CN114567553A - Equipment network access method and device based on industrial Internet identification analysis system - Google Patents

Equipment network access method and device based on industrial Internet identification analysis system Download PDF

Info

Publication number
CN114567553A
CN114567553A CN202210096726.4A CN202210096726A CN114567553A CN 114567553 A CN114567553 A CN 114567553A CN 202210096726 A CN202210096726 A CN 202210096726A CN 114567553 A CN114567553 A CN 114567553A
Authority
CN
China
Prior art keywords
client
identification
identification code
configuration
industrial internet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210096726.4A
Other languages
Chinese (zh)
Inventor
杨伟华
朱元森
艾忠清
王舜
张文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongfeng Communication Technology Co ltd
Original Assignee
Dongfeng Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongfeng Communication Technology Co ltd filed Critical Dongfeng Communication Technology Co ltd
Priority to CN202210096726.4A priority Critical patent/CN114567553A/en
Publication of CN114567553A publication Critical patent/CN114567553A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a device networking method and device based on an industrial Internet identification analysis system, wherein the method comprises the following steps: confirming a client identification code and a format thereof, wherein the identification code comprises corresponding client identification information and a client configuration identification record; when the client identification code conforms to the industrial Internet identification code standard, acquiring analysis information of the identification code through an industrial Internet identification analysis system according to the identification code; and carrying out trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client. By the method, the industrial internet identification code can be used as the unique determining condition of the network access equipment, or the uniqueness of the equipment identification code and other conditions are combined to be used as the judging condition of the network access of the equipment, and the safety configuration and management efficiency of equipment access are improved by utilizing the identification analysis platform and the network access configuration interface platform.

Description

Equipment network access method and device based on industrial Internet identification analysis system
Technical Field
The present application relates to the field of communications technologies and the field of device networking technologies, and in particular, to a device networking method and apparatus based on an industrial internet identity resolution system.
Background
In the communication field, the traditional device network access method is to configure through a console port and a network RJ45 interface (default management IP) of a device through a super terminal or a WEB management interface, or to perform binding and authorization management after accessing a core device through a device secondary handshake, so as to achieve the purpose of authorized network access of the device.
However, either approach requires a technician to perform the underlying configuration at the time of device access. When the Console port is registered and configured for access, a technician is required to manage the site through a management serial port line registration device. When the configuration access is logged in through the Web management interface, the configuration is logged in through a notebook configuration default management IP to perform configuration, and equipment authentication needs to be restarted. When sending the access management message and performing secondary handshake to confirm configuration by logging in the core equipment, the field terminal equipment accesses the network by sending the handshake message after physically accessing the network, and the network administrator verifies and confirms the configuration or issues the configuration to complete authorized access. And when other intelligent terminals are accessed or OT equipment is accessed, the authorized safe access is completed through configuration modes such as MAC binding and the like by a network administrator according to the equipment list and the background. Under the condition of field configuration of technicians, the configuration can be successfully performed only by matching software, hardware and the cooperation of the technicians, so that the network access configuration efficiency of the whole equipment is low, the timeliness is poor, and the later maintenance cost is high.
Under the environment of everything interconnection, along with the increase of network access equipment kind and quantity, especially thing networking intelligent terminal, OT equipment access network's demand increase, because thing networking equipment is mostly interface-free, need handheld terminal or cell-phone APP auxiliary configuration, above-mentioned traditional equipment network entry technique can not satisfy the requirement of quick, safe access, and can not satisfy the timely management change demand realization that the terminal position change brought, appears the management leak easily.
Disclosure of Invention
The disclosure provides a device networking method and device based on an industrial internet identification analysis system, aiming at the problems in the prior art. The method is a device access method based on an industrial interconnection table identification analysis system, and in the method, the uniqueness and the non-tampering property of identification analysis can ensure the safety and the credibility of analysis data, which provides a foundation for the safety and the credibility access of ubiquitous network devices. And the security configuration and management efficiency of equipment access can be greatly improved by utilizing the identifier analysis platform and accessing the configuration interface platform through the network.
A first aspect of the present disclosure provides an embodiment of a device network access method based on an industrial internet identity parsing system, where when the method is applied to a device network access method that uses a client identity code as a determination condition for client network access, the method includes:
Confirming the client identification code and the format thereof, wherein the identification code comprises corresponding client identification information and a client configuration identification record;
when the client identification code conforms to the industrial Internet identification code standard, acquiring analysis information of the identification code according to the identification code through an industrial Internet identification analysis system;
and carrying out trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client.
In some embodiments, the applying to the device network entry using the client identification code as the determination condition of the client network entry includes:
when the client identification code is an industrial Internet identification code, the client identification code is used as a uniqueness determining condition of the client network access configuration; or the like, or a combination thereof,
when the client identification code is an industrial internet identification code, taking the client identification code as one of the determining conditions of the client network access configuration, wherein the determining conditions at least comprise: and combining the client identification code with other conditions to serve as a uniqueness determining condition of the client network access configuration.
In some embodiments, the configuration identifier record corresponds to the configuration requirement of the client, and at least comprises network configuration elements, and is generated by applying a reserved byte record storage position definition network client configuration dictionary.
In some embodiments, the method further comprises: carrying out periodic polling according to the identification codes through a network management platform; or, actively inquiring through the network management platform according to the identification code.
In some embodiments, the method further comprises: and sending a query request to a public recursive analytic node through the industrial Internet identifier analytic system, wherein the query request at least comprises the client configuration identifier record.
In some embodiments, the method further comprises: determining a preset byte of the client configuration identification record according to the identification code comprising corresponding client identification information and a client configuration identification record;
and acquiring a configuration requirement corresponding to the client determined by the industrial Internet identifier analysis system from a preset byte of the client configuration identifier record, wherein the configuration requirement corresponds to the client identifier information.
In some embodiments, the method further comprises: by defining or modifying the client configuration identification record, the configuration requirements and/or the configuration mode of the client can be determined or changed.
In some embodiments, the method further comprises: and writing the client configurations of different standards in cooperation with an industry application dictionary reserved in the industrial Internet identifier.
In some embodiments, the method further comprises:
generating an identification record through the definition of the industrial Internet identification standard, wherein the identification record is a preset byte in the client identification configuration record;
writing the identification record into the client identification configuration record, and generating an initial client identification code;
acquiring analysis information of the initial client identification code through the industrial internet identification analysis system;
confirming the network access configuration requirement to be accessed by the client and the upper-level core equipment through the analysis information of the initial client identification code;
and generating a security configuration document according to the network access configuration requirement and the upper-level core equipment, and configuring.
A second aspect of the present disclosure provides an apparatus for accessing a network based on an industrial internet identity resolution system, which is applied to any possible implementation method of the first aspect, and the apparatus includes:
The system comprises a confirmation unit, a processing unit and a display unit, wherein the confirmation unit is used for confirming a client identification code and a format thereof, and the identification code comprises corresponding client identification information and a client configuration identification record;
the acquisition unit is used for acquiring the analysis information of the identification code according to the identification code through an industrial Internet identification analysis system when the client identification code conforms to the industrial Internet identification code standard;
and the processing unit is used for carrying out trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client.
A third aspect of the present disclosure provides an apparatus comprising: a memory for storing processor-executable instructions; a processor coupled to the memory; wherein the processor is configured to perform the method of any possible implementation of the first aspect.
A fourth aspect of the disclosure provides an apparatus that, when executed by a processor of a computer, enables the computer to perform the method as any possible implementation of the first aspect.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
by the method, the identification analysis platform can be utilized, the interface platform is configured by means of network access, the safety configuration and management efficiency of equipment access are greatly improved, and the hidden network safety access danger caused by untimely or error matching of equipment managers and field personnel/technicians is prevented. In addition, through the dictionary of the industry application reserved in the standard identification, the uncertainty and the maintenance cost of the terminal configuration of different brands can be eliminated, and the operation, maintenance and management efficiency is improved.
Drawings
The present disclosure will be described in further detail below with reference to the drawings and preferred embodiments, but those skilled in the art will appreciate that the drawings are only drawn for the purpose of illustrating the preferred embodiments and should not be taken as limiting the scope of the present disclosure.
FIG. 1 is a schematic diagram of an industrial Internet identity resolution architecture framework shown in accordance with an exemplary embodiment;
FIG. 2 is a diagram illustrating a process of an Internet identity resolution service in accordance with one illustrative embodiment;
FIG. 3 is a flow diagram illustrating Internet identified device networking in accordance with an illustrative embodiment;
FIG. 4 is a flowchart illustrating a method for identity resolution device networking, according to another example embodiment;
fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an apparatus provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The industrial internet identification analysis system comprises elements such as an international root node, a national top level node, a secondary node, an enterprise node and a public recursive analysis node, and is shown in figure 1, wherein figure 1 is a schematic diagram of an industrial internet identification analysis system framework and mainly comprises identification data and an identification analysis service two plates. In the identification analysis service, the international root node refers to a service node at the highest level of the identification analysis system, is not limited to a specific country or region, and provides public root zone data management and root analysis service for the global scope.
The national top level node is not only an external interconnected international gateway, but also an internal overall core hub, is a top level identification service node in a country or a region, and can provide top level identification analysis service, identification filing, identification authentication and other management capabilities for the national range. The national top level node is not only communicated with international root nodes of various identification analysis systems, but also communicated with various domestic second level and other identification service nodes below.
The secondary node is an identification analysis public service node in an industry or region, and can provide identification code registration and identification analysis services for the industry or region, complete relevant identification service management, identification application docking and the like. The secondary node is not only upwards butted with the national top level node, but also downwards distributes identification codes for industrial enterprises, provides identification registration, identification analysis, identification data service and the like, and simultaneously meets the requirements on safety, stability, expansibility and the like. Each secondary node is assigned a unique secondary node identification prefix by the national top level node.
The enterprise node is an identification analysis service node in an enterprise, and can provide identification code registration and identification analysis service for a specific enterprise. The enterprise nodes can be independently deployed and can also be used as the constituent elements of an enterprise information system. Each enterprise node is assigned with a unique enterprise node identification prefix by a secondary node, the content of the identification suffix is defined and assigned by an enterprise, and the enterprise node identification prefix and the identification suffix form a complete industrial internet identification.
The public recursive analysis node is a key entry facility of the identification analysis system, and the overall service performance can be improved through technical means such as caching. When an identifier analysis request of a client is received, the public recursion analysis node firstly checks whether a local cache has a query result of the identifier, if not, the public recursion analysis node queries through a response path returned by the identifier analysis server until an address or information associated with the identifier is finally queried, returns the address or information to the client and caches the request result.
Therefore, in the method of the present disclosure, the top-level nodes of the country, the second-level nodes, and the enterprise nodes are all identification resolution nodes, and can process the identification resolution request sent by the recursive resolution node (i.e., the common recursive resolution node), and return the processing result (i.e., the queried address information) to the recursive resolution node.
It should be noted that the industrial internet identification analysis system mainly comprises an identification distribution management system and an identification analysis system, and the identification codes are unique to the machine and article identification cards and are managed in a step-by-step distribution hierarchical mode. In the whole process of the identifier resolution, as shown in the schematic process diagram of the identifier resolution shown in fig. 2, the query trigger of the identifier resolution may come from different forms such as an enterprise information system, an industrial internet platform, an industrial internet APP, and the like. The enterprise information system, the industrial internet platform, the industrial internet APP and the like can serve as clients to send query requests to the public recursive analytic nodes, after the public recursive analytic nodes receive the query requests, the public recursive analytic nodes sequentially query the identification in analytic servers corresponding to the national top level node, the national second level node and the enterprise node, the analytic information returned by each node is received by the public recursive analytic nodes as intermediaries, and finally the public recursive analytic nodes return the identification analytic information to the clients.
The method disclosed by the invention is a device access method based on an industrial interconnection table identification analysis system.
In a first aspect of the present disclosure, an embodiment of a device network entry method based on internet identity is provided, as shown in a flowchart in fig. 3, when the method is applied to a device network entry method that uses a client identity code as a determination condition for client network entry, the method includes:
S310: confirming a client identification code and a format thereof, wherein the identification code comprises corresponding client identification information and a client configuration identification record;
s320: when the client identification code conforms to the industrial Internet identification code standard, acquiring analysis information of the identification code according to the identification code through an industrial Internet identification analysis system;
s330: and performing trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client.
In the method, the client identification codes are coded in advance through a format conforming to an industrial Internet identification analysis system. The client identification code is used as the unique identification of the client, and information corresponding to the client configuration is also generated in advance to be used for configuring the client into the network, so that the client identification code at least comprises corresponding client identification information and a client configuration identification record.
And acquiring and confirming the client identification code and the code format thereof. And judging whether the format of the identification code meets the industrial Internet identification code standard or not, and further acquiring the analysis information of the identification code through an industrial Internet identification analysis system. The resolution information includes at least two aspects, one is the content of the client identification information resolution, and one is the content of the client configuration identification record.
And finally, performing trusted access processing according to the client information in the analysis information and the client configuration requirement. And further, automatic judgment of network access of the equipment is realized, and relevant strategies of the network access equipment are issued and configured according to the configuration information of the client. The related strategy for configuring the network access can be to configure the client to the network access or to configure the client to the network access for changing.
In some embodiments, when applied to the device network access method using the client identification code as the determined condition for the client network access, the method comprises the following steps:
when the client identification code is an industrial Internet identification code, the client identification code is used as a uniqueness determining condition of the client network access configuration; or the like, or a combination thereof,
when the client identification code is an industrial internet identification code, taking the client identification code as one of the determination conditions of the client network access configuration, wherein the determination conditions at least comprise: and combining the client identification code with other conditions to serve as a uniqueness determination condition of the client network access configuration.
The industrial internet identification code configured by the client device in the disclosure is used as a unique condition of the network access client, and the uniqueness of the client identification code can be used as a unique judgment condition for the automatic network access of the client. The industrial internet identification code configured by the client device in the present disclosure may also be one of the uniqueness conditions of the network access client, that is, the uniqueness of the client identification code is combined with other conditions to be the only judgment condition for network access of the device, so the industrial internet identification code configured by the client device may also be used as an addition condition for network access of the client device under certain circumstances, and may be combined with other network access conditions of the client device.
By the method, the client information (including the client identification information and the client configuration identification record) is encoded according to the industrial Internet identification encoding standard, and is analyzed by the industrial Internet identification analysis system to meet the automatic configuration requirement of the client, so that the safety configuration and management efficiency of the client or equipment can be greatly improved.
In some embodiments, the configuration identifier record corresponds to the configuration requirement of the client, and at least comprises network configuration elements, and is generated by applying a reserved byte record storage position definition network client configuration dictionary.
The method utilizes the industrial internet identification analysis technology and system, is matched with a standard industrial white paper, defines a network terminal configuration dictionary by applying a reserved byte record storage position in the identification analysis industry, generates a client configuration identification record in advance by a daily manager of network equipment according to the conditions of terminal network access, position change or user use, and contains network configuration elements in the configuration identification record.
The client side adopting the industrial Internet identification code as one of the network access conditions has the required configuration requirement, namely the client side configuration identification is recorded in a database corresponding to an enterprise node of the industrial Internet identification analysis system for storage.
The client configuration identifier record at least comprises the following configuration requirements corresponding to the client: the configured logic, the access authority, the access rule, the security policy, the network policy and other network configuration elements.
Further, a client configuration identifier record containing the information is formed and only one preset byte of the client configuration identifier record is occupied.
The preset bytes containing the client configuration identification record are recorded in an identification analysis record recorded by a client administrator, namely analysis information of the client identification code is further stored in a database corresponding to the enterprise node. The identification analysis record not only contains the client configuration identification record, but also contains client identification information and analysis information corresponding to the whole client identification code. The identification analysis record is accessed to the interface client through the identification analysis client, and the information is converted into data of an identification analysis field agreed by industry according to a preset data dictionary.
After the client accesses the configuration platform to poll and inquire the activity data, the identification code is reversely translated into a configuration requirement document used normally, and the actual configuration is issued through the management platform to complete the access configuration of the equipment terminal, so that the non-inductive access is realized.
In some embodiments, the manner of obtaining the parsing information of the identification code according to the identification code includes: carrying out periodic polling according to the identification codes through a network management platform; or, actively inquiring through the network management platform according to the identification code.
After the client identification code is confirmed, the client configuration requirement can be queried in two ways, namely, periodic polling or active querying through a network management platform.
The periodic polling is to periodically query the identifier analysis database through a network management platform in a circulating manner to determine whether new configuration records of the managed device exist. The periodicity is that the program running in the background circularly queries the relevant configuration record according to the set time interval of the timer. If the configuration record of the database at the corresponding client is analyzed by the identifier, the record is extracted and translated and then is used for issuing to finish the automatic configuration of the equipment access. Meanwhile, the network configuration platform is a management platform used in an enterprise, through the management platform, the network management platform does not need to be directly connected with the enterprise node in a butt joint mode, the strategy polling of identification is carried out through a public recursion analysis node of an identification analysis system, and when the target enterprise node is polled, required data are obtained from a database corresponding to the enterprise node. Therefore, the information corresponding to the identification code can be acquired through the network reachable route, and compared with the method for directly acquiring the data by butting the enterprise nodes, the method for acquiring and reading the data is more timely and has lower cost.
And in addition, active query is carried out through the network management platform according to the identification codes, and the mode is more similar to the triggering query brought by the identification codes. When the client initiates the identifier analysis query, the network management platform directly triggers the public recursive analysis node of the identifier analysis system to directly perform active query according to the identifier code after receiving the identifier code. The method can find and obtain the record of the destination node through the identification analysis system, and has the purpose.
In the present disclosure, regardless of the query method, data is queried from a database corresponding to an enterprise node. And the corresponding configuration requirements of the client are stored in a database corresponding to the enterprise node in advance. When the configuration requirement of the corresponding client is changed, the related change information and the updated configuration requirement are also stored in the database corresponding to the enterprise node.
In some embodiments, the method further comprises: and sending a query request to a public recursive analytic node through the industrial Internet identifier analytic system, wherein the query request at least comprises the client configuration identifier record.
In the present disclosure, the query request carries a client identifier code, and the client identifier code at least carries a client configuration identifier record.
After the identification code of the client triggers the operation of the query request through the network management platform, the public recursive analysis node receives the corresponding query request, and then the whole industrial internet identification analysis system queries layer by layer according to the query request. The query request at least comprises a corresponding query mode and a client configuration identification record so as to match a corresponding client configuration network access requirement. The client can be an enterprise information system, an industrial internet platform or an industrial internet APP and the like.
After the inquiry request of the public recursion analysis node client, firstly inquiring the identifier in an analysis server of the national top level node, and returning the address information of the second level node of the identifier to the public recursion analysis node. And the public recursion analysis node queries in an analysis server of the secondary node according to the address information and receives address information of the enterprise node returned by the secondary node. And the public recursion analysis node inquires the identifier in an analysis server of the enterprise node according to the address information of the enterprise node and receives identifier analysis information returned by the enterprise node. And finally, the public recursive analysis node returns the identification analysis information to the management platform and the corresponding client.
In some embodiments, the method further comprises: determining a preset byte of the client configuration identification record according to the identification code comprising corresponding client identification information and a client configuration identification record; and acquiring a configuration requirement corresponding to the client determined by the industrial Internet identity analysis system from preset bytes of the client configuration identity record, and corresponding to the client identity information.
In the method disclosed by the disclosure, the configuration requirement information of the client is prestored in the data corresponding to the enterprise node, wherein the configuration requirement is recorded in the preset bytes of the configuration identification record of the client. And determining the configuration requirement corresponding to the client from the preset byte of the configuration identification record of the client through the network management platform from the enterprise node, and matching the configuration requirement with the client identification information.
After data information corresponding to the client configuration identification record is obtained from the enterprise node by the industrial internet identification analysis system, the query result and the data information corresponding to the client configuration identification record are fed back to the public recursive analysis node, and then are synchronized to the network management platform and the corresponding client. When data information corresponding to the client configuration identifier record is inquired through an industrial internet identifier analysis system, the data information needs to be matched with the client identifier information so as to ensure that the configuration requirement corresponding to the client is timely synchronous with the client identifier information and to help timely and effectively complete configuration network access operation.
In some embodiments, the method further comprises: by defining or modifying the client configuration identification record, the configuration requirements and/or the configuration mode of the client can be determined or changed.
The configuration requirements referred to herein are synonymous with the configuration requirements in any of the above methods, i.e., the configuration requirements include at least: the information of the configured logic, the access authority, the access rule, the security policy, the network policy and other network configuration elements. The configuration mode referred to herein may be that the client configures the access to the network, or that the client changes the access.
In this embodiment, when initial access or modified access needs to be performed on any client, the definition or modification of the client configuration identifier record can be completed only by performing definition or modification of the configuration requirement in the preset byte in the client identifier configuration record, thereby implementing modification of the client configuration mode. Likewise, the autonomous definition of the configuration requirements may also be accomplished by the client identifying modifications and definitions in preset bytes in the configuration record.
And the result of the client configuration response can be uniformly confirmed and monitored through the network management platform.
In some embodiments, the method further comprises: and in cooperation with an industry application dictionary reserved in the industrial Internet identifier, the client configurations of different standards are written, so that the uncertainty and the maintenance cost of terminal configurations of different brands can be eliminated.
In other embodiments, the method further comprises:
generating an identification record through the definition of the industrial Internet identification standard, wherein the identification record is a preset byte in the client identification configuration record;
writing the identification record into the client identification configuration record, and generating an initial client identification code;
acquiring analysis information of the initial client identification code through the industrial Internet identification analysis system;
confirming the network access configuration requirement to be accessed by the client and the upper-level core equipment through the analysis information of the initial client identification code;
and generating a security configuration document according to the network access configuration requirement and the upper-level core equipment, and configuring.
The method of the present disclosure involves initial network access and network access change of the client. When the client performs initial access and access change, a client manager defines an identification record according to the industry standard in the identification resolution system and generates a corresponding client identification code.
According to the method of any of the above embodiments, the query is performed by an identity resolution system. Of course, the client administrator may also manually trigger the query when the client network device is physically powered on and installed. When the analysis information corresponding to the client identification code is obtained, the network access configuration parameters of the client and the upper-level core equipment can be determined through the analysis information. Finally, the client management platform translates the client network access configuration parameters and the upper-level core equipment into security configuration documents to complete the operation of automatic configuration.
In other embodiments, as shown in fig. 4, when the device is initially accessed and accessed to be changed, a device administrator generates an identifier record according to the definition of the device access configuration standard in the industry in the identifier resolution system, and uploads the identifier record to the enterprise node database. In addition, the device management personnel can also pass the newly added or modified identification records through the identification record inlet interface device and synchronously upload the identification records to the enterprise node database.
The network device accesses the configuration interface or the management platform through polling, or the terminal network device manually/automatically initiates an analysis query to trigger the platform to query the identifier analysis record of the device or the new device from the identifier analysis system through polling, namely the analysis information of the device identifier code. The network access configuration parameters brought in by the analysis and record and the accessed upper-level core equipment are translated into the security configuration document according to the conditions of different brands of terminals and the upper-level core equipment by the platform, and the security configuration document is automatically configured/issued, so that the non-inductive access of the equipment is completed, the operation and maintenance efficiency and the management efficiency are improved, and the security of the network access is improved.
A second aspect of the present disclosure provides an apparatus networking device based on an industrial internet identity resolution system, which is applied to any possible implementation method of the first aspect, where the apparatus shown in fig. 5 includes: the system comprises a confirmation unit, a processing unit and a display unit, wherein the confirmation unit is used for confirming a client identification code and a format thereof, and the identification code comprises corresponding client identification information and a client configuration identification record; the acquisition unit is used for acquiring the analysis information of the identification code according to the identification code through an industrial internet identification analysis system when the client identification code conforms to the industrial internet identification code standard; and the processing unit is used for carrying out trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client.
It should be noted that, for the implementation principle of the device networking apparatus 110 based on the industrial internet identity resolution system, reference may be made to the implementation principle of the device networking method based on the industrial internet identity resolution system, and details are not described herein again. It should be understood that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity or may be physically separated. And these modules can be realized in the form of software called by processing element; or can be implemented in the form of hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware.
A third aspect of the disclosure provides an apparatus comprising: a memory for storing processor-executable instructions; a processor coupled to the memory; wherein the processor is configured to perform the method of any possible implementation of the first aspect.
A fourth aspect of the disclosure provides an apparatus that, when executed by a processor of a computer, enables the computer to perform the method as any possible implementation of the first aspect.
Fig. 6 is a block diagram illustrating an apparatus 600 in accordance with an example embodiment. The method or apparatus according to embodiments of the present disclosure may also be implemented by means of an architecture of a computing device. Fig. 6 shows a schematic diagram of an architecture of an exemplary computing device, according to an embodiment of the present disclosure. As shown in fig. 6, the computing device 600 may include a bus 601, one or more CPUs 602, a Read Only Memory (ROM)603, a Random Access Memory (RAM)604, a communication port 605 connected to a network, an input/output component 606, a hard disk 607, and the like. A storage device in the computing device 600, such as the ROM603 or the hard disk 607, may store various data or files used for processing and/or communication of the data processing method based on inter-node data sharing provided by the present disclosure and program instructions executed by the CPU. Computing device 600 may also include a user interface 608. Of course, the architecture shown in FIG. 6 is merely exemplary, and one or more components of the computing device shown in FIG. 6 may be omitted when implementing different devices, as desired.
According to yet another aspect of the present disclosure, there is also provided a computer-readable storage medium. The computer storage medium has computer-readable instructions stored thereon. When the computer readable instructions are executed by the processor, the data processing method based on the data sharing between the nodes according to the embodiment of the present disclosure described with reference to the above drawings may be performed. The computer-readable storage medium includes, but is not limited to, volatile memory and/or non-volatile memory, for example. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc.
Those skilled in the art will appreciate that the disclosure of the present disclosure is susceptible to numerous variations and modifications. For example, the various devices or components described above may be implemented in hardware, or may be implemented in software, firmware, or a combination of some or all of the three.
Further, while the present disclosure makes various references to certain elements of a system according to embodiments of the present disclosure, any number of different elements may be used and run on a client and/or server. The units are illustrative only, and different aspects of the systems and methods may use different units.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Accordingly, each module/unit in the above embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present disclosure is not limited to any specific form of combination of hardware and software.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The foregoing is illustrative of the present disclosure and is not to be construed as limiting thereof. Although a few exemplary embodiments of this disclosure have been described, those skilled in the art will readily appreciate that many modifications are possible in the exemplary embodiments without materially departing from the novel teachings and advantages of this disclosure. Accordingly, all such modifications are intended to be included within the scope of this disclosure as defined in the claims. It is to be understood that the foregoing is illustrative of the present disclosure and is not to be construed as limited to the specific embodiments disclosed, and that modifications to the disclosed embodiments, as well as other embodiments, are intended to be included within the scope of the appended claims. The present disclosure is defined by the claims and their equivalents.

Claims (12)

1. A device network access method based on an industrial Internet identification analysis system is characterized in that when the method is applied to device network access by taking a client identification code as a determined condition of client network access, the method comprises the following steps: (upper expression, one of the uniqueness determining conditions or uniqueness determining conditions is not directly given)
Confirming the client identification code and the format thereof, wherein the identification code comprises corresponding client identification information and a client configuration identification record;
when the client identification code meets the industrial Internet identification code standard, acquiring the analysis information of the identification code according to the identification code through an industrial Internet identification analysis system;
and carrying out trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client.
2. The device networking method based on the industrial internet identity resolution system according to claim 1, wherein when the device networking is performed by using the client identity code as the determination condition for the client networking, the method comprises:
when the client identification code is an industrial internet identification code, the client identification code is used as a uniqueness determining condition of the client network access configuration; or the like, or a combination thereof,
When the client identification code is an industrial internet identification code, taking the client identification code as one of the determination conditions of the client network access configuration, wherein the determination conditions at least comprise: and combining the client identification code with other conditions to serve as a uniqueness determination condition of the client network access configuration.
3. The device networking method based on the industrial internet identity resolution system according to claim 1, wherein the configuration identifier record corresponds to the configuration requirement of the client, and at least comprises network configuration elements, and is generated by defining a network client configuration dictionary by using the reserved byte record storage location.
4. The method for device networking based on the industrial internet identity resolution system of claim 1, wherein the method further comprises: carrying out periodic polling according to the identification codes through a network management platform; or, actively inquiring through the network management platform according to the identification code.
5. The method for device networking based on the industrial internet identity resolution system according to claim 1, further comprising:
And sending a query request to a public recursive analytic node through the industrial Internet identification analytic system, wherein the query request at least comprises the client configuration identification record.
6. The method for accessing the device based on the industrial internet identity resolution system according to any one of claims 1 to 5, wherein the method further comprises:
determining a preset byte of the client configuration identification record according to the identification code comprising corresponding client identification information and a client configuration identification record;
and acquiring a configuration requirement corresponding to the client determined by the industrial Internet identity analysis system from preset bytes of the client configuration identity record, and corresponding to the client identity information.
7. The method for device networking based on the industrial internet identity resolution system according to claim 1, further comprising:
by defining or modifying the client configuration identification record, the configuration requirements and/or the configuration mode of the client can be determined or changed.
8. The method for device networking based on the industrial internet identity resolution system according to claim 1, further comprising: and writing the client configurations of different standards in cooperation with an industry application dictionary reserved in the industrial Internet identification.
9. The method for device networking based on the industrial internet identity resolution system of claim 1, wherein the method further comprises:
generating an identification record through the definition of the industrial Internet identification standard, wherein the identification record is a preset byte in the client identification configuration record;
writing the identification record into the client identification configuration record, and generating an initial client identification code;
acquiring analysis information of the initial client identification code through the industrial Internet identification analysis system;
confirming the network access configuration requirement to be accessed by the client and the upper-level core equipment through the analysis information of the initial client identification code;
and generating a security configuration document according to the network access configuration requirement and the upper-level core equipment, and configuring.
10. An apparatus for accessing to a network based on an industrial internet identity resolution system, applied to the method for accessing to a network based on an industrial internet identity resolution system of claims 1 to 8, the apparatus comprising:
the system comprises a confirmation unit, a processing unit and a display unit, wherein the confirmation unit is used for confirming a client identification code and a format thereof, and the identification code comprises corresponding client identification information and a client configuration identification record;
The acquisition unit is used for acquiring the analysis information of the identification code according to the identification code through an industrial Internet identification analysis system when the client identification code conforms to the industrial Internet identification code standard;
and the processing unit is used for carrying out trusted access processing according to the analysis information of the identification code, wherein the analysis information at least comprises the configuration requirement of the client.
11. An apparatus, comprising: a memory for storing processor-executable instructions; a processor coupled to the memory; wherein the processor is configured to perform the method of any one of claims 1 to 9.
12. A non-transitory computer readable storage medium, instructions in which, when executed by a processor of a computer, enable the computer to perform the method of any of claims 1 to 9.
CN202210096726.4A 2022-01-26 2022-01-26 Equipment network access method and device based on industrial Internet identification analysis system Pending CN114567553A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210096726.4A CN114567553A (en) 2022-01-26 2022-01-26 Equipment network access method and device based on industrial Internet identification analysis system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210096726.4A CN114567553A (en) 2022-01-26 2022-01-26 Equipment network access method and device based on industrial Internet identification analysis system

Publications (1)

Publication Number Publication Date
CN114567553A true CN114567553A (en) 2022-05-31

Family

ID=81714276

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210096726.4A Pending CN114567553A (en) 2022-01-26 2022-01-26 Equipment network access method and device based on industrial Internet identification analysis system

Country Status (1)

Country Link
CN (1) CN114567553A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115270829A (en) * 2022-09-26 2022-11-01 中国信息通信研究院 Code scanning capability determining system of code scanning equipment based on industrial internet identification analysis
CN115348643A (en) * 2022-08-17 2022-11-15 中国联合网络通信集团有限公司 Wi-Fi network access method and device and computer readable storage medium
CN116633976A (en) * 2023-07-21 2023-08-22 江苏未来网络集团有限公司 Industrial Internet active identification data acquisition method, system, equipment and medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115348643A (en) * 2022-08-17 2022-11-15 中国联合网络通信集团有限公司 Wi-Fi network access method and device and computer readable storage medium
CN115270829A (en) * 2022-09-26 2022-11-01 中国信息通信研究院 Code scanning capability determining system of code scanning equipment based on industrial internet identification analysis
CN116633976A (en) * 2023-07-21 2023-08-22 江苏未来网络集团有限公司 Industrial Internet active identification data acquisition method, system, equipment and medium
CN116633976B (en) * 2023-07-21 2023-10-27 江苏未来网络集团有限公司 Industrial Internet active identification data acquisition method, system, equipment and medium

Similar Documents

Publication Publication Date Title
CN110061838B (en) Decentralized storage system for DNS resource records and implementation method thereof
CN114567553A (en) Equipment network access method and device based on industrial Internet identification analysis system
CN102035815B (en) Data acquisition method, access node and system
US11856046B2 (en) Endpoint URL generation and management
US20070271393A1 (en) System and Methods for Domain Name Acquisition and Management
CN102457376B (en) A kind of method and system of cloud computing service unified certification
CN102695167B (en) Mobile subscriber identity management method and apparatus thereof
CN108769186B (en) Service authority control method and device
JP6954709B1 (en) Domain name management system based on blockchain
CN112118269A (en) Identity authentication method, system, computing equipment and readable storage medium
CN109495604A (en) A kind of method of general domain name mapping
CN111711711A (en) Block chain-based top-level domain name management and analysis method and system
CN113220413B (en) Method and system for removing ARP (Address resolution protocol) table entries of old port of switch after virtual machine migration
CN103051643B (en) Fictitious host computer secure connection dynamic establishing method and system under cloud computing environment
US20110264767A1 (en) Interactive processing method and apparatus between content-id management servers
CN104079683A (en) Domain name resolution method and system authorizing direct response of domain name server
CN108712428A (en) A kind of method and device carrying out device type identification to terminal
CN113542292A (en) Intranet safety protection method and system based on DNS and IP credit data
CN106506239B (en) Method and system for authentication in organization unit domain
CN116980166A (en) Internet-based data transmission management system
CN105162898A (en) Method and device for realizing intelligent resolution through DNS (Domain Name Sever), DHCP (Dynamic Host Configuration Protocol) and IPAM (Internet Protocol Address Management)
CN110933037B (en) User authority verification method and authority management system
CN102299836A (en) Method and device for accessing access equipment
CN113572844A (en) Industrial internet identification analysis method
CN102368762A (en) LDAP (Lightweight Directory Access Protocol) user management method and device thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination