a video network server, and the client is a video network terminal.
In the embodiment of the invention, a new 64-bit video networking protocol is added with a security strategy such as a base64 encryption algorithm and a packetbit algorithm, and a security authentication mechanism is added in an equipment authentication stage, so that some illegal equipment cannot receive data packets except for connection signaling in the video networking, the security problem caused by terminal access of non-video networking is avoided, the situations that data is stolen or user information is stolen are avoided, and the completeness of the video networking is enhanced.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Example four
Referring to fig. 9, a block diagram of a terminal network access device according to a fourth embodiment of the present invention is shown. The device can be applied to the video network, and particularly applied to a video network server.
The terminal network access device of the embodiment may include the following modules located in the video network server:
the authentication module 901 is configured to obtain initial authentication data after receiving a connection response signaling sent by the video network terminal, and perform authentication processing on the initial authentication data to obtain device authentication information;
a first sending module 902, configured to send an authentication signaling to the video networking terminal; the authentication signaling comprises the device authentication information;
a first receiving module 903, configured to receive an authentication response signaling returned by the video network terminal for the authentication signaling; the authentication response signaling comprises recovered authentication data, and the recovered authentication data is obtained by recovering the equipment authentication information by the video networking terminal;
a determining module 904, configured to determine whether to allow the video networking terminal to access the network according to the recovered authentication data and the initial authentication data.
Preferably, the authentication module 901 is specifically configured to encrypt the initial authentication data by using a preset authentication encryption algorithm to obtain encrypted authentication data; and generating equipment authentication information according to the encrypted authentication data and the type of the authentication encryption algorithm. Correspondingly, the recovered authentication data is obtained by decrypting the encrypted authentication data by the video networking terminal by adopting the authentication encryption algorithm.
Preferably, the authentication module 901 is specifically configured to compress the initial authentication data by using a preset authentication compression algorithm, and encrypt the initial authentication data by using a preset authentication encryption algorithm to obtain compressed and encrypted authentication data; and generating equipment authentication information according to the authentication data after the compression and encryption, the type of the authentication compression algorithm and the type of the authentication encryption algorithm. Correspondingly, the recovered authentication data is obtained by decrypting the compressed and encrypted authentication data by the video network terminal by adopting the authentication encryption algorithm and decompressing by adopting the authentication compression algorithm.
Preferably, the determining module 904 is specifically configured to compare the recovered authentication data with the initial authentication data; and if the recovered authentication data is consistent with the initial authentication data, determining that the video networking terminal is allowed to access the network.
Preferably, the connection response signaling, the authentication signaling and the authentication response signaling are all signaling based on a 64-bit video networking protocol encapsulation.
The embodiment of the invention adds an authentication mechanism for the terminal to be accessed, the video network server and the video network terminal can negotiate related information of an authentication process in advance, and when the terminal is to be accessed into the video network, the video network server can verify whether the terminal is allowed to be accessed into the network, so that the problem of data leakage in the video network after the terminal which is not the video network is accessed into the video network is avoided, and the security of the video network data is improved.
EXAMPLE five
Referring to fig. 10, a block diagram of a terminal network access device according to a fifth embodiment of the present invention is shown. The device can be applied to the video network, and particularly applied to the video network terminal.
The terminal network access device of the embodiment may include the following modules located in the video network terminal:
a second receiving module 1001, configured to receive an authentication signaling sent by the video networking server; the authentication signaling comprises equipment authentication information, and the equipment authentication information is obtained by acquiring initial authentication data and performing authentication processing on the initial authentication data after the video network server receives a connection response signaling sent by the video network terminal;
a recovery module 1002, configured to perform recovery processing on the device authentication information to obtain recovered authentication data;
a second sending module 1003, configured to return an authentication response signaling to the video networking server; the authentication response signaling comprises the recovered authentication data; and the recovered authentication data and the initial authentication data are used as the basis for the video network server to determine whether the video network terminal is allowed to access the network.
Preferably, the device authentication information is generated by encrypting the initial authentication data by the internet of view server by using a preset authentication encryption algorithm to obtain encrypted authentication data, and according to the encrypted authentication data and the type of the authentication encryption algorithm. Correspondingly, the recovering module 1002 may be specifically configured to decrypt the encrypted authentication data by using the authentication encryption algorithm to obtain recovered authentication data.
Preferably, the device authentication information is generated by the video network server by compressing the initial authentication data by using a preset authentication compression algorithm, encrypting the initial authentication data by using a preset authentication encryption algorithm to obtain compressed and encrypted authentication data, and generating the authentication information according to the compressed and encrypted authentication data, the type of the authentication compression algorithm, and the type of the authentication encryption algorithm. Correspondingly, the recovering module 1002 may be specifically configured to decrypt the authentication data after the compression and encryption by using the authentication encryption algorithm, and decompress the authentication data by using the authentication compression algorithm to obtain the recovered authentication data.
The embodiment of the invention avoids the problem of data leakage in the video network after the terminal of the non-video network is accessed into the video network, and improves the security of the video network data.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The terminal network access method and the terminal network access device provided by the invention are described in detail, and the principle and the implementation mode of the invention are explained by applying specific examples, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A terminal network access method is applied to a video network, and is characterized by comprising the following steps:
after receiving a connection response signaling sent by a video network terminal, a video network server acquires initial authentication data and performs authentication processing on the initial authentication data to obtain equipment authentication information;
