CN113691519B - Off-network equipment centralized control method for unified management of access rights of cloud service - Google Patents

Off-network equipment centralized control method for unified management of access rights of cloud service Download PDF

Info

Publication number
CN113691519B
CN113691519B CN202110950307.8A CN202110950307A CN113691519B CN 113691519 B CN113691519 B CN 113691519B CN 202110950307 A CN202110950307 A CN 202110950307A CN 113691519 B CN113691519 B CN 113691519B
Authority
CN
China
Prior art keywords
network equipment
local network
authentication
network
equipment terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110950307.8A
Other languages
Chinese (zh)
Other versions
CN113691519A (en
Inventor
倪海
卢云飞
史晓江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shaanxi Green Energy Electronic Technology Co Ltd
Original Assignee
Shaanxi Green Energy Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shaanxi Green Energy Electronic Technology Co Ltd filed Critical Shaanxi Green Energy Electronic Technology Co Ltd
Priority to CN202110950307.8A priority Critical patent/CN113691519B/en
Publication of CN113691519A publication Critical patent/CN113691519A/en
Application granted granted Critical
Publication of CN113691519B publication Critical patent/CN113691519B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • H04L67/145Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application discloses an off-network equipment centralized control method for unified management of access rights of cloud services, which comprises the following steps: acquiring the operation authority of a PC end from a cloud server; after the operation authority is obtained, the PC end and the local network equipment terminal are authenticated; after authentication is passed, a local network equipment terminal opens a network port, and a PC terminal acquires network access rights; and the PC end communicates with the local network equipment terminal through an open network port. According to the off-network device centralized control method provided by the embodiment of the application, the PC end program acquires the authority from the cloud server, and then authenticates with the local network device through an encryption means, and opens the network port, so that the network access authority is acquired. The operation can reserve the account number of the operator who has left the job and limit the login of the operator, so that the problem tracing of the account number is facilitated.

Description

Off-network equipment centralized control method for unified management of access rights of cloud service
Technical Field
The application belongs to the technical field of protection of charger network equipment, and particularly relates to an off-network equipment centralized control method for unified management of access rights of cloud services.
Background
In network devices of charging systems, the network typically opens ports such as Telnet, ssh, ftp, etc. Since the devices are mass-produced, the IP address and the username password are identical. Such sensitive information is easily revealed, resulting in illegal tampering of the device. The network equipment of the charging system can be networked or not networked in normal use, so that all the equipment cannot be managed completely through the cloud platform.
Disclosure of Invention
The application aims to provide an off-network device centralized control method for unified management of access rights by cloud services, which aims to solve the problem that all devices cannot be managed through a cloud platform in the prior art.
In order to achieve the above purpose, the present application adopts the following technical scheme:
a centralized control method for off-network equipment for unified management of access rights by cloud service comprises the following steps:
acquiring the operation authority of a PC end from a cloud server;
after the operation authority is obtained, the PC end and the local network equipment terminal are authenticated;
after authentication is passed, a local network equipment terminal opens a network port, and a PC terminal acquires network access rights;
and the PC end communicates with the local network equipment terminal through an open network port.
Further, the specific way of acquiring the PC-side operation right from the cloud server is as follows:
the PC end is connected to the cloud server through a network to acquire offline running time;
the method comprises the steps that a user name and a password are input into a cloud server at a PC (personal computer) end, the cloud server checks with the user name password configured on the cloud server according to the user name and the password reported by the PC client end, the user name and the password are matched, the issued authentication passes, the PC end obtains operation permission, and the effective period of the operation permission of the PC end is the obtained offline operation time.
Furthermore, during authentication, the PC end communicates with the local network equipment terminal through a network cable by using UDP.
Furthermore, in the authentication process, the user name logged in by the PC end is also sent to the local network equipment terminal for recording.
Further, the specific mode of authentication between the PC end and the local network equipment terminal is as follows:
the method comprises the steps that a PC end sends an authentication message to a local network equipment terminal, wherein the authentication message carries an encryption key and an encryption ciphertext;
after the local network equipment terminal acquires the authentication message, decrypting the received encrypted ciphertext and checking the encrypted ciphertext with the received plaintext; and if the verification is successful, the authentication is successful, and if the verification is failed, the authentication is not responded.
Further, the specific operation of opening the network port after the authentication is passed is as follows: and the PC end periodically transmits a heartbeat packet to the local network equipment terminal, and after the local network equipment terminal receives the heartbeat packet, the network port is opened and is connected with the PC end, and meanwhile, the connection starting time is recorded.
Further, when the heartbeat connection is timed out, the local network equipment terminal closes the network port.
Furthermore, when the heartbeat of the PC end and the local network equipment terminal is disconnected and the offline running time of the PC end is used up, the communication is actively disconnected, and at the moment, the local network equipment terminal actively closes the network port.
Further, after the local network equipment terminal is started, the UDP designated port is monitored by default; and the default heartbeat is in a timeout state and the network port is in a closed state.
Further, the heartbeat packet carries a user name.
The beneficial effects of the application are as follows:
1. according to the off-network device centralized control method provided by the embodiment of the application, the PC end program acquires the authority from the cloud server, and then authenticates with the local network device through an encryption means, and opens the network port, so that the network access authority is acquired. The operation keeps the account number of the operator so as to facilitate problem tracing.
2. The off-network device centralized control method provided by the embodiment of the application provides a remote authentication means to further restrict the access authority, solves the problem that the off-network charging pile network terminal port is opened by default, and can realize the access only by authentication besides verifying a default account number and a password.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application. In the drawings:
fig. 1 is a schematic workflow diagram of a centralized control method for off-network devices according to an embodiment of the present application.
Fig. 2 is a flowchart illustrating the operation of the network terminal of the charging pile according to the embodiment of the present application.
Detailed Description
The application will be described in detail below with reference to the drawings in connection with embodiments. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other.
The following detailed description is exemplary and is intended to provide further details of the application. Unless defined otherwise, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the application.
The embodiment of the application provides a centralized control method for off-network equipment for unified management of access rights by cloud service, which aims at solving the problem of local network access authorization of off-network equipment, and has the core principle that: the PC acquires the authority from the cloud server, then authenticates with the local network equipment terminal through an encryption means, opens a network port after the authentication passes, and acquires the network access authority. The off-network equipment centralized control method provided by the embodiment of the application can keep the account numbers of the off-duty operators so as to facilitate problem tracing.
As shown in fig. 1, in this embodiment, a charging pile network terminal is taken as an example of a local network device terminal to explain in detail, and the method specifically includes the following steps:
the first step: the maintainer uses the application of the PC end to connect to the cloud server through the network on the notebook computer to acquire the offline running time (namely the validity period of fig. 1). The PC side provides a user name and a password to log in the cloud server through a network, and the cloud server checks the user name and the password configured on the cloud server according to the user name and the password reported by the PC side. After the user name and the password are matched, the cloud server issues authentication to pass, so that the PC end can be further operated; otherwise, authentication fails.
And a second step of: after authentication is passed, the PC end communicates with the charging pile network terminal through the network cable by using a UDP communication protocol, and simultaneously, the user name logged in by the PC end is transmitted to the charging pile network terminal (used for recording).
Specifically, the authentication of the PC end and the charging pile network terminal is realized by that the charging pile network terminal decrypts the received ciphertext and checks the received plaintext according to a self-defined encryption algorithm after acquiring the authentication message according to the authentication message (carrying an encryption key and an encryption ciphertext) sent by the PC end, the authentication is successfully returned, and the check is not successfully performed.
Decrypting the received ciphertext according to a custom encryption algorithm, such as: an AES encryption policy, a 3DES encryption policy, an MD5 encryption policy, and the like are adopted.
Example 1: an AES encryption strategy is employed.
The key adopts 128 bits, and the storage sequence of the 128 bits of keys in the message is defined (for example, the storage position is from the 4 th byte to the 19 th byte, the 1 st byte is started, and one byte is stored every 1 byte).
The key is encrypted by adopting the key, and then the encrypted ciphertext storage position is customized (the principle is the same as A).
The receiver decrypts the obtained ciphertext according to the self-defined sequence, and then checks the secret key of the plaintext with the decrypted secret key.
Example 2: an MD5 encryption strategy is employed.
The length of the plaintext and the sequence of storing the plaintext are defined according to the requirement.
Encrypting the plaintext through MD5 encryption to obtain an MD5 value (16 bytes), and customizing the storage position of the ciphertext.
The receiver takes out the plaintext and the ciphertext according to the convention, encrypts the plaintext through MD5 encryption, and then checks with the obtained ciphertext.
And a third step of: and after the authentication is successful, the heartbeat is utilized to enable the charging pile network terminal to actively open a protected network port (such as ftp, telnet, ssh and the like).
Fourth step: and when the PC end is disconnected from the heartbeat of the charging pile network terminal, actively disconnecting communication when the validity period of the PC end is over. At this time, the charging pile network terminal actively closes the port (the protected network port is inaccessible at this time)
As shown in fig. 2, the operation flow chart of the charging pile network terminal has the following working principle:
1) After the charging pile network terminal is started, the UDP designated port is monitored by default.
2) The default heartbeat is timeout due to power on. The network port default protection is therefore off and in an inaccessible state.
3) When the PC tries to connect by adopting the UDP data packet with the fixed format, the terminal receives the data for verification. If the authentication message is met and the authentication result is passed, the response authentication is passed.
4) After the PC side obtains the authentication, the heartbeat package (the heartbeat carries the user name) is periodically sent.
5) And after the heartbeat received by the terminal is normal, opening the network port (in an accessible state), and recording the connection starting time. When the heartbeat times out, the terminal will again close the network port (in an inaccessible state) and record the disconnection time.
It will be appreciated by those skilled in the art that the present application can be carried out in other embodiments without departing from the spirit or essential characteristics thereof. Accordingly, the above disclosed embodiments are illustrative in all respects, and not exclusive. All changes that come within the scope of the application or equivalents thereto are intended to be embraced therein.

Claims (6)

1. The centralized control method for the off-network equipment for uniformly managing the access rights by the cloud service is characterized by comprising the following steps of:
acquiring the operation authority of a PC end from a cloud server;
after the operation authority is obtained, the PC end and the local network equipment terminal are authenticated;
after authentication is passed, a local network equipment terminal opens a network port, and a PC terminal acquires network access rights;
the PC end communicates with a local network equipment terminal through an open network port;
the specific mode for acquiring the PC end operation permission from the cloud server is as follows:
the PC end is connected to the cloud server through a network to acquire offline running time;
the method comprises the steps that a user name and a password are input into a cloud server at a PC (personal computer) end, the cloud server checks with the user name password configured on the cloud server according to the user name and the password reported by the PC client end, the user name and the password are matched, the issued authentication passes, the PC end obtains operation permission, and the effective period of the operation permission of the PC end is the obtained offline operation time;
the specific operation of opening the network port of the local network equipment terminal after the authentication is passed is as follows: the PC end periodically sends a heartbeat packet to the local network equipment terminal, and after the local network equipment terminal receives the heartbeat packet, the network port is opened and is connected with the PC end, and meanwhile, the connection starting time is recorded;
when the heartbeat connection is over time, the local network equipment terminal closes the network port;
and when the heartbeat of the PC end and the local network equipment terminal is disconnected, the communication is actively disconnected when the offline running time of the PC end is used up, and at the moment, the local network equipment terminal actively closes the network port.
2. The centralized control method for off-network devices for unified management of access rights by cloud services according to claim 1, wherein during authentication, the PC end communicates with a local network device terminal through a network cable by using UDP.
3. The centralized control method for off-network devices for unified management of access rights by cloud service according to claim 2, wherein in the authentication process, a user name logged in by the PC end is also sent to the local network device terminal for recording.
4. The centralized control method for off-network devices for unified management of access rights by cloud services according to claim 2, wherein the specific mode of authentication of the PC side and the local network device terminal is as follows:
the method comprises the steps that a PC end sends an authentication message to a local network equipment terminal, wherein the authentication message carries an encryption key and an encryption ciphertext;
after the local network equipment terminal acquires the authentication message, decrypting the received encrypted ciphertext and checking the encrypted ciphertext with the received plaintext; and if the verification is successful, the authentication is successful, and if the verification is failed, the authentication is not responded.
5. The method for centralized control of off-network devices for unified management of access rights by cloud services according to claim 1, wherein after a local network device terminal is started, a User Datagram Protocol (UDP) designated port is monitored by default; and the default heartbeat is in a timeout state and the network port is in a closed state.
6. The centralized control method for off-network devices for unified management of access rights by cloud services according to claim 1, wherein the heartbeat packet carries a user name.
CN202110950307.8A 2021-08-18 2021-08-18 Off-network equipment centralized control method for unified management of access rights of cloud service Active CN113691519B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110950307.8A CN113691519B (en) 2021-08-18 2021-08-18 Off-network equipment centralized control method for unified management of access rights of cloud service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110950307.8A CN113691519B (en) 2021-08-18 2021-08-18 Off-network equipment centralized control method for unified management of access rights of cloud service

Publications (2)

Publication Number Publication Date
CN113691519A CN113691519A (en) 2021-11-23
CN113691519B true CN113691519B (en) 2023-09-01

Family

ID=78580510

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110950307.8A Active CN113691519B (en) 2021-08-18 2021-08-18 Off-network equipment centralized control method for unified management of access rights of cloud service

Country Status (1)

Country Link
CN (1) CN113691519B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004193984A (en) * 2002-12-11 2004-07-08 Nippon Telegr & Teleph Corp <Ntt> Communication system, communication method, server, communication terminal, program and recording medium
CN101772022A (en) * 2008-12-31 2010-07-07 华为终端有限公司 Method, device and system for controlling access to network terminal
WO2010124490A1 (en) * 2009-04-30 2010-11-04 中兴通讯股份有限公司 Wireless local area network authentication and privacy infrastructure certificate obtaining method and system
JP2011076377A (en) * 2009-09-30 2011-04-14 Hitachi Solutions Ltd Terminal device and access control policy obtaining method in the terminal device
JP2012043208A (en) * 2010-08-19 2012-03-01 Dainippon Printing Co Ltd Security management system, information processor, offline device, security management method, and program
WO2018196329A1 (en) * 2017-04-27 2018-11-01 中兴通讯股份有限公司 Access device, authentication server, and method and system for controlling access of terminal device
CN109614781A (en) * 2018-11-12 2019-04-12 平安科技(深圳)有限公司 A kind of account management method, system and terminal device
JP2019179579A (en) * 2019-07-02 2019-10-17 富士ゼロックス株式会社 Document management system, processing apparatus, and management apparatus

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6123353B2 (en) * 2013-02-28 2017-05-10 日本電気株式会社 Document authority management system, terminal device, document authority management method, and program

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004193984A (en) * 2002-12-11 2004-07-08 Nippon Telegr & Teleph Corp <Ntt> Communication system, communication method, server, communication terminal, program and recording medium
CN101772022A (en) * 2008-12-31 2010-07-07 华为终端有限公司 Method, device and system for controlling access to network terminal
WO2010124490A1 (en) * 2009-04-30 2010-11-04 中兴通讯股份有限公司 Wireless local area network authentication and privacy infrastructure certificate obtaining method and system
JP2011076377A (en) * 2009-09-30 2011-04-14 Hitachi Solutions Ltd Terminal device and access control policy obtaining method in the terminal device
JP2012043208A (en) * 2010-08-19 2012-03-01 Dainippon Printing Co Ltd Security management system, information processor, offline device, security management method, and program
WO2018196329A1 (en) * 2017-04-27 2018-11-01 中兴通讯股份有限公司 Access device, authentication server, and method and system for controlling access of terminal device
CN109614781A (en) * 2018-11-12 2019-04-12 平安科技(深圳)有限公司 A kind of account management method, system and terminal device
JP2019179579A (en) * 2019-07-02 2019-10-17 富士ゼロックス株式会社 Document management system, processing apparatus, and management apparatus

Also Published As

Publication number Publication date
CN113691519A (en) 2021-11-23

Similar Documents

Publication Publication Date Title
US8904178B2 (en) System and method for secure remote access
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
EP2328319B1 (en) Method, system and server for realizing the secure access control
CN1992722B (en) System and method for controlling security of a remote network power device
US7853783B2 (en) Method and apparatus for secure communication between user equipment and private network
CN201194396Y (en) Safe gateway platform based on transparent proxy gateway
US20130332724A1 (en) User-Space Enabled Virtual Private Network
US20110170696A1 (en) System and method for secure access
US20080141360A1 (en) Wireless Linked Computer Communications
CN111918284B (en) Safe communication method and system based on safe communication module
JP2007323553A (en) Adapter device performing encrypted communication on network and ic card
KR20070012266A (en) Information communication system, information communication apparatus and method, and computer program
EP2706717A1 (en) Method and devices for registering a client to a server
US20080244716A1 (en) Telecommunication system, telecommunication method, terminal thereof, and remote access server thereof
CN110266725A (en) Cryptosecurity isolation module and mobile office security system
JPH10242957A (en) User authentication method, system therefor and storage medium for user authentication
CN110890959B (en) Account encryption method, system and device
CN113691519B (en) Off-network equipment centralized control method for unified management of access rights of cloud service
CN115865907A (en) Secure communication method between desktop cloud server and terminal
US20050044379A1 (en) Blind exchange of keys using an open protocol
CN111091204A (en) Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium
CN102148704A (en) Software implementation method for universal network management interface of safe switch
CN110853186A (en) Bluetooth access control system and unlocking method thereof
WO2024001885A1 (en) Data transmission method, electronic device and computer storage medium
CN118157858A (en) Key information processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant