CN111654503A - Remote control method, device, equipment and storage medium - Google Patents
Remote control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111654503A CN111654503A CN202010513557.0A CN202010513557A CN111654503A CN 111654503 A CN111654503 A CN 111654503A CN 202010513557 A CN202010513557 A CN 202010513557A CN 111654503 A CN111654503 A CN 111654503A
- Authority
- CN
- China
- Prior art keywords
- symmetric key
- managed
- controlled
- information
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000008569 process Effects 0.000 claims abstract description 25
- 238000007726 management method Methods 0.000 claims description 63
- 238000004590 computer program Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 abstract description 13
- 230000000694 effects Effects 0.000 abstract 1
- 230000000875 corresponding effect Effects 0.000 description 12
- 230000001276 controlling effect Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004883 computer application Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
Abstract
The application discloses a remote control method, which is applied to remote control equipment and comprises the following steps: determining to establish connection with a controlled device; negotiating a symmetric key with a managed device; in the process of managing and controlling the controlled equipment, the control instruction is encrypted by using the symmetric key and then sent to the controlled equipment, and the controlled equipment encrypts feedback information by using the symmetric key and then returns the feedback information to the remote management and control equipment. By applying the technical scheme provided by the embodiment of the application, no matter the control instruction sent by the remote control device to the controlled device or the feedback information sent by the controlled device to the remote control device is encrypted by the negotiated symmetric key and then transmitted, the security of the related message in the network transmission process in the control process can be improved, the risk of interception and tampering is reduced, and the normal operation of the controlled device can be ensured. The application also discloses a remote control device, equipment and a storage medium, and the remote control device, the equipment and the storage medium have corresponding technical effects.
Description
Technical Field
The present application relates to the field of computer application technologies, and in particular, to a remote control method, apparatus, device, and storage medium.
Background
With the rapid development of computer technology and network technology, there is an increasing demand for remote control of network devices. And most network devices such as switches, routers, and wireless devices in homes, offices, and public places have a remote terminal management function. The network devices can be remotely controlled through the remote control device.
At present, in the process of remote control, control related messages are mostly transmitted in a plaintext mode, and are easily intercepted and tampered in the network transmission process, so that safety risks are brought to normal operation of controlled equipment.
Disclosure of Invention
The application aims to provide a remote control method, a remote control device, a remote control equipment and a storage medium, so that the security of related messages in a network transmission process in a control process is improved, and the risk of interception and tampering is reduced.
In order to solve the technical problem, the application provides the following technical scheme:
a remote management and control method is applied to remote management and control equipment and comprises the following steps:
determining to establish connection with a controlled device;
negotiating a symmetric key with the managed device;
and in the process of managing and controlling the managed and controlled equipment, after encrypting a control instruction by using the symmetric key, sending the encrypted control instruction to the managed and controlled equipment, and after encrypting feedback information by using the symmetric key, returning the encrypted feedback information to the remote management and control equipment by using the managed and controlled equipment.
In a specific embodiment of the present application, the determining to establish a connection with a managed device includes:
sending a connection request to the managed device;
receiving an authentication instruction returned by the controlled equipment, wherein the authentication instruction carries information to be authenticated;
signing the information to be authenticated to obtain signature information, and sending the signature information to the controlled equipment;
and determining to establish connection with the managed device under the condition of receiving authentication success information returned by the managed device.
In a specific embodiment of the present application, the signing the to-be-authenticated information includes:
and signing the information to be authenticated by using a pre-obtained asymmetric key.
In a specific embodiment of the present application, after obtaining the signature information, the method further includes:
carrying out integrity check on the signature information;
and under the condition that the signature information is confirmed to be complete, the step of sending the signature information to the managed device is executed.
In a specific embodiment of the present application, after the receiving the authentication instruction returned by the managed device and before the signing the to-be-authenticated information, the method further includes:
performing identity authentication on an operator;
and if the authentication is passed, executing the step of signing the information to be authenticated.
In a specific embodiment of the present application, the negotiating a symmetric key with the managed device includes:
obtaining a random number which is the same as the random number obtained by the managed device;
and generating a symmetric key based on the random number by using the same key generation algorithm as the managed device respectively.
In a specific embodiment of the present application, the negotiating a symmetric key with the managed device includes:
generating a symmetric key; after encrypting the symmetric key by using a public key obtained in advance, sending the encrypted symmetric key to the controlled device, and decrypting by using a private key by the controlled device to obtain the symmetric key;
alternatively, the first and second electrodes may be,
receiving a symmetric key which is sent by the managed and controlled equipment and encrypted by using a public key; and obtaining the symmetric key by using private key decryption.
A remote management and control device is applied to remote management and control equipment, and comprises:
the connection establishment determining module is used for determining the establishment of connection with the controlled equipment;
the key negotiation module is used for negotiating a symmetric key with the managed and controlled equipment;
and the device management and control module is used for encrypting a control instruction by using the symmetric key and then sending the encrypted control instruction to the managed and controlled device in the process of managing and controlling the managed and controlled device, and the managed and controlled device returns feedback information to the remote management and control device after encrypting the feedback information by using the symmetric key.
A remote management and control device, comprising:
a memory for storing a computer program;
a processor, configured to implement the steps of any one of the above remote control methods when executing the computer program.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of any of the above described remote management methods.
By applying the technical scheme provided by the embodiment of the application, after the remote control device determines to establish connection with the controlled device and negotiates a symmetric key with the controlled device, in the process of managing and controlling the controlled device, no matter a control instruction sent by the remote control device to the controlled device or feedback information sent by the controlled device to the remote control device is encrypted by the negotiated symmetric key and then transmitted, so that even if the control instruction or the feedback information is intercepted in the transmission process, the control instruction or the feedback information is not easily tampered because of encryption, the security of a related message in the network transmission process in the management and control process can be improved, the risk of tampering is reduced, and the normal operation of the controlled device can be guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating an implementation of a remote management and control method in an embodiment of the present application;
fig. 2 is an overall structural diagram of a remote management and control system in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a remote management and control device according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a remote management and control device in an embodiment of the present application.
Detailed Description
The core of the application is to provide a remote control method, and the method can be applied to remote control equipment. After the remote control device determines to establish connection with the controlled device, a symmetric key can be negotiated with the controlled device, in the process of controlling the controlled device, the symmetric key can be used for encrypting the control instruction and then sending the encrypted control instruction to the controlled device, and similarly, the controlled device can also use the symmetric key to encrypt feedback information and then return the encrypted feedback information to the remote control device. In the process that the remote control device controls the controlled device, no matter the control instruction or the feedback information is transmitted after being encrypted, so that the safety of the related message in the network transmission process in the control process can be improved, and the risk of interception and tampering is reduced.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a flowchart of an implementation of a remote management and control method provided in an embodiment of the present application is shown, where the method may include the following steps:
s110: and determining to establish connection with the managed device.
In this embodiment of the application, the remote control device may be a terminal device such as a computer and a tablet computer, the controlled device may be a network device such as a server, a switch and a router, and the controlled device may run an operating system such as Windows and Linux.
The remote management and control device may initiate a connection request to the managed device, and after obtaining a response of the managed device, may determine to establish a connection with the managed device.
Or, when the remote control device establishes connection with the controlled device, the remote control device and the controlled device may perform corresponding identity authentication first, and if the authentication passes, the remote control device determines to establish connection with the controlled device.
S120: and negotiating a symmetric key with the managed device.
After the remote control device determines to establish connection with the controlled device, the remote control device may negotiate a set of symmetric keys with the controlled device in a negotiation manner.
S130: in the process of managing and controlling the controlled equipment, the control instruction is encrypted by using the symmetric key and then sent to the controlled equipment, and the controlled equipment encrypts feedback information by using the symmetric key and then returns the feedback information to the remote management and control equipment.
After the remote management and control device determines to establish connection with the managed and controlled device and negotiates a symmetric key with the managed and controlled device, the remote management and control device and the managed and controlled device both have the same symmetric key. The remote management device may manage the managed device.
In the process that the remote control device controls the controlled device, a control instruction needs to be sent to the controlled device, and the controlled device also returns feedback information after corresponding actions are executed based on the control instruction to the remote control device. In order to improve the security of the control related message in the network transmission process, in the embodiment of the present application, the remote control device may encrypt the control instruction by using the negotiated symmetric key and send the encrypted control instruction to the controlled device when performing the control on the controlled device. The managed device receives the encrypted control instruction, may decrypt the encrypted control instruction using the symmetric key, obtains the decrypted control instruction, and may then perform a corresponding action based on the control instruction. After the controlled device executes the corresponding action, the negotiated symmetric key can be used for encrypting the feedback information and returning the encrypted feedback information to the remote control device, so that the remote control device decrypts the feedback information by using the same symmetric key, can obtain the decrypted feedback information, and can analyze and display the decrypted feedback information.
After the remote control device and the controlled device encrypt the relevant information by using the negotiated symmetric key, integrity check may be further performed on the encrypted data, for example, data integrity check processing is performed by using a national cryptographic HASH algorithm such as SM 3.
The embodiment of the present application will be described with reference to the system configuration shown in fig. 2.
The system may include a remote policing device and a policed device. The method comprises the steps that a client can be deployed on the remote control device, a server can be deployed on the controlled device, the remote control device and the controlled device can be connected through socket connection of the client and the server, and a symmetric key is negotiated. The method comprises the steps that a master fake terminal and a slave fake terminal can be deployed in a managed device provided with a Linux operating system. The method comprises the steps that during the process of managing and controlling the controlled equipment by the remote management and control equipment, a client side of the remote management and control equipment can encrypt a control instruction by using a symmetric key and then sends the encrypted control instruction to a server side of the controlled equipment, the server side of the controlled equipment can decrypt the encrypted control instruction by using the symmetric key after receiving the encrypted control instruction to obtain the decrypted control instruction, then the decrypted control instruction is sent to a pseudo terminal of the controlled equipment, the pseudo terminal logs in the controlled equipment, corresponding actions are executed based on the control instruction, after the corresponding actions are executed, feedback information is returned to the server side, and the server side encrypts the feedback information by using the negotiated symmetric key and then sends the encrypted feedback information to the client side of the remote management and control equipment. The server side of the managed and controlled device can communicate with the pseudo terminal through a pipeline, and the pseudo terminal is provided with a standard input stdin interface and a standard output stdout interface.
By applying the method provided by the embodiment of the application, after the remote control device determines to establish connection with the controlled device and negotiates a symmetric key with the controlled device, in the process of managing and controlling the controlled device, no matter a control instruction sent by the remote control device to the controlled device or feedback information sent by the controlled device to the remote control device is encrypted by the negotiated symmetric key and then transmitted, so that even if the control instruction or the feedback information is intercepted in the transmission process, the control instruction or the feedback information is not easily tampered because of encryption, the security of a related message in the network transmission process in the management and control process can be improved, the risk of tampering is reduced, and the normal operation of the controlled device can be ensured.
In one embodiment of the present application, step S110 may include the steps of:
the method comprises the following steps: sending a connection request to the managed device;
step two: receiving an authentication instruction returned by the controlled equipment, wherein the authentication instruction carries information to be authenticated;
step three: signing the information to be authenticated to obtain signature information, and sending the signature information to the controlled equipment;
step four: and determining to establish connection with the managed device under the condition of receiving authentication success information returned by the managed device.
For convenience of description, the above four steps are combined for illustration.
In practical applications, the remote management and control device may send a connection request to the managed device according to practical needs. After receiving a connection request of the remote control device, the controlled device may return an authentication instruction to the remote control device, where the authentication instruction may carry information to be authenticated, and the information to be authenticated may include information such as a version number, a random number, and an algorithm suite.
After receiving the authentication instruction returned by the controlled device, the remote control device may sign the information to be authenticated to obtain signature information, and then send the signature information to the controlled device, and the controlled device may perform identity authentication on the remote control device based on the signature information. Specifically, the managed device may sign the information to be authenticated using the same algorithm, compare the obtained signature information with the received signature information, and if the obtained signature information is consistent with the received signature information, determine that the authentication passes, and if the obtained signature information is inconsistent with the received signature information, determine that the authentication fails.
After the authentication is passed, the managed device may return authentication success information to the remote management device. If the authentication is not passed, the managed device may not respond, or may return authentication failure information to the remote management device. The remote management and control device may determine to establish connection with the managed and controlled device and may continue to perform operations such as further symmetric key agreement and device management and control, when receiving the authentication success information returned by the managed and controlled device. When receiving authentication failure information returned by the managed device, or receiving no information returned by the managed device within a set time period, the remote management device may determine that a connection is not currently established with the managed device, and may repeat sending a connection request to the managed device and the following steps. If the repeated execution times reaches the set time threshold, alarm information can be output, so that an operator can check problems in time.
After the identity authentication is passed, it is determined that the connection between the remote control device and the controlled device is established, and then further operations such as symmetric key agreement and device control can be performed, so that it can be ensured that the controlled device is controlled by the legal remote control device, and the controlled device is the legal controlled device.
In a specific embodiment of the present application, the to-be-authenticated information may be signed by using a pre-obtained asymmetric key, so as to obtain signature information.
In practical application, a set of certificate and asymmetric key supporting the cryptographic algorithm may be issued in advance for the remote control device and the controlled device. The certificate and the asymmetric key can adopt a single-certificate mode or a double-certificate mode. The single certificate mode refers to that the same certificate and the corresponding asymmetric key are adopted for data signature and encryption in the operation process; the double-certificate mode is that in the operation process, different certificates and corresponding symmetric keys are respectively adopted for signature and encryption.
After receiving an authentication instruction returned by the controlled device, the remote control device can obtain information to be authenticated of the controlled device, signs the information to be authenticated by using a pre-obtained asymmetric key to obtain signature information, and then sends the signature information to the controlled device.
In a specific embodiment of the present application, after the signature information is obtained, integrity verification may be performed on the signature information, and in a case that it is determined that the signature information is complete, the step of sending the signature information to the managed device is performed. This can avoid incomplete information from interfering with the accuracy of identity authentication.
In a specific embodiment of the application, after receiving the authentication instruction returned by the controlled device and before signing the information to be authenticated, the remote control device may further perform identity authentication on the operator, and if the authentication passes, may perform the step of signing the information to be authenticated.
The identity authentication of the operator can be carried out in a password mode, a USBKEY mode, a fingerprint mode and the like so as to strengthen the safety authentication and confirm the legality of the operator. The control operation of an illegal operator on the controlled equipment is effectively avoided.
In an embodiment of the present application, the remote management and control device and the managed device may negotiate a symmetric key by:
the method comprises the following steps: obtaining a random number which is the same as the random number obtained by the managed device;
step two: and generating symmetric keys based on random numbers by using the same key generation algorithm as the managed and controlled equipment respectively.
In the embodiment of the present application, the remote policing device and the policed device may obtain the same random number.
For example, the managed device may generate a random number, and the information to be authenticated carried in the authentication instruction sent to the remote management device may include information of the random number. The remote control device can obtain the random number after receiving the authentication instruction.
During the interaction process, the remote management device and the managed device may perform encryption processing on the transmission data, for example, using a cryptographic algorithm such as SM1, SM4, and the like.
Then, the remote management and control device and the controlled device may respectively use the same key generation algorithm to generate a symmetric key based on the random number, so that the remote management and control device and the controlled device have the same symmetric key. The symmetric key can be used for encryption and decryption operations of corresponding information.
In another embodiment of the present application, the remote management device and the managed device may negotiate a symmetric key by:
generating a symmetric key; encrypting the symmetric key by using a public key obtained in advance, sending the encrypted symmetric key to the controlled equipment, and decrypting by using a private key by the controlled equipment to obtain the symmetric key;
or, receiving a symmetric key which is sent by the controlled device and encrypted by using the public key; the symmetric key is obtained by using the private key for decryption.
In this embodiment of the present application, the remote management and control device may generate a symmetric key, encrypt the symmetric key using a public key obtained in advance, and send the encrypted symmetric key to the managed and controlled device, so that the managed and controlled device obtains the encrypted symmetric key. The managed device can decrypt the key by using a private key to obtain a symmetric key.
Or, the controlled device may generate a symmetric key, encrypt the symmetric key using a public key obtained in advance, and send the encrypted symmetric key to the remote control device, so that the remote control device obtains the encrypted symmetric key. The remote management and control device can decrypt the key by using a private key to obtain a symmetric key.
Corresponding to the above method embodiment, an embodiment of the present application further provides a remote management and control apparatus, which is applied to a remote management and control device, and the remote management and control apparatus described below and the remote management and control method described above may be referred to in correspondence.
Referring to fig. 3, the apparatus may include the steps of:
a connection establishment determination module 310, configured to determine to establish a connection with a managed device;
a key negotiation module 320, configured to negotiate a symmetric key with a managed device;
the device management and control module 330 is configured to encrypt the control instruction by using the symmetric key in the management and control process of the managed and controlled device, send the encrypted control instruction to the managed and controlled device, encrypt the feedback information by using the symmetric key by the managed and controlled device, and return the encrypted feedback information to the remote management and control device.
By applying the device provided by the embodiment of the application, after the remote control device determines to establish connection with the controlled device and negotiates a symmetric key with the controlled device, in the process of managing and controlling the controlled device, no matter a control instruction sent by the remote control device to the controlled device or feedback information sent by the controlled device to the remote control device is encrypted by the negotiated symmetric key and then transmitted, so that even if the control instruction or the feedback information is intercepted in the transmission process, the control instruction or the feedback information is not easily tampered because of encryption, the security of a related message in the network transmission process in the management and control process can be improved, the risk of tampering is reduced, and the normal operation of the controlled device can be guaranteed.
In one embodiment of the present application, the connection establishment determining module 310 is configured to:
sending a connection request to the managed device;
receiving an authentication instruction returned by the controlled equipment, wherein the authentication instruction carries information to be authenticated;
signing the information to be authenticated to obtain signature information, and sending the signature information to the controlled equipment;
and determining to establish connection with the managed device under the condition of receiving authentication success information returned by the managed device.
In one embodiment of the present application, the connection establishment determining module 310 is configured to:
and signing the information to be authenticated by using the asymmetric key obtained in advance.
In one embodiment of the present application, the connection establishment determining module 310 is further configured to:
after the signature information is obtained, carrying out integrity check on the signature information;
and in the case of confirming that the signature information is complete, executing the step of sending the signature information to the managed device.
In one embodiment of the present application, the connection establishment determining module 310 is further configured to:
after receiving an authentication instruction returned by the controlled equipment and before signing the information to be authenticated, performing identity authentication on an operator;
and if the authentication is passed, executing the step of signing the information to be authenticated.
In one embodiment of the present application, the key agreement module 320 is configured to:
obtaining a random number which is the same as the random number obtained by the managed device;
and generating symmetric keys based on random numbers by using the same key generation algorithm as the managed and controlled equipment respectively.
In one embodiment of the present application, the key agreement module 320 is configured to:
generating a symmetric key; encrypting the symmetric key by using a public key obtained in advance, sending the encrypted symmetric key to the controlled equipment, and decrypting by using a private key by the controlled equipment to obtain the symmetric key;
alternatively, the first and second electrodes may be,
receiving a symmetric key which is sent by the controlled equipment and encrypted by using a public key; the symmetric key is obtained by using the private key for decryption.
Corresponding to the above method embodiment, an embodiment of the present application further provides a remote management and control device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the remote control method when executing the computer program.
As shown in fig. 4, in order to illustrate a composition structure of the remote management and control device, the remote management and control device may include: a processor 10, a memory 11, a communication interface 12 and a communication bus 13. The processor 10, the memory 11 and the communication interface 12 all communicate with each other through a communication bus 13.
In the embodiment of the present application, the processor 10 may be a Central Processing Unit (CPU), an application specific integrated circuit, a digital signal processor, a field programmable gate array or other programmable logic device, etc.
The processor 10 may call a program stored in the memory 11, and in particular, the processor 10 may perform operations in an embodiment of the remote management method.
The memory 11 is used for storing one or more programs, the program may include program codes, the program codes include computer operation instructions, in this embodiment, the memory 11 stores at least the program for implementing the following functions:
determining to establish connection with a controlled device;
negotiating a symmetric key with a managed device;
in the process of managing and controlling the controlled equipment, the control instruction is encrypted by using the symmetric key and then sent to the controlled equipment, and the controlled equipment encrypts feedback information by using the symmetric key and then returns the feedback information to the remote management and control equipment.
In one possible implementation, the memory 11 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function (such as a network connection function and a data transmission function), and the like; the storage data area may store data created during use, such as key data, instruction data, and the like.
Further, the memory 11 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device or other volatile solid state storage device.
The communication interface 13 may be an interface of a communication module for connecting with other devices or systems.
Of course, it should be noted that the structure shown in fig. 4 does not constitute a limitation on the remote management device in the embodiment of the present application, and in practical applications, the remote management device may include more or less components than those shown in fig. 4, or some components may be combined.
Corresponding to the above method embodiment, this application embodiment further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the above remote management and control method are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The principle and the implementation of the present application are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A remote management and control method is applied to remote management and control equipment, and comprises the following steps:
determining to establish connection with a controlled device;
negotiating a symmetric key with the managed device;
and in the process of managing and controlling the managed and controlled equipment, after encrypting a control instruction by using the symmetric key, sending the encrypted control instruction to the managed and controlled equipment, and after encrypting feedback information by using the symmetric key, returning the encrypted feedback information to the remote management and control equipment by using the managed and controlled equipment.
2. The method of claim 1, wherein the determining to establish a connection with a managed device comprises:
sending a connection request to the managed device;
receiving an authentication instruction returned by the controlled equipment, wherein the authentication instruction carries information to be authenticated;
signing the information to be authenticated to obtain signature information, and sending the signature information to the controlled equipment;
and determining to establish connection with the managed device under the condition of receiving authentication success information returned by the managed device.
3. The method of claim 2, wherein the signing the information to be authenticated comprises:
and signing the information to be authenticated by using a pre-obtained asymmetric key.
4. The method of claim 2, wherein after the obtaining the signature information, further comprising:
carrying out integrity check on the signature information;
and under the condition that the signature information is confirmed to be complete, the step of sending the signature information to the managed device is executed.
5. The method according to claim 2, wherein after the receiving of the authentication instruction returned by the managed device and before the signing of the information to be authenticated, further comprising:
performing identity authentication on an operator;
and if the authentication is passed, executing the step of signing the information to be authenticated.
6. The method according to any one of claims 1 to 5, wherein said negotiating a symmetric key with the managed device comprises:
obtaining a random number which is the same as the random number obtained by the managed device;
and generating a symmetric key based on the random number by using the same key generation algorithm as the managed device respectively.
7. The method according to any one of claims 1 to 5, wherein said negotiating a symmetric key with the managed device comprises:
generating a symmetric key; after encrypting the symmetric key by using a public key obtained in advance, sending the encrypted symmetric key to the controlled device, and decrypting by using a private key by the controlled device to obtain the symmetric key;
alternatively, the first and second electrodes may be,
receiving a symmetric key which is sent by the managed and controlled equipment and encrypted by using a public key; and obtaining the symmetric key by using private key decryption.
8. A remote control device is applied to remote control equipment, and comprises:
the connection establishment determining module is used for determining the establishment of connection with the controlled equipment;
the key negotiation module is used for negotiating a symmetric key with the managed and controlled equipment;
and the device management and control module is used for encrypting a control instruction by using the symmetric key and then sending the encrypted control instruction to the managed and controlled device in the process of managing and controlling the managed and controlled device, and the managed and controlled device returns feedback information to the remote management and control device after encrypting the feedback information by using the symmetric key.
9. A remote management and control device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the remote management method according to any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the remote management method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010513557.0A CN111654503A (en) | 2020-06-08 | 2020-06-08 | Remote control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010513557.0A CN111654503A (en) | 2020-06-08 | 2020-06-08 | Remote control method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111654503A true CN111654503A (en) | 2020-09-11 |
Family
ID=72349046
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010513557.0A Pending CN111654503A (en) | 2020-06-08 | 2020-06-08 | Remote control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111654503A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113823401A (en) * | 2020-09-28 | 2021-12-21 | 上海联影医疗科技股份有限公司 | System and method for controlling a device |
| CN115412917A (en) * | 2022-08-11 | 2022-11-29 | 浪潮思科网络科技有限公司 | Data processing method, device, equipment and medium of switch |
| WO2023034744A1 (en) * | 2021-08-30 | 2023-03-09 | Qualcomm Incorporated | Encoding and decoding acknowledgement sequences |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588245A (en) * | 2009-06-24 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | A kind of method of authentication, system and memory device |
| CN106060073A (en) * | 2016-07-07 | 2016-10-26 | 北京信长城技术研究院 | Channel key negotiation method |
| CN106357403A (en) * | 2016-11-23 | 2017-01-25 | 神州融安科技(北京)有限公司 | Device and method for encryption protection of link communication and safety message processing system |
| CN107395751A (en) * | 2017-08-23 | 2017-11-24 | 绵阳美菱软件技术有限公司 | A kind of remote control system of intelligent household electrical appliance and method |
| CN108809645A (en) * | 2018-07-24 | 2018-11-13 | 南方电网科学研究院有限责任公司 | The method, apparatus and electrical power distribution automatization system of key agreement |
| CN110191086A (en) * | 2019-04-15 | 2019-08-30 | 平安科技(深圳)有限公司 | Intelligentized Furniture remote security control method, device, computer equipment and storage medium |
| CN110381011A (en) * | 2018-12-04 | 2019-10-25 | 天津京东深拓机器人科技有限公司 | A kind of method and apparatus for realizing logistics equipment secure communication |
-
2020
- 2020-06-08 CN CN202010513557.0A patent/CN111654503A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588245A (en) * | 2009-06-24 | 2009-11-25 | 成都市华为赛门铁克科技有限公司 | A kind of method of authentication, system and memory device |
| CN106060073A (en) * | 2016-07-07 | 2016-10-26 | 北京信长城技术研究院 | Channel key negotiation method |
| CN106357403A (en) * | 2016-11-23 | 2017-01-25 | 神州融安科技(北京)有限公司 | Device and method for encryption protection of link communication and safety message processing system |
| CN107395751A (en) * | 2017-08-23 | 2017-11-24 | 绵阳美菱软件技术有限公司 | A kind of remote control system of intelligent household electrical appliance and method |
| CN108809645A (en) * | 2018-07-24 | 2018-11-13 | 南方电网科学研究院有限责任公司 | The method, apparatus and electrical power distribution automatization system of key agreement |
| CN110381011A (en) * | 2018-12-04 | 2019-10-25 | 天津京东深拓机器人科技有限公司 | A kind of method and apparatus for realizing logistics equipment secure communication |
| CN110191086A (en) * | 2019-04-15 | 2019-08-30 | 平安科技(深圳)有限公司 | Intelligentized Furniture remote security control method, device, computer equipment and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113823401A (en) * | 2020-09-28 | 2021-12-21 | 上海联影医疗科技股份有限公司 | System and method for controlling a device |
| CN113823401B (en) * | 2020-09-28 | 2024-03-01 | 上海联影医疗科技股份有限公司 | System and method for controlling devices |
| WO2023034744A1 (en) * | 2021-08-30 | 2023-03-09 | Qualcomm Incorporated | Encoding and decoding acknowledgement sequences |
| CN115412917A (en) * | 2022-08-11 | 2022-11-29 | 浪潮思科网络科技有限公司 | Data processing method, device, equipment and medium of switch |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110380852B (en) | Bidirectional authentication method and communication system | |
| CN108512846B (en) | Bidirectional authentication method and device between terminal and server | |
| EP2999189B1 (en) | Network authentication method for secure electronic transactions | |
| CN107465689B (en) | Key management system and method of virtual trusted platform module in cloud environment | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| CN111435913B (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN110213247B (en) | Method and system for improving safety of pushed information | |
| CN110932850B (en) | Communication encryption method and system | |
| CN112350826A (en) | Industrial control system digital certificate issuing management method and encrypted communication method | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN115065472B (en) | Security chip encryption and decryption method and device based on multi-key encryption and decryption | |
| CN113674456B (en) | Unlocking method, unlocking device, electronic equipment and storage medium | |
| CN110740116B (en) | System and method for multi-application identity authentication | |
| CN112672342A (en) | Data transmission method, device, equipment, system and storage medium | |
| CN112003697A (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| CN110581829A (en) | Communication method and device | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
| CN114218548A (en) | Identity verification certificate generation method, authentication method, device, equipment and medium | |
| CN113868684A (en) | Signature method, device, server, medium and signature system | |
| CN112235276B (en) | Master-slave equipment interaction method, device, system, electronic equipment and computer medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100032 No. 13, West Chang'an Street, Xicheng District, Beijing Applicant after: Network security industry development center of Ministry of industry and information technology Applicant after: Yuweng Information Technology Co.,Ltd. Address before: 100032 No. 13, West Chang'an Street, Xicheng District, Beijing Applicant before: Network security industry development center of Ministry of industry and information technology Applicant before: SHANDONG FISHERMAN INFORMATION TECHNOLOGY CO.,LTD. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200911 |