the video networking server sends an authentication signaling to the video networking terminal; the authentication signaling comprises the device authentication information;
the video network server receives an authentication response signaling returned by the video network terminal aiming at the authentication signaling; the authentication response signaling comprises recovered authentication data, and the recovered authentication data is obtained by recovering the equipment authentication information by the video networking terminal;
and the video network server determines whether to allow the video network terminal to access the network according to the recovered authentication data and the initial authentication data.
2. The method according to claim 1, wherein the step of performing the authentication process on the initial authentication data to obtain the device authentication information comprises:
the video network server encrypts the initial authentication data by adopting a preset authentication encryption algorithm to obtain encrypted authentication data;
the video network server generates equipment authentication information according to the encrypted authentication data and the type of the authentication encryption algorithm;
and the recovered authentication data is obtained by decrypting the encrypted authentication data by the video networking terminal by adopting the authentication encryption algorithm.
3. The method according to claim 1, wherein the step of performing the authentication process on the initial authentication data to obtain the device authentication information comprises:
the video network server compresses the initial authentication data by adopting a preset authentication compression algorithm and encrypts the initial authentication data by adopting a preset authentication encryption algorithm to obtain authentication data after compression and encryption;
the video network server generates equipment authentication information according to the authentication data after compression and encryption, the type of the authentication compression algorithm and the type of the authentication encryption algorithm;
and the recovered authentication data is obtained by decrypting the authentication data after compression and encryption by the video network terminal by adopting the authentication encryption algorithm and decompressing by adopting the authentication compression algorithm.
4. The method according to claim 1, wherein the step of determining whether to allow the terminal of the video network to access the network by the server of the video network according to the recovered authentication data and the initial authentication data comprises:
the video network server compares the recovered authentication data with the initial authentication data;
and if the recovered authentication data is consistent with the initial authentication data, determining that the video networking terminal is allowed to access the network.
5. The method of claim 1, wherein the connection response signaling, the authentication signaling, and the authentication response signaling are signaling based on a 64-bit video networking protocol encapsulation.
6. A terminal network access method is applied to a video network, and is characterized by comprising the following steps:
the video network terminal receives an authentication signaling sent by the video network server; the authentication signaling comprises equipment authentication information, and the equipment authentication information is obtained by acquiring initial authentication data and performing authentication processing on the initial authentication data after the video network server receives a connection response signaling sent by the video network terminal;
the video network terminal recovers the equipment authentication information to obtain recovered authentication data;
the video network terminal returns an authentication response signaling to the video network server; the authentication response signaling comprises the recovered authentication data; and the recovered authentication data and the initial authentication data are used as the basis for the video network server to determine whether the video network terminal is allowed to access the network.
7. The method of claim 6,
the equipment authentication information is generated by the video network server by encrypting the initial authentication data by adopting a preset authentication encryption algorithm to obtain encrypted authentication data and according to the encrypted authentication data and the type of the authentication encryption algorithm;
the step that the video network terminal recovers the equipment authentication information to obtain recovered authentication data comprises the following steps:
and the video network terminal decrypts the encrypted authentication data by adopting the authentication encryption algorithm to obtain the recovered authentication data.
8. The method of claim 6,
the equipment authentication information is generated by the video network server by compressing the initial authentication data by adopting a preset authentication compression algorithm, encrypting by adopting a preset authentication encryption algorithm to obtain compressed and encrypted authentication data and according to the compressed and encrypted authentication data, the type of the authentication compression algorithm and the type of the authentication encryption algorithm;
the step that the video network terminal recovers the equipment authentication information to obtain recovered authentication data comprises the following steps:
and the video network terminal decrypts the authentication data after the compression and encryption by adopting the authentication and encryption algorithm and decompresses by adopting the authentication and compression algorithm to obtain the recovered authentication data.
9. A terminal network access device is applied to a video network, and comprises:
the authentication module is used for acquiring initial authentication data after receiving a connection response signaling sent by the video networking terminal, and authenticating the initial authentication data to obtain equipment authentication information;
the first sending module is used for sending an authentication signaling to the video networking terminal; the authentication signaling comprises the device authentication information;
the first receiving module is used for receiving an authentication response signaling returned by the video network terminal aiming at the authentication signaling; the authentication response signaling comprises recovered authentication data, and the recovered authentication data is obtained by recovering the equipment authentication information by the video networking terminal;
and the determining module is used for determining whether the video network terminal is allowed to access the network according to the recovered authentication data and the initial authentication data.
10. A terminal network access device is applied to a video network, and comprises:
the second receiving module is used for receiving the authentication signaling sent by the video network server; the authentication signaling comprises equipment authentication information, and the equipment authentication information is obtained by acquiring initial authentication data and performing authentication processing on the initial authentication data after the video network server receives a connection response signaling sent by the video network terminal;
the recovery module is used for recovering the equipment authentication information to obtain recovered authentication data;
the second sending module is used for returning an authentication response signaling to the video networking server; the authentication response signaling comprises the recovered authentication data; and the recovered authentication data and the initial authentication data are used as the basis for the video network server to determine whether the video network terminal is allowed to access the network.
CN201810760140.7A 2018-07-11 2018-07-11 Terminal network access method and device Active CN110719247B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810760140.7A CN110719247B (en) 2018-07-11 2018-07-11 Terminal network access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810760140.7A CN110719247B (en) 2018-07-11 2018-07-11 Terminal network access method and device

Publications (2)

Publication Number Publication Date
CN110719247A true CN110719247A (en) 2020-01-21
CN110719247B CN110719247B (en) 2021-09-10

Family

ID=69208252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810760140.7A Active CN110719247B (en) 2018-07-11 2018-07-11 Terminal network access method and device

Country Status (1)

Country Link
CN (1) CN110719247B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314725A (en) * 2020-02-19 2020-06-19 安徽文香信息技术有限公司 Live broadcast access method, system, equipment and computer storage medium
CN112291072A (en) * 2020-12-28 2021-01-29 视联动力信息技术股份有限公司 Secure video communication method, device, equipment and medium based on management plane protocol
CN112637643A (en) * 2020-12-08 2021-04-09 视联动力信息技术股份有限公司 Networking method and device of mobile terminal, terminal equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468115A (en) * 2013-10-28 2015-03-25 安信通科技(澳门)有限公司 Information system access authentication method and device
CN104980920A (en) * 2015-05-20 2015-10-14 小米科技有限责任公司 Method and device for establishing communication connection of intelligent terminal
CN106453269A (en) * 2016-09-21 2017-02-22 东软集团股份有限公司 Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system
WO2017119564A1 (en) * 2016-01-05 2017-07-13 (주)코인플러그 Secure information transmitting system and method for personal identity authentication
CN107959602A (en) * 2016-10-14 2018-04-24 北京视联动力国际信息技术有限公司 A kind of method of network entry and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468115A (en) * 2013-10-28 2015-03-25 安信通科技(澳门)有限公司 Information system access authentication method and device
CN104980920A (en) * 2015-05-20 2015-10-14 小米科技有限责任公司 Method and device for establishing communication connection of intelligent terminal
WO2017119564A1 (en) * 2016-01-05 2017-07-13 (주)코인플러그 Secure information transmitting system and method for personal identity authentication
CN106453269A (en) * 2016-09-21 2017-02-22 东软集团股份有限公司 Internet of Vehicles safety communication method, vehicle-mounted terminal, server and system
CN107959602A (en) * 2016-10-14 2018-04-24 北京视联动力国际信息技术有限公司 A kind of method of network entry and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111314725A (en) * 2020-02-19 2020-06-19 安徽文香信息技术有限公司 Live broadcast access method, system, equipment and computer storage medium
CN112637643A (en) * 2020-12-08 2021-04-09 视联动力信息技术股份有限公司 Networking method and device of mobile terminal, terminal equipment and storage medium
CN112291072A (en) * 2020-12-28 2021-01-29 视联动力信息技术股份有限公司 Secure video communication method, device, equipment and medium based on management plane protocol
CN112291072B (en) * 2020-12-28 2021-03-26 视联动力信息技术股份有限公司 Secure video communication method, device, equipment and medium based on management plane protocol

Also Published As

Publication number Publication date
CN110719247B (en) 2021-09-10

Similar Documents

Publication Publication Date Title
CN110430043B (en) Authentication method, system and device and storage medium
CN110557680B (en) Audio and video data frame transmission method and system
CN109769123B (en) Method and system for processing video networking data
CN109672664B (en) Authentication method and system for video networking terminal
CN110061962B (en) Method and device for transmitting video stream data
CN110392044B (en) Information transmission method and device based on video networking
CN112333210B (en) Method and equipment for realizing data communication function of video network
CN109977137B (en) Data query method and device
CN110719247B (en) Terminal network access method and device
CN111107060B (en) Login request processing method, server, electronic equipment and storage medium
CN111786778A (en) Method and device for updating key
CN110661784B (en) User authentication method, device and storage medium
CN109905627B (en) Method and device for recording audio and video stream data
CN109347844B (en) Method and device for accessing equipment to Internet
CN112203149B (en) Video networking software updating method and device based on domestic password
CN111556376B (en) Digital certificate signing and issuing method and device and computer readable storage medium
CN110535856B (en) User authentication method, device and storage medium
CN109376507B (en) Data security management method and system
CN110012063B (en) Data packet processing method and system
CN108965366B (en) Version information query method and device
CN109617858B (en) Encryption method and device for streaming media link
CN112291592B (en) Control plane protocol-based secure video communication method, device, equipment and medium
CN110830762A (en) Audio and video data processing method and system
CN109639627B (en) Encryption mode switching method and device
CN110620936B (en) Video network video backup method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant