CN115250186B - Network connection authentication method, device, computer equipment and storage medium - Google Patents

Network connection authentication method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN115250186B
CN115250186B CN202110387901.0A CN202110387901A CN115250186B CN 115250186 B CN115250186 B CN 115250186B CN 202110387901 A CN202110387901 A CN 202110387901A CN 115250186 B CN115250186 B CN 115250186B
Authority
CN
China
Prior art keywords
certificate
network
target network
network connection
acquiring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110387901.0A
Other languages
Chinese (zh)
Other versions
CN115250186A (en
Inventor
陈运佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SF Technology Co Ltd
Original Assignee
SF Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SF Technology Co Ltd filed Critical SF Technology Co Ltd
Priority to CN202110387901.0A priority Critical patent/CN115250186B/en
Publication of CN115250186A publication Critical patent/CN115250186A/en
Application granted granted Critical
Publication of CN115250186B publication Critical patent/CN115250186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The application provides a network connection authentication method, a device, a computer device and a storage medium, comprising: responding to a network connection operation instruction acting on a target network, and performing validity verification on a local network certificate to obtain a validity verification result; acquiring a target network certificate based on a validity period verification result; verifying and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system effective certificate; and sending the system effective certificate to a router corresponding to the target network for network authentication, so as to connect the target network after the system effective certificate is authenticated. By adopting the method, the operation flow of network connection authentication can be saved, the network connection authentication efficiency can be further improved, the reliability of the network connection authentication can be further improved, and the security of the network connection authentication can be effectively improved.

Description

Network connection authentication method, device, computer equipment and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a network connection authentication method, a device, a computer device, and a storage medium.
Background
With the rapid development of the express industry, the number of transfer sites required for sorting express items in each place is increased, and in addition to the network access points with internal networks in part of sites, the external network route capable of accessing internal data is generally set up in most of the sites for facilitating the operation of express small-sized books, so that the express small-sized books can be accessed into the internal networks through terminals, and the internal data can be obtained.
However, the existing network access mode is single in verification, so that not only is leakage risk existed, but also the information security of enterprises can be seriously compromised. For example, the network connection authentication methods currently using the mobile terminal include the following three types: 1. manually inputting a fixed key for authentication after WI-FI is selected; 2. the user inputs a mobile phone number and a short message in the HTTP page for verification; 3. the mobile terminal receives the user input activation code, loads a preset encryption digital certificate, and sends the certificate to the application server for verification in the networking process, and when the certificate is verified to be legal, the connected legal equipment is determined.
However, by manually inputting the fixed key connection and using the short message verification connection, only a simple activation code comparison is adopted, and if an attacker adopts a bypass activation step or the fixed key is revealed, the server cannot judge whether the device is legal or not; the preset encryption digital certificate is loaded through the activation code, so that the problem of activation code leakage exists, the usability of the certificate is not guaranteed, and the abnormal condition of network connection is easy to occur.
Therefore, the conventional network connection authentication method has a technical problem of low authentication security.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a network connection authentication method, apparatus, computer device, and storage medium for improving network authentication security.
In a first aspect, the present application provides a network connection authentication method, including:
responding to a network connection operation instruction acting on a target network, and performing validity verification on a local network certificate to obtain a validity verification result;
acquiring a target network certificate based on the validity period verification result;
verifying and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system effective certificate;
and sending the system effective certificate to a router corresponding to the target network for network authentication, so as to connect the target network after the system effective certificate is authenticated.
In some embodiments of the present application, the step of performing validity verification on the local network certificate in response to a network connection operation instruction acting on the target network to obtain a validity verification result includes:
Responding to a network connection operation instruction acting on a target network, and acquiring a local network certificate label through a preset first interface;
if the label information of the local network certificate label is first label information, acquiring a certificate expiration date corresponding to the local network certificate label through a preset first interface, and taking the certificate expiration date as the certificate expiration time of the local network certificate;
and carrying out validity verification on the local network certificate based on the certificate expiration time, and obtaining a validity verification result.
In some embodiments of the present application, the step of obtaining, in response to a network connection operation instruction acting on the target network, a local network certificate tag through a preset first interface includes:
when a screen unlocking operation instruction acting on a display screen is detected, a screen unlocking result corresponding to the screen unlocking operation instruction is obtained;
if the screen unlocking result is that the unlocking is successful, determining that the screen unlocking operation instruction is a network connection operation instruction, and acquiring a target network, wherein the target network is a candidate network meeting a preset condition in at least one candidate network;
and responding to a network connection operation instruction acting on the target network, and acquiring a local network certificate label through a preset first interface.
In some embodiments of the present application, the step of performing validity verification on the local network certificate based on the certificate expiration time to obtain a validity verification result includes:
acquiring the current time of the equipment;
calculating a time difference value between the current time of the equipment and the certificate expiration time to obtain