CN111770087A - Service node verification method and related equipment - Google Patents
Service node verification method and related equipment Download PDFInfo
- Publication number
- CN111770087A CN111770087A CN202010603052.3A CN202010603052A CN111770087A CN 111770087 A CN111770087 A CN 111770087A CN 202010603052 A CN202010603052 A CN 202010603052A CN 111770087 A CN111770087 A CN 111770087A
- Authority
- CN
- China
- Prior art keywords
- service node
- data center
- key
- verification
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 109
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000010200 validation analysis Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 23
- 238000010586 diagram Methods 0.000 description 10
- 230000003993 interaction Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000002085 persistent effect Effects 0.000 description 2
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The embodiment of the application discloses a service node verification method, which comprises the following steps: the method comprises the steps that a data center platform receives a verification request sent by a service node, wherein the verification request comprises signature data and identification information of the service node; the data center platform acquires a special key corresponding to the service node according to the identification information; the data center platform verifying the certified signature data using the private key; and if the verification is passed, allowing the service node to access the service network. The illegal service node cannot generate signature data encrypted by using a specific key, so that the subsequent verification process cannot be completed, and the identity validity of the service node in the service system is ensured. The data security is improved.
Description
Technical Field
The embodiment of the application relates to the field of communication, in particular to a service node verification method and related equipment.
Background
The edge storage technology is a novel storage technology to support the current big data era. Different from a cloud storage technology for storing data in a remote cloud server, an edge storage technology for storing the data in a distributed manner in service nodes adjacent to a data center platform greatly shortens the physical distance between data generation, calculation and storage, has lower network communication overhead, interaction delay and bandwidth cost, and can provide real-time and reliable data storage and access for the data center platform. The data center platform and the service nodes form a service network of an edge storage mode.
When the data center platform calls the service node, the data center platform needs to verify the service node and verify whether the identity of the service node is correct or not so as to ensure that data of the data center platform cannot be written into other malicious equipment or unsafe data can be acquired from other malicious equipment. For the self-built service node, the verification process is generally carried out in the online process of the service node, the specific process comprises that the service node sends an online request, the data center verifies a digital certificate included in the online request to ensure the identity of the service node, and if the verification is successful, data communication between the data center platform and the service node is allowed.
For the service node process of verifying by adopting the digital certificate, because the digital certificate included in the online request is issued by the third-party certification authority, if the certification authority issuing the certificate issues the temporary certificate privately, other illegal service nodes may cause data leakage of the data center platform through the certification process, and harm is caused to the safety of the data.
Disclosure of Invention
A first aspect of an embodiment of the present application provides a service node verification method, including:
the method comprises the steps that a data center platform receives a verification request sent by a service node, wherein the verification request comprises signature data and identification information of the service node;
the data center platform acquires a special key corresponding to the service node according to the identification information;
the data center platform verifying the certified signature data using the private key;
and if the verification is passed, allowing the service node to access the service network.
Based on the first aspect of the embodiment of the present application, optionally, before the receiving, by the data center platform, the verification request sent by the service node, the method further includes:
receiving a private key request sent by a service node;
generating a special key according to the identification information of the service node, wherein the special key corresponds to the identification information one by one;
storing the private key and sending the private key to the service node.
Based on the first aspect of the embodiment of the present application, optionally, the private key is generated according to account information, device information, and/or a timestamp of the service node.
Based on the first aspect of the embodiment of the present application, optionally, the data center platform includes a key server and a data center, and the service node verification method includes:
the key server receives a key request of the service node;
the key server generates a special key corresponding to the identification information of the service node according to the key request;
and the key server sends the special key to the service node and stores the special key and the identification information of the service node in the data center.
Based on the first aspect of the embodiment of the present application, optionally, the data center platform further includes an access authentication server, and the service node authentication method further includes:
the access authentication server receives the authentication request sent by a service node;
the access verification server sends a query request to the data center and judges whether the identification information of the service node is stored in the data center;
if the information of the service node is not stored in the data center, rejecting the verification request of the service node;
if the information of the service node is stored in the data center, acquiring a special key corresponding to the service node from the data center;
and the access verification server verifies the signature data of the service node by adopting the special key acquired from the data center.
A second aspect of the present application provides a service node verification method, including:
the service node generates signature data by using a private key prestored in the service node;
the service node sends a verification request to a data center platform, wherein the verification request comprises the signature data and the identification information of the service node, so that the data center platform verifies the service node.
Based on the second aspect of the embodiment of the present application, optionally, before the service node generates the signature data by using the private key prestored in the service node, the method further includes:
the service node sends a key request, so that the data center platform generates a corresponding specific key according to the identification information and returns the specific key to the service node;
the service node stores the private key.
Based on the second aspect of the embodiment of the present application, optionally, the data center platform includes a key server and a data center, and the service node verification method includes:
the service node sends a key request to the key server;
and the service node receives the special key returned by the key server and stores the special key.
A third aspect of embodiments of the present application provides a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to perform the method according to any one of the first or second aspects of embodiments of the present application.
A fourth aspect of embodiments of the present application provides a computer program product containing instructions, which when executed on a computer, cause the computer to perform the method according to any one of the first or second aspects of embodiments of the present application.
According to the technical scheme, the embodiment of the application has the following advantages: the service node sends a verification request to the data center platform, wherein the verification request comprises verification signature data and identification information of the service node. The signature data is generated from a pre-stored private key. And the data center platform determines a corresponding professional key according to the identification information of the service node, and verifies the signature data by using the special key to obtain a verification result of the service node. For an illegal service node, signature data encrypted by using a specific key cannot be generated, so that a subsequent verification process cannot be completed, and the identity validity of the service node in the service network is ensured. The data security is improved.
Drawings
Fig. 1 is a schematic diagram of a network environment applicable to an implementation process of the service node verification method of the present application;
FIG. 2 is a flowchart illustrating a service node verification method according to an embodiment of the present application;
FIG. 3 is another schematic flow chart diagram illustrating a service node verification method according to an embodiment of the present application;
FIG. 4 is another schematic flow chart diagram illustrating a service node verification method according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of an embodiment of a data center platform of the present application;
FIG. 6 is a schematic structural diagram of an embodiment of a service node of the present application;
FIG. 7 is another schematic structural diagram of an embodiment of a data center platform of the present application;
fig. 8 is another schematic structural diagram of an embodiment of a service node of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
In the use of the edge storage technology, there is a case in an existing service system where a service node that originally did not belong to the service system needs to be accessed. Since the service node does not belong to the service system in advance, the service node cannot be preprocessed, and the hardware configuration and the software condition of the service node are different, the service node is difficult to verify. Based on the application, a new verification method for the service node access process is provided to ensure the validity of the service node and prevent illegal equipment from pretending to be legal equipment to access the service system.
Referring to fig. 1, fig. 1 is a schematic diagram of a network device environment applicable in the implementation process of the present application. In the implementation process of the technical solution provided by the present application, the network device environment includes, but is not limited to, the data center platform 1001 and the service node (1002-1004). Data communication is performed between the data center platform 1001 and the service nodes (1002 and 1004) through a network.
The service node (1002-1004) is responsible for distributed storage of data, and the service node (1002-1004) is a device with a storage function.
The data center platform 1001 is responsible for storing relevant data related to the service node, and correspondingly processes information uploaded by the service node, and can also call data stored by the service node. The data center platform can be a single network server, a server group consisting of a plurality of network servers, or a cloud based on cloud computing consisting of a large number of hosts or network servers.
Referring to fig. 2, an embodiment of a service node verification method according to the present application includes: step 201-step 204.
201. And the data center platform receives a verification request sent by the service node.
The data center platform receives a verification request sent by a service node, wherein the verification request comprises signature data and identification information of the service node. So that the data center platform verifies the verification request. The verification request comprises signature data and identification information of the service node, so that the data center platform obtains the private key corresponding to the service node according to the identification information, wherein the identification information comprises the information of the service node, such as: and information such as the delivery date, the equipment model and the unique equipment identifier is used for enabling the data center platform to confirm the identity of the service node, and further acquiring a key corresponding to the service node so as to finish the verification of the identity of the service node.
202. And the data center platform acquires the special key corresponding to the service node according to the identification information.
And the data center platform acquires the special key corresponding to the service node according to the identification information. And the data center platform acquires the special key corresponding to the service node according to the incidence relation between the identification information and the special key. After receiving the identification information sent by the service node, the data center platform queries its own database according to the identification information to obtain the private key corresponding to the service node, specifically, the database may be queried by using the unique device identifier to obtain the corresponding private key, and the specific form may be determined according to the actual situation, which is not limited herein. The private key is stored in the data center platform and has a corresponding relationship with the service node.
203. The data center platform verifies the certified signature data using the private key.
The data center platform verifies the signature data using the private key. The signature data is generated by the service node by using the special key, so that the data center platform can decrypt the signature data by using the corresponding special key, the decrypted result can be the request of the service node to the data center platform or some characteristic data of the service node, the result obtained after the data center platform decrypts by using the special key can be identified by the data center platform, the signature data can be determined to be correct, and the data center platform can only verify the signature part of the service node in the signature data, so as to ensure that the service node is rapidly identified. The specific form can be determined according to the actual situation, and is not limited herein. The data center platform uses the private key to verify whether the signature data is correct, if the result of the determination is that the signature data is correct, step 204 is executed to allow the service node to access the service network, and if the result of the determination is that the signature data is incorrect, the data center platform may ignore the verification request or send an error message to a data center platform user, and the like, which is not limited herein.
204. Allowing the serving node to access a serving network.
If the verification is passed, the data center platform determines that the service node is a real service node, the service node is allowed to access a service network, and if the result is correct after the signature data is verified by using the special key, the data center platform determines that the service node is the real service node, trusts the node, and can perform next specific data interaction. And then the service node is accessed to the corresponding service network, so that the service node can perform data interaction with other equipment in the network. The verification result is correct, the result obtained after the data center platform is decrypted by using the private key can be identified by the data center platform, or the data center platform can only verify the signature part of the service node in the signature data, the signature part is the same as the result obtained by encrypting the service node identification information prestored by the data center platform by using the private key, namely the verification is successful, the service node can be trusted, and the method can be specifically determined according to the actual situation, and is not limited herein.
Optionally, before the data center platform receives the verification request sent by the service node, the method may further include: receiving a private key request sent by a service node; generating a special key according to the identification information of the service node, wherein the special key corresponds to the identification information one by one; storing the private key and sending the private key to the service node. The method comprises the steps that a service node requires a special key from a data center in advance and stores the special key in the service node, when the service node needs to access a service network where a data center platform is located, a corresponding verification request is generated and verified by using the special key, and the special key is generated for the data center platform and is distributed to each service node, so that the possibility that an external device obtains the special key is reduced, and the safety of the device and the feasibility of the scheme are improved.
According to the technical scheme, the embodiment of the application has the following advantages: the service node sends a verification request to the data center platform, wherein the verification request comprises verification signature data and identification information of the service node. The signature data is generated from a pre-stored private key. And the data center platform determines a corresponding professional key according to the identification information of the service node, and verifies the signature data by using the special key to obtain a verification result of the service node. For an illegal service node, signature data encrypted by using a specific key cannot be generated, so that a subsequent verification process cannot be completed, the identity validity of the service node in a service network is ensured, and the data security is improved.
Referring to fig. 3, an embodiment of a service node verification method of the present application includes: step 301 to step 302.
301. The service node generates signature data using a private key pre-stored in the service node.
The service node generates signature data using a private key pre-stored in the service node. The signature data can be obtained by encrypting a command to be executed by the service node by using a special key, after the service node is verified by the data center platform, the service node can be allowed to execute the command, the data interaction times between the data center platform and the service node are reduced, certain characteristic data of the service node can be encrypted by using the special key, and the data center platform can decrypt and judge the identity of the service node by using the corresponding special key, so that the calculation requirement on the data center platform is reduced, and the feasibility of the scheme is improved.
302. And the service node sends a verification request to a data center platform, wherein the verification request comprises the signature data and the identification information of the service node.
And the service node sends a verification request to a data center platform, wherein the verification request comprises the signature data and the identification information of the service node, so that the data center platform verifies the service node. The data center platform acquires the special key corresponding to the service node according to the identification information, wherein the identification information comprises the equipment information of the service node, such as: and information such as the delivery date, the equipment model and the unique equipment identifier is used for enabling the data center platform to confirm the identity of the service node, and further acquiring a key corresponding to the service node so as to finish the verification of the identity of the service node.
Before the optional service node uses the private key prestored in the service node to generate the signature data, the service node may further send a key request, so that the data center platform generates a corresponding private key according to the identification information and returns the private key to the service node, and the service node stores the private key. When the service node needs to access the service network where the data center platform is located, the special key is used for generating a corresponding verification request and verifying the verification request, and the special key is generated for the data center platform and is distributed to each service node, so that the possibility that the external equipment acquires the special key is reduced, and the safety of the equipment and the feasibility of the scheme are improved.
According to the technical scheme, the embodiment of the application has the following advantages: the service node sends a verification request to the data center platform, wherein the verification request comprises verification signature data and identification information of the service node. The signature data is generated from a pre-stored private key. And the data center platform determines a corresponding professional key according to the identification information of the service node, and verifies the signature data by using the special key to obtain a verification result of the service node. For an illegal service node, signature data encrypted by using a specific key cannot be generated, so that a subsequent verification process cannot be completed, and the identity validity of the service node in the service network is ensured. The data security is improved.
Referring to fig. 4, an embodiment of a service node verification method of the present application includes: 401-412.
401. The service node sends a key request to the key server.
The service node sends a key request to the key server, the data center platform comprises the key server, a data center and an access verification server, and specifically, the service node can send corresponding identity information and identification information to the key server. The key server determines the validity of the service node according to the identity information and the identification information, and generates a special key according to the identification information of the service node, wherein the special key corresponds to the identification information one by one; and further, the one-to-one corresponding special keys are generated for different service nodes, the condition that the same key can be used for accessing different service nodes is avoided, the safety of a service network is improved, and the special keys can be generated according to account information, equipment information and/or time stamps of the service nodes.
402. And the key server generates a special key corresponding to the identification information of the service node according to the key request.
The key server generates a special key corresponding to the identification information of the service node according to the key request, specifically, the key server can judge the key request and judge whether the service node is legal or not according to identity information contained in the key server, wherein the identity information is identity information of an owner of the service node. If the service node identity is legal, a private key corresponding to the service node one to one is generated, and specifically, the private key may be generated according to account information, device information, and/or a timestamp of the service node. The specific situation may be determined according to the actual situation, and is not limited herein. The selectable special key is a symmetric key to ensure that the data center does not need to perform excessive calculation in the verification process of the service node, and the requirement on equipment of the data center is reduced. The specific situation may be determined according to actual circumstances, and is not limited herein.
403. The key server sends the private key to the service node.
The key generation server sends the private key to the service node. After the key generation server generates the private key corresponding to the service node, in order to complete the verification process of the data center on the service node, the private key needs to be sent to the service node, so that the service node generates a corresponding verification request according to the private key, and further, the data center verifies the verification request, and finally, a conclusion whether the service node is a real service node is obtained.
404. And storing the special key and the identification information of the service node in the data center.
And the key generation server stores the special key and the identification information of the service node in the data center. The data center platform comprises a data center and an access verification server, after the key generation server generates a special key corresponding to a service node, in order to enable the data center platform to verify the service node, the unique device identifier and the special key corresponding to the service node need to be sent to the data center, so that the special key of the data center and the identification information of the service node can be obtained. It is understood that there is no chronological cause-and-effect relationship between the steps 404 and 403, and therefore, the steps 404 and 403 may be executed first in an actual implementation process, and the order is described herein for convenience of understanding only and is not limited thereto.
405. The service node generates signature data using a private key pre-stored in the service node.
The service node generates signature data using the private key. The service node generates signature data using the private key sent by the key generation server. The signature data can be obtained by encrypting the instruction required to be executed by the service node by using a special key, the service node can be allowed to execute the instruction after the data center verifies the service node, the data interaction times between the data center and the service node are reduced, certain characteristic data of the service node can be encrypted by using the special key, and the data center can decrypt and judge the identity of the service node by using the corresponding special key, so that the calculation requirement on the data center is reduced.
406. The service node sends an authentication request to the access authentication server.
A service node sends a verification request to the data center platform, wherein the verification request comprises signature data and a device unique identifier of the service node; so that the data center platform verifies the verification request. The verification request comprises the signature data and the equipment unique identifier of the service node, so that the data center platform obtains the special key corresponding to the service node according to the equipment unique identifier to complete verification of the identity of the service node. The data center platform comprises a data center and an access verification server, and the service node sends a verification request to the access verification server, so that the access verification server carries out a verification process, direct data interaction between unverified service nodes and the data center is avoided, and the safety of the service system is further improved.
407. And the access verification server sends a query request to the data center to judge whether the identification information of the service node is stored in the data center.
And the access verification server sends a query request to the data center to judge whether the identification information of the service node is stored in the data center. The data center inquires whether a storage record of the identification information of the service node exists according to the record of the database of the data center, if the storage record does not exist, the corresponding information of the service node is not recorded in the data center, the associated special key cannot be obtained, and the safety risk exists. Step 408 is executed to reject the authentication request of the service node. Such that the serving node cannot join the serving network. If the service node exists, the data center has a corresponding record for the service node and can acquire the special key corresponding to the service node, and the identity of the service node can be initially trusted. Step 409 is executed to obtain the private key corresponding to the service node from the data center.
408. Denying the authentication request of the service node.
If the access authentication server sends the query request to the data center, the data center cannot obtain a corresponding storage record, that is, the service node does not apply for a corresponding private key according to a legal warehousing process, and a certain security risk exists, so that the authentication request of the service node should be rejected to avoid introducing an unsafe factor into a service network, and meanwhile, the data center can also send error information to a user of a data center platform to remind the user of the risk condition, which can be determined according to actual conditions, and is not limited herein.
409. And acquiring the special key corresponding to the service node from the data center.
And if the data center can obtain the corresponding storage record after the access verification server sends the query request to the data center, the access verification server obtains the special key corresponding to the service node from the data center. To perform the authentication process. It can be understood that the data center may not only send the private key to the access authentication server, but also send the specific instruction to the service node to the access authentication server together with the private key, so that the service node executes the instruction while completing the authentication process, thereby reducing the number of data interactions between the data center and the service node and improving the system efficiency.
410. And the access verification server verifies the signature data of the service node by adopting the special key acquired from the data center.
And the access verification server verifies the signature data of the service node by adopting the special key acquired from the data center. The access verification server uses the special key to verify whether the signature data is correct or not, for illegal equipment, the difficulty in obtaining the equipment identification is low, and identification information can be verified through a data center in the form of database collision and the like. The signature data is generated by the private key and is not easy to acquire, so that the security of the data center and the whole service system can be better protected by further verifying the signature data by adopting the private key. The access verification server can decrypt the signature data by using the special key, the decryption result can be the request of the service node to the data center or some characteristic data of the service node, the access verification server can determine that the signature data is correct by being identified by the access verification server after decrypting by using the special key, and the access verification server can only verify the signature part of the service node in the signature data so as to ensure that the service node is identified quickly. The specific form can be determined according to the actual situation, and is not limited herein. If the verification result is that the signature data is correct, step 411 is executed to allow the service node to access the service network. If the verification result is wrong, the access verification server may ignore the verification request, or return an error message to the service node, and the like, which is not limited herein.
411. Allowing the serving node to access a serving network.
And after the access verification server verifies that the signature data is correct by using the special key, the identity of the service node is confirmed to allow the service node to access the service network. Meanwhile, the access authentication server can return authentication information to the data center to inform the service node identity, and the data center can also judge whether the service node passes the authentication according to whether the instruction contained in the authentication request is correctly executed, which can be determined according to the actual situation, and is not limited herein.
Referring to fig. 5, an embodiment of a data center platform of the present application includes:
a receiving unit 501, configured to receive a verification request sent by a service node, where the verification request includes signature data and identification information of the service node;
an obtaining unit 502, configured to obtain a private key corresponding to the service node according to the identification information;
a verifying unit 503, configured to verify whether the signature data is correct by using the private key, and if the signature data is verified, trigger the allowing unit 504;
an allowing unit 504, configured to allow the service node to access a service network.
In this embodiment, the flow executed by each unit in the data center platform is similar to the method flow described in the embodiment corresponding to fig. 2, and is not described herein again.
Referring to fig. 6, an embodiment of a service node of the present application includes:
a generating unit 601 configured to generate signature data using a private key prestored in the serving node;
a sending unit 602, configured to send a verification request to a data center platform to the data center platform, where the verification request includes the signature data and the identification information of the service node, so that the data center platform verifies the service node.
In this embodiment, the flow executed by each unit in the service node is similar to the method flow described in the embodiment corresponding to fig. 3, and is not described again here.
Fig. 7 is a schematic structural diagram of a data center platform according to an embodiment of the present disclosure, where the server 700 may include one or more Central Processing Units (CPUs) 701 and a memory 705, where the memory 705 stores one or more application programs or data.
In this embodiment, the specific functional module division in the central processing unit 701 may be similar to the functional module division manner of each unit described in the foregoing fig. 5, and details are not repeated here.
The memory 705 may be volatile storage or persistent storage, among others. The program stored in the memory 705 may include one or more modules, each of which may include a sequence of instructions operating on a server. Still further, central processor 701 may be configured to communicate with memory 705 and to perform a series of instruction operations in memory 705 on server 700.
The server 700 may also include one or more power supplies 702, one or more wired or wireless network interfaces 703, one or more input-output interfaces 704, and/or one or more operating systems, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.
The central processing unit 701 may perform the operations performed by the data center platform in the embodiment shown in fig. 2, which are not described herein again.
Fig. 8 is a schematic structural diagram of a service node according to an embodiment of the present disclosure, where the server 800 may include one or more Central Processing Units (CPUs) 801 and a memory 805, where the memory 805 stores one or more applications or data.
In this embodiment, the specific functional module division in the central processing unit 801 may be similar to the functional module division manner of each unit described in fig. 8, and is not described herein again.
The server 800 may also include one or more power supplies 802, one or more wired or wireless network interfaces 803, one or more input-output interfaces 804, and/or one or more operating systems, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.
The central processing unit 801 may perform the operations performed by the service node in the embodiment shown in fig. 3, which are not described herein again.
Embodiments of the present application further provide a computer storage medium for storing computer software instructions for use as described above, including a program designed for executing the method for service node validation.
The service node authentication method may be as described in the aforementioned fig. 2, fig. 3 or fig. 4.
An embodiment of the present application further provides a computer program product, where the computer program product includes computer software instructions, and the computer software instructions may be loaded by a processor to implement the flow of the service node authentication method in any one of fig. 2, fig. 3, or fig. 4.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other media capable of storing program codes.
Claims (10)
1. A method for service node authentication, comprising:
the method comprises the steps that a data center platform receives a verification request sent by a service node, wherein the verification request comprises signature data and identification information of the service node;
the data center platform acquires a special key corresponding to the service node according to the identification information;
the data center platform verifying the certified signature data using the private key;
and if the verification is passed, allowing the service node to access the service network.
2. The method for authenticating a service node as recited in claim 1, wherein before the data center platform receives the authentication request sent by the service node, the method further comprises:
receiving a private key request sent by a service node;
generating a special key according to the identification information of the service node, wherein the special key corresponds to the identification information one by one;
storing the private key and sending the private key to the service node.
3. The authentication method of a service node according to claim 2, wherein the private key is generated from account information, device information and/or a timestamp of the service node.
4. The service node validation method of claim 1, wherein the data center platform comprises a key server and a data center, the service node validation method comprising:
the key server receives a key request of the service node;
the key server generates a special key corresponding to the identification information of the service node according to the key request;
and the key server sends the special key to the service node and stores the special key and the identification information of the service node in the data center.
5. The service node validation method of claim 4, wherein the data center platform further comprises an access validation server, the service node validation method further comprising:
the access authentication server receives the authentication request sent by a service node;
the access verification server sends a query request to the data center and judges whether the identification information of the service node is stored in the data center;
if the information of the service node is not stored in the data center, rejecting the verification request of the service node;
if the information of the service node is stored in the data center, acquiring a special key corresponding to the service node from the data center;
and the access verification server verifies the signature data of the service node by adopting the special key acquired from the data center.
6. A method for service node authentication, comprising:
the service node generates signature data by using a private key prestored in the service node;
the service node sends a verification request to a data center platform, wherein the verification request comprises the signature data and the identification information of the service node, so that the data center platform verifies the service node.
7. The service node validation method of claim 6, wherein before the service node generates the signature data using a private key pre-stored at the service node, the method further comprises:
the service node sends a key request, so that the data center platform generates a corresponding specific key according to the identification information and returns the specific key to the service node;
the service node stores the private key.
8. The service node authentication method as recited in claim 7, wherein the data center platform comprises a key server and a data center, the service node authentication method comprising:
the service node sends a key request to the key server;
and the service node receives the special key returned by the key server and stores the special key.
9. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 8.
10. A computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010603052.3A CN111770087A (en) | 2020-06-29 | 2020-06-29 | Service node verification method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010603052.3A CN111770087A (en) | 2020-06-29 | 2020-06-29 | Service node verification method and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111770087A true CN111770087A (en) | 2020-10-13 |
Family
ID=72722865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010603052.3A Pending CN111770087A (en) | 2020-06-29 | 2020-06-29 | Service node verification method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111770087A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261103A (en) * | 2020-10-16 | 2021-01-22 | 深圳市网心科技有限公司 | Node access method and related equipment |
| CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
| CN114189526A (en) * | 2021-11-01 | 2022-03-15 | 北京中合谷投资有限公司 | Centralized scheduling algorithm of distributed network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070086590A1 (en) * | 2005-10-13 | 2007-04-19 | Rolf Blom | Method and apparatus for establishing a security association |
| WO2009074082A1 (en) * | 2007-12-03 | 2009-06-18 | Huawei Technologies Co., Ltd. | Access controlling method?system and device |
| WO2009155812A1 (en) * | 2008-06-23 | 2009-12-30 | 华为技术有限公司 | Terminal access method, access management method, network equipment and communication system |
| US20180332471A1 (en) * | 2016-05-05 | 2018-11-15 | Tencent Technology (Shenzhen) Company Limited | Wireless network connection method, wireless access point, server, and system |
-
2020
- 2020-06-29 CN CN202010603052.3A patent/CN111770087A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070086590A1 (en) * | 2005-10-13 | 2007-04-19 | Rolf Blom | Method and apparatus for establishing a security association |
| WO2009074082A1 (en) * | 2007-12-03 | 2009-06-18 | Huawei Technologies Co., Ltd. | Access controlling method?system and device |
| WO2009155812A1 (en) * | 2008-06-23 | 2009-12-30 | 华为技术有限公司 | Terminal access method, access management method, network equipment and communication system |
| US20180332471A1 (en) * | 2016-05-05 | 2018-11-15 | Tencent Technology (Shenzhen) Company Limited | Wireless network connection method, wireless access point, server, and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261103A (en) * | 2020-10-16 | 2021-01-22 | 深圳市网心科技有限公司 | Node access method and related equipment |
| CN113890730A (en) * | 2021-09-23 | 2022-01-04 | 上海华兴数字科技有限公司 | Data transmission method and system |
| CN114189526A (en) * | 2021-11-01 | 2022-03-15 | 北京中合谷投资有限公司 | Centralized scheduling algorithm of distributed network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3550783B1 (en) | Internet of things device burning verification method and apparatus | |
| CN108964885B (en) | Authentication method, device, system and storage medium | |
| CN106991298B (en) | Access method of application program to interface, authorization request method and device | |
| CN106790156B (en) | Intelligent device binding method and device | |
| CN100512201C (en) | Method for dealing inserted-requested message of business in groups | |
| CN108111473B (en) | Unified management method, device and system for hybrid cloud | |
| CN105915338B (en) | Generate the method and system of key | |
| CN111770087A (en) | Service node verification method and related equipment | |
| CN109981562B (en) | Software development kit authorization method and device | |
| CN111800378B (en) | Login authentication method, device, system and storage medium | |
| US20230412399A1 (en) | Database Multi-Authentication Method and System, Terminal, and Storage Medium | |
| CN111030814A (en) | Key negotiation method and device | |
| CN112257093B (en) | Authentication method, terminal and storage medium for data object | |
| CN109831435A (en) | A kind of database operation method, system and proxy server and storage medium | |
| CN111901304B (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
| CN114444134A (en) | Data use authorization method, system and device | |
| CN109150811B (en) | Method and device for realizing trusted session and computing equipment | |
| CN106992978B (en) | Network security management method and server | |
| CN105430649B (en) | WIFI cut-in method and equipment | |
| CN112261103A (en) | Node access method and related equipment | |
| CN113505353A (en) | Authentication method, device, equipment and storage medium | |
| CN112118209A (en) | Account number operation method and device of vehicle equipment | |
| CN114036490A (en) | Security authentication method for calling plug-in software interface, USBKey driving device and authentication system | |
| CN112953711B (en) | Database security connection system and method | |
| CN115714678A (en) | Authentication method and device of terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201013 |