CN112231691A - Equipment login method, device and system - Google Patents
Equipment login method, device and system Download PDFInfo
- Publication number
- CN112231691A CN112231691A CN202011051572.4A CN202011051572A CN112231691A CN 112231691 A CN112231691 A CN 112231691A CN 202011051572 A CN202011051572 A CN 202011051572A CN 112231691 A CN112231691 A CN 112231691A
- Authority
- CN
- China
- Prior art keywords
- login
- security
- token
- user name
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000012795 verification Methods 0.000 claims abstract description 78
- 238000010200 validation analysis Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 16
- 238000004590 computer program Methods 0.000 description 10
- 230000009471 action Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Human Computer Interaction (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Selective Calling Equipment (AREA)
Abstract
The application provides a device login method, a device and a system, wherein the method comprises the steps of sending a token request to a safety device, wherein the token request carries a user name and verification information for logging in the safety device; receiving a login token sent by the security device, wherein the login token is sent by the security device after the security device successfully verifies the security cloud platform based on the user name and verification information; and sending a login request to the security equipment, wherein the login request carries the login token, so that the security equipment logs in a management interface of the security equipment by using the user name and a login password corresponding to the user name after the received login token is verified by the security equipment. Therefore, even if the security device modifies the login password, the cloud security platform can accurately log in the management interface.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, and a system for device login.
Background
The safety cloud is a safety cloud management platform, which is a brand-new designed cloud safety service management platform suitable for a cloud computing network. The security cloud shields the bottom technical details from the perspective of the logic control layer, redefines the fussy security service, and provides abstract service configuration and management of various security capabilities for the user from the perspective of the user service.
In the process of developing the security service on the security cloud platform, security equipment or third-party security equipment is added on the security cloud platform, then a manager can directly open a management interface of the third-party security equipment on the security cloud platform, a login page needs to be skipped in the opening process, the user name and the login password of the third-party security equipment are recorded on the security cloud platform, when the third-party security equipment is logged in, the stored user name and the login password are automatically filled in through simulating the form login process, the manager does not need to manually input the user name and the password, then the form is submitted, the login can be successful, and the third-party security equipment can be normally accessed after the login is successful. However, the above form login method does not support content that needs to be manually filled in, such as an authentication code, and if the login password is not saved in time to the secure cloud platform after being modified, login may fail when the third-party secure device is logged in.
Therefore, after logging in the third-party security device, how to ensure successful login of the third-party security device during login password modification is one of the considerable technical problems.
Disclosure of Invention
In view of the above, the present application provides a device login method, apparatus, and system, which are used to successfully log in a third-party security device when a login password is modified after the third-party security device is logged in.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the present application, there is provided an apparatus login method applied to a secure cloud platform, the method including:
sending a token request to a security device, wherein the token request carries a user name and authentication information for logging in the security device;
receiving a login token sent by the security device, wherein the login token is sent by the security device after the security device successfully verifies the security cloud platform based on the user information and verification information;
and sending a login request to the security equipment, wherein the login request carries the login token, so that the security equipment logs in a management interface of the security equipment by using the user name and the login password corresponding to the user name and outputs and displays the login request after the received login token is verified by the security equipment.
According to a second aspect of the present application, there is provided a device login method applied to a security device, the method including:
receiving a token request sent by a security cloud platform, wherein the token request carries a user name and authentication information for logging in the security equipment;
verifying the security cloud platform by using the user name and verification information;
after the verification is successful, sending a login token to the security cloud platform;
receiving a login request sent by the secure cloud platform, wherein the login request carries a login token;
verifying a login token carried by the login request;
and after the carried login token is verified, logging in a management interface of the safety equipment by using the user name and a login password corresponding to the user name.
According to a third aspect of the present application, there is provided an apparatus for device login, which is applied to a secure cloud platform, the apparatus including:
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending a token request to the safety equipment, and the token request carries a user name and verification information for logging in the safety equipment;
the receiving module is used for receiving a login token sent by the safety equipment, wherein the login token is sent by the safety equipment after the safety equipment successfully verifies the safety cloud platform based on the user information and the verification information;
and the second sending module is used for sending a login request to the security device, wherein the login request carries the login token, so that the security device can log in a management interface of the security device by using the user name and the login password corresponding to the user name after the received login token is verified by the security device.
According to a fourth aspect of the present application, there is provided a device login apparatus, for use in a security device, the apparatus comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a token request sent by a security cloud platform, and the token request carries a user name and authentication information for logging in the security equipment;
the first verification module is used for verifying the security cloud platform by using the user name and verification information;
the sending module is used for sending a login token to the security cloud platform after the first verification module successfully verifies;
the second receiving module is used for receiving a login request sent by the secure cloud platform, wherein the login request carries a login token;
the second verification module is used for verifying the login token carried by the login request;
and the login module is used for logging in a management interface of the safety equipment by using the user name and the login password corresponding to the user name and outputting and displaying the login password after the second authentication module authenticates the carried login token.
According to a fifth aspect of the present application, there is provided a device login system, the system comprising: the security cloud platform is used for executing the device login method provided by the first aspect of the embodiment of the application, and each security device is used for executing the device login method provided by the second aspect of the embodiment of the application.
According to a sixth aspect of the present application, there is provided a secure cloud platform comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing a computer program executable by the processor, the processor being caused by the computer program to perform the method provided by the first aspect of the embodiments of the present application.
According to a seventh aspect of the present application, there is provided a security device comprising a processor and a machine-readable storage medium, the machine-readable storage medium storing a computer program executable by the processor, the processor being caused by the computer program to perform the method provided by the second aspect of the embodiments of the present application.
According to an eighth aspect of the present application, there is provided a machine-readable storage medium storing a computer program which, when invoked and executed by a processor, causes the processor to perform the method provided by the first aspect of an embodiment of the present application or the method provided by the second aspect of the present embodiment.
The beneficial effects of the embodiment of the application are as follows:
the cloud security platform only needs to record a user name and a login password of a management interface of the security device and acquire a login token by using the user name and authentication information without recording the user name and the login password of the management interface of the security device, and then the cloud security platform can successfully log in the management interface of the security device by using the login token; in addition, even if the security device modifies the login password, the security device can accurately log in the management interface.
Drawings
Fig. 1 is a flowchart of an apparatus login method on a cloud security platform side according to an embodiment of the present application;
fig. 2 is a flowchart of a device login method on a security device side according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an apparatus login apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another device login apparatus provided in the embodiment of the present application;
fig. 5 is a schematic structural diagram of a cloud security platform provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a security device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with aspects such as the present application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the corresponding listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The device registration method provided by the present application is explained in detail below.
Referring to fig. 2, fig. 2 is a flowchart of an apparatus login method provided in the present application, and when the apparatus login method is executed by a secure cloud platform, the method may include the following steps:
s101, sending a token request to the safety equipment, wherein the token request carries a user name and authentication information for logging in the safety equipment.
Specifically, when the security cloud platform needs to manage the security device, a token request may be sent to the security device first, and in order to obtain the login token, a user name (username) and authentication information for logging in a management interface of the security device need to be carried in the token request, so that the security device authenticates the cloud security platform, where the user name may be a user name for implementing single sign-on.
Optionally, the verification information may include, but is not limited to, a current timestamp (timestamp) and a verification valid value (valid), and on this basis, the secure cloud platform may generate the verification valid value according to the following process: acquiring key information; and encrypting the user name, the current timestamp and the key information by using a preset encryption algorithm to obtain the verification valid value. The current timestamp is a timestamp when the verification valid value is generated, that is, a timestamp for generating the verification valid value.
Specifically, the key information (securityKey) is negotiated with the security device, and in a specific implementation, when any security device joins the security cloud, the security device may register on the security cloud platform in advance, the security cloud platform may add the security device to the resource pool and negotiate the key information with the security device, and after negotiation is completed, the security cloud platform may record a corresponding relationship between the security device and the key information; meanwhile, the safety equipment can also locally store the negotiated key information; optionally, when the security device registers on multiple security cloud platforms, and the security device locally stores key information, the corresponding relationship between the security cloud platforms and the key information negotiated by the security cloud platforms may be recorded.
On the basis, the security cloud platform acquires key information corresponding to the security equipment; and then, splicing the user name, the timestamp and the key information of the login management interface of the safety equipment, and then encrypting the spliced character string by using a preset encryption algorithm, so that a verification effective value can be obtained.
Optionally, the preset encryption Algorithm may be, but is not limited to, a Message-Digest Algorithm (md 5), and the like, and the verification result obtained by encrypting with the md5 Algorithm is: valid ═ md5(username + timetag + securityKey).
On this basis, when the security cloud platform sends the token request, the user name and the authentication information (the current timestamp and the authentication valid value) may be carried in the token request, for example, the information carried in the token request is as follows:
in the present application, the number of bits of the time stamp and the user name is not limited.
It should be noted that the security device may have multiple management interfaces, and the content managed by each management interface is also different, so that the cloud security platform may send multiple user names and the authentication information generated based on each user name when managing the security device.
S102, receiving a login token sent by the safety equipment.
The login token is sent by the security device after the security device successfully verifies the security cloud platform based on the user name and the verification information.
Specifically, after receiving the token request, the security device can analyze the user name and the verification information from the token request, and then verify the security cloud platform by using the user name and the verification information. After the security device passes the verification of the security cloud platform, a login token is generated and then sent to the cloud security platform.
S103, sending a login request to the security device, wherein the login request carries the login token, so that the security device can log in a management interface of the security device by using the user name and the login password corresponding to the user name after the received login token is verified.
Specifically, after receiving the login token, the cloud security platform triggers a login request for logging in a management interface of the security device, and then carries the received login token in the login request, so that the security device can verify the received login token, which is equivalent to performing secondary verification on the cloud security platform.
Optionally, when sending the login request to the security device, the following steps may be performed: and sending a Uniform Resource Locator (URL) for logging in the management interface to the security device, where the URL carries the login token.
Specifically, the cloud security platform carries a login token sent by the security device in a URL of a management interface of the login security device, and then sends the redirected URL to the security device, so that the security device receives the URL, analyzes the login token from the URL, and then verifies the login token. And when the login token passes the authentication, acquiring a login password corresponding to the user name from the local of the safety equipment by using the user name in the token request, and logging in a management interface of the safety equipment by using the user name and the login password.
Optionally, the cloud security platform may be, but is not limited to, a cloud security server, and the like. The security device may be a third-party security device, or a security device of the same manufacturer as the cloud security server.
By implementing the process shown in fig. 1, the cloud security platform does not need to record a user name and a login password of a management interface of the security device, only needs to record the user name, obtains a login token by using the user name and authentication information, and then can successfully log in the management interface of the security device by using the login token; in addition, even if the security device modifies the login password, the security device can accurately log in the management interface.
Based on the same inventive concept, the present application further provides an apparatus login method on a security apparatus side, which can be implemented according to the flow shown in fig. 2 when the security apparatus executes the apparatus login method, and includes the following steps:
s201, receiving a token request sent by a security cloud platform, wherein the token request carries a user name and authentication information for logging in the security equipment.
Specifically, the verification information includes a verification valid value and a time stamp for generating the verification valid value.
S202, the user name and the verification information are used for verifying the security cloud platform.
Specifically, after receiving the token request, the security device may parse the user name and the verification information from the token request, and then obtain the verification valid value and the timestamp for generating the verification valid value from the verification information. When the cloud security platform is verified, the following processes can be implemented: acquiring key information agreed with the secure cloud platform; encrypting the user name, the timestamp and the key information by using a preset encryption algorithm to obtain a target virtual value; and if the target effective value is consistent with the verification effective value, confirming that the security cloud platform passes the verification.
Specifically, the security device locally registers on the cloud security platform in advance, then makes a key information agreement with the cloud security platform, and then stores the key information agreed with the cloud security platform locally. Therefore, after the token request is received, the key information agreed with the cloud security equipment can be obtained locally, and then the user name, the timestamp and the key information in the token request are encrypted by using a preset encryption algorithm to obtain the target generating value. Then, whether the verification effective value extracted from the verification information is consistent with a target effective value generated by the verification information is confirmed, and if the verification effective value is consistent with the target effective value, the subsequent flow is executed if the verification on the cloud security platform is passed; and if the verification result is inconsistent with the verification result, the cloud security platform is verified to be not passed, the subsequent process is not executed, and optionally, the verification failure result can be sent to the cloud security platform.
Optionally, the security device may further perform verification of the cloud security platform by using the parsed user name, that is, whether the parsed user name exists is determined based on the locally stored user name, when the parsed user name exists, the cloud platform is verified to be passed, and when the parsed user name does not exist, the cloud platform is verified to be failed, and then the subsequent process may not be performed.
It should be noted that, when the token obtaining request carries multiple user names and the authentication information of each user name, the authentication process is executed for each user name and the authentication information of the user name. Management of multiple management interfaces can thereby be achieved.
And S203, after the verification is successful, sending a login token to the security cloud platform.
Specifically, after the cloud security platform is verified by using the execution process in step S202, a login token may be generated, and then the login token is sent to the cloud security platform. In specific implementation, the login token may be generated and recorded by using a random algorithm, which may be, but not limited to, a Universal Unique Identifier (UUID) algorithm, and the like, and the random algorithm for generating the login token is not limited in this application.
Optionally, a valid time period of the login token, such as 5 minutes, may be set at the same time as the login token is generated. Specifically, a timer may be set, and the timer is set to be the effective time limit, and then the timer starts to count time while the login token is sent to the cloud security platform. Alternatively, the transmission time point at which the login token is transmitted may be recorded.
S204, receiving a login request sent by the secure cloud platform, wherein the login request carries a login token.
S205, the login token carried by the login request is verified.
Specifically, after receiving the login request, the login token may be parsed from the login request, and then the parsed login token is compared with the login token locally stored, that is, generated in step S203, and when the comparison is consistent, it indicates that the verification of the login token is passed.
Optionally, when the security device sets an effective time limit for the login token, the login token may be further verified according to the following procedure: and if the login token is received within the effective time limit, confirming that the login token is verified to be passed.
Alternatively, when the timer is set based on step S203, it may be confirmed whether the timer reaches the validity time limit when the login request is received, and when the timer reaches the validity time limit, it indicates that the login token has passed the validity time limit, and indicates that the login token is not verified; and when the validation time limit is not reached, the verification on the login token is passed.
Alternatively, when the sending time point of sending the login token is recorded based on step S203, when the login request is received, the receiving time point of receiving the login request may be recorded, then the time interval between the receiving time point and the sending time point is confirmed, if the time interval is less than or equal to the validity time limit, it indicates that the login token is not invalid, it indicates that the login token is verified, and then step S206 is executed; and when the time interval is larger than the effective time limit, the login token is invalid, the login token is verified to be failed, the subsequent process is not executed, and the result of the verification failure of the login token can be fed back to the cloud security platform.
And S206, after the carried login token is verified, logging in a management interface of the safety equipment by using the user name and a login password corresponding to the user name.
Specifically, when the security device passes the authentication of the login token, the login password corresponding to the extracted user name may be confirmed by using the correspondence relationship between the user name extracted in step S201 and the locally stored user name and login password, and then the user name and login password may be used to log in to the management interface of the security device. Therefore, the cloud security platform can quickly and safely log in the management interface of the security equipment even if the user name and the login password of the management interface of the security equipment are not recorded; in addition, even if the login password is modified by the security device, the login password is recorded in the local security device, so that the cloud security device can normally log in a management interface of the security device to manage the security device through the management device, and the cloud security device is convenient, rapid and high in safety.
Based on the same inventive concept, the application also provides an equipment login device corresponding to the equipment login method provided by the cloud security platform side. The implementation of the device login apparatus may specifically refer to the description of the cloud security platform side on the device login method, which is not discussed herein one by one.
Referring to fig. 3, fig. 3 is a device login apparatus provided in an exemplary embodiment of the present application, and the apparatus is disposed in a cloud security platform, and includes:
a first sending module 301, configured to send a token request to a security device, where the token request carries a user name and authentication information for logging in the security device;
a receiving module 302, configured to receive a login token sent by the security device, where the login token is sent by the security device after the security cloud platform is successfully verified based on the user information and verification information;
a second sending module 303, configured to send a login request to the security device, where the login request carries the login token, so that the security device logs in to a management interface of the security device by using the user name and a login password corresponding to the user name after passing the authentication of the received login token.
It should be noted that the first sending module 301 and the second sending module 303 may be the same sending module, for example, information may be sent to a security device through the same interface. Of course, the modules may not be the same, and the details may be determined according to actual situations.
Optionally, the verification information includes a verification valid value and a timestamp for generating the verification valid value, and the device login apparatus provided in this embodiment further includes: a key acquisition module 304 and an encryption module 305, wherein:
a key obtaining module 304, configured to obtain key information;
the encryption module 305 is configured to encrypt the user name, the timestamp, and the key information by using a preset encryption algorithm, so as to obtain the verification valid value.
Optionally, the second sending module 303 is specifically configured to send, to the security device, a uniform resource locator URL for logging in the management interface, where the URL carries the login token.
Optionally, the key information is agreed with the security device.
Based on the same inventive concept, the application also provides an equipment login device corresponding to the provided equipment login method of the safety equipment side. The implementation of the device login apparatus may specifically refer to the description of the device login method on the security device side, which is not discussed here one by one.
Referring to fig. 4, fig. 4 is a device login apparatus provided in a security device according to an exemplary embodiment of the present application, where the apparatus includes:
a first receiving module 401, configured to receive a token request sent by a security cloud platform, where the token request carries a user name and authentication information for logging in the security device;
a first verification module 402, configured to verify the secure cloud platform by using the user name and verification information;
a sending module 403, configured to send a login token to the secure cloud platform after the first verification module successfully verifies the first verification module;
a second receiving module 404, configured to receive a login request sent by the secure cloud platform, where the login request carries a login token;
a second authentication module 405, configured to authenticate a login token carried by the login request;
and a login module 406, configured to log in to a management interface of the security device by using the user name and a login password corresponding to the user name after the second authentication module authenticates the carried login token.
It should be noted that the first receiving module 401 and the second receiving module 402 may be the same receiving module, or may be different receiving modules, which may be determined according to actual situations.
Optionally, the verification information in this embodiment includes a verification valid value and a timestamp for generating the verification valid value, then
The first verification module 402 is specifically configured to obtain key information agreed with the secure cloud platform; encrypting the user name, the timestamp and the key information by using a preset encryption algorithm to obtain a target virtual value; and if the target effective value is consistent with the verification effective value, confirming that the security cloud platform passes the verification.
Optionally, the login token in this embodiment has an effective time limit; then
The second verification module 405 is specifically configured to, if the login token is received within the validation time period, confirm that the login token is verified.
Based on the same inventive concept, the present application further provides an equipment login system, which includes a cloud security platform and at least one security device, where the cloud security platform is configured to execute any equipment login method executed by the cloud security platform side provided in the embodiments of the present application; and each safety device is used for executing any device login method executed by the safety device side provided by the embodiment of the application.
It should be noted that one cloud security device may manage at least one security device, and the security device may be a third-party security device, and the like.
The embodiment of the present application provides a cloud security platform, as shown in fig. 5, including a processor 501 and a machine-readable storage medium 502, where the machine-readable storage medium 502 stores a computer program capable of being executed by the processor 501, and the processor 501 is caused by the computer program to execute the device login method on the cloud security platform side provided in the embodiment of the present application.
The computer-readable storage medium may include a RAM (Random Access Memory), a DDR SRAM (Double Data Rate Synchronous Dynamic Random Access Memory), and may also include a NVM (Non-volatile Memory), such as at least one disk Memory. Alternatively, the computer readable storage medium may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field-Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
The embodiment of the present application provides a security device, as shown in fig. 6, including a processor 601 and a machine-readable storage medium 602, where the machine-readable storage medium 602 stores a computer program capable of being executed by the processor 601, and the processor 601 is caused by the computer program to execute the device login method on the security device side provided in the embodiment of the present application.
The computer-readable storage medium may include a RAM (Random Access Memory), a DDR SRAM (Double Data Rate Synchronous Dynamic Random Access Memory), and may also include a NVM (Non-volatile Memory), such as at least one disk Memory. Alternatively, the computer readable storage medium may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field-Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
In addition, the present application embodiment provides a machine-readable storage medium storing a computer program, which when called and executed by a processor in a cloud security platform, causes the processor in the cloud security platform to execute the device login method on the cloud security platform side provided in the present application embodiment, or when called and executed by a processor in a security device, causes the processor in the security device to execute the device login method on the security device side provided in the present application embodiment.
For the cloud security platform or security device and the machine-readable storage medium embodiment, since the contents of the related method are substantially similar to those of the foregoing method embodiment, the description is relatively simple, and for the relevant points, reference may be made to part of the description of the method embodiment.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The implementation process of the functions and actions of each unit/module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the units/modules described as separate parts may or may not be physically separate, and the parts displayed as units/modules may or may not be physical units/modules, may be located in one place, or may be distributed on a plurality of network units/modules. Some or all of the units/modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. The device login method is applied to a secure cloud platform, and comprises the following steps:
sending a token request to a security device, wherein the token request carries a user name and authentication information for logging in the security device;
receiving a login token sent by the security device, wherein the login token is sent by the security device after the security device successfully verifies the security cloud platform based on the user name and verification information;
and sending a login request to the security equipment, wherein the login request carries the login token, so that the security equipment logs in a management interface of the security equipment by using the user name and a login password corresponding to the user name after the received login token is verified by the security equipment.
2. The method of claim 1, wherein the validation information comprises a validation valid value and a timestamp that generated the validation valid value, and wherein the validation valid value is generated by:
acquiring key information;
and encrypting the user name, the timestamp and the key information by using a preset encryption algorithm to obtain the verification valid value.
3. The method of claim 1, wherein sending a login request to the security device, the login request carrying the login token, comprises:
and sending a Uniform Resource Locator (URL) for logging in the management interface to the safety equipment, wherein the URL carries the login token.
4. The method of claim 2, wherein the key information is agreed with the security device.
5. A device login method is applied to a security device, and the method comprises the following steps:
receiving a token request sent by a security cloud platform, wherein the token request carries a user name and authentication information for logging in the security equipment;
verifying the security cloud platform by using the user name and verification information;
after the verification is successful, sending a login token to the security cloud platform;
receiving a login request sent by the secure cloud platform, wherein the login request carries a login token;
verifying a login token carried by the login request;
and after the carried login token is verified, logging in a management interface of the safety equipment by using the user name and a login password corresponding to the user name.
6. The method of claim 5, wherein the validation information comprises a validation valid value and a timestamp that generated the validation valid value, then
Verifying the security cloud platform by using the user name and the verification information, wherein the verification comprises:
acquiring key information agreed with the secure cloud platform;
encrypting the user name, the timestamp and the key information by using a preset encryption algorithm to obtain a target virtual value;
and if the target effective value is consistent with the verification effective value, confirming that the security cloud platform passes the verification.
7. The method of claim 1, wherein the login token has an expiration time period; then
And verifying the login token carried by the login request, wherein the verification comprises the following steps:
and if the login token is received within the effective time limit, confirming that the login token is verified to be passed.
8. An apparatus login device, applied to a secure cloud platform, the apparatus comprising:
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending a token request to the safety equipment, and the token request carries a user name and verification information for logging in the safety equipment;
the receiving module is used for receiving a login token sent by the safety equipment, wherein the login token is sent by the safety equipment after the safety equipment successfully verifies the safety cloud platform based on the user information and the verification information;
and the second sending module is used for sending a login request to the security device, wherein the login request carries the login token, so that the security device can log in a management interface of the security device by using the user name and the login password corresponding to the user name after the received login token is verified by the security device.
9. An apparatus login device for a security device, the apparatus comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a token request sent by a security cloud platform, and the token request carries a user name and authentication information for logging in the security equipment;
the first verification module is used for verifying the security cloud platform by using the user name and verification information;
the sending module is used for sending a login token to the security cloud platform after the first verification module successfully verifies;
the second receiving module is used for receiving a login request sent by the secure cloud platform, wherein the login request carries a login token;
the second verification module is used for verifying the login token carried by the login request;
and the login module is used for logging in a management interface of the safety equipment by using the user name and the login password corresponding to the user name after the second authentication module authenticates the carried login token.
10. A device login system, the system comprising: the system comprises a secure cloud platform and at least one security device, wherein the secure cloud platform is used for executing the device login method of any one of claims 1-4, and each security device is used for executing the device login method of any one of claims 5-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011051572.4A CN112231691A (en) | 2020-09-29 | 2020-09-29 | Equipment login method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011051572.4A CN112231691A (en) | 2020-09-29 | 2020-09-29 | Equipment login method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112231691A true CN112231691A (en) | 2021-01-15 |
Family
ID=74119403
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011051572.4A Pending CN112231691A (en) | 2020-09-29 | 2020-09-29 | Equipment login method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231691A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113849801A (en) * | 2021-09-30 | 2021-12-28 | 中国平安财产保险股份有限公司 | Single sign-on method and device, computer equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
| CN107359996A (en) * | 2016-05-09 | 2017-11-17 | 阿里巴巴集团控股有限公司 | Automatic logging method and device between more websites |
| CN108769041A (en) * | 2018-06-06 | 2018-11-06 | 深圳壹账通智能科技有限公司 | Login method, system, computer equipment and storage medium |
| CN109089264A (en) * | 2018-08-02 | 2018-12-25 | 江苏满运软件科技有限公司 | A kind of mobile terminal exempts from the method and system of close login |
| CN109150910A (en) * | 2018-10-11 | 2019-01-04 | 平安科技(深圳)有限公司 | Log in token generation and verification method, device and storage medium |
| CN109309683A (en) * | 2018-10-30 | 2019-02-05 | 泰华智慧产业集团股份有限公司 | The method and system of client identity verifying based on token |
| CN109379336A (en) * | 2018-09-18 | 2019-02-22 | 中汇信息技术(上海)有限公司 | A kind of uniform authentication method, distributed system and computer readable storage medium |
| CN109379369A (en) * | 2018-11-09 | 2019-02-22 | 中国平安人寿保险股份有限公司 | Single-point logging method, device, server and storage medium |
| CN110516454A (en) * | 2019-08-13 | 2019-11-29 | 苏州浪潮智能科技有限公司 | Exchange method, system, device and the computer readable storage medium of more equipment |
| CN110781482A (en) * | 2019-10-12 | 2020-02-11 | 广州酷旅旅行社有限公司 | Login method, login device, computer equipment and storage medium |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
-
2020
- 2020-09-29 CN CN202011051572.4A patent/CN112231691A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107359996A (en) * | 2016-05-09 | 2017-11-17 | 阿里巴巴集团控股有限公司 | Automatic logging method and device between more websites |
| CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
| CN108769041A (en) * | 2018-06-06 | 2018-11-06 | 深圳壹账通智能科技有限公司 | Login method, system, computer equipment and storage medium |
| CN109089264A (en) * | 2018-08-02 | 2018-12-25 | 江苏满运软件科技有限公司 | A kind of mobile terminal exempts from the method and system of close login |
| CN109379336A (en) * | 2018-09-18 | 2019-02-22 | 中汇信息技术(上海)有限公司 | A kind of uniform authentication method, distributed system and computer readable storage medium |
| CN109150910A (en) * | 2018-10-11 | 2019-01-04 | 平安科技(深圳)有限公司 | Log in token generation and verification method, device and storage medium |
| CN109309683A (en) * | 2018-10-30 | 2019-02-05 | 泰华智慧产业集团股份有限公司 | The method and system of client identity verifying based on token |
| CN109379369A (en) * | 2018-11-09 | 2019-02-22 | 中国平安人寿保险股份有限公司 | Single-point logging method, device, server and storage medium |
| CN110516454A (en) * | 2019-08-13 | 2019-11-29 | 苏州浪潮智能科技有限公司 | Exchange method, system, device and the computer readable storage medium of more equipment |
| CN110781482A (en) * | 2019-10-12 | 2020-02-11 | 广州酷旅旅行社有限公司 | Login method, login device, computer equipment and storage medium |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
Non-Patent Citations (1)
| Title |
|---|
| 廖露阳等: "基于Android App安全登录认证解决方案", 《现代计算机(专业版)》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113849801A (en) * | 2021-09-30 | 2021-12-28 | 中国平安财产保险股份有限公司 | Single sign-on method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
| US9923888B2 (en) | Single sign-on method for appliance secure shell | |
| JP6402198B2 (en) | Virtual machine image authentication using digital certificates | |
| US9098689B2 (en) | Efficiently throttling user authentication | |
| TWI449395B (en) | Secure digital signature system | |
| US9923906B2 (en) | System, method and computer program product for access authentication | |
| US20210234857A1 (en) | Authentication system, authentication method, and application providing method | |
| US20180020008A1 (en) | Secure asynchronous communications | |
| CN106790183A (en) | Logging on authentication method of calibration, device | |
| CN112671720B (en) | Token construction method, device and equipment for cloud platform resource access control | |
| US10678528B1 (en) | Directory schema deployment with pipelines | |
| US7559087B2 (en) | Token generation method and apparatus | |
| CN106331042B (en) | Single sign-on method and device for heterogeneous user system | |
| CN106302606B (en) | Across the application access method and device of one kind | |
| CN109861996B (en) | Block chain-based relationship proving method, device, equipment and storage medium | |
| CN109885790B (en) | Method and device for acquiring satisfaction evaluation data | |
| EP2262165A1 (en) | User generated content registering method, apparatus and system | |
| CN111143822A (en) | Application system access method and device | |
| CN110533503B (en) | Data processing method and device | |
| CN111181714A (en) | Password generation and authentication method, device, electronic equipment and medium | |
| CN110647736A (en) | Plug-in agent system login method and device, computer equipment and storage medium | |
| CN112231691A (en) | Equipment login method, device and system | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN107276966B (en) | Control method and login system of distributed system | |
| WO2022206203A1 (en) | Connection resilient multi-factor authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210115 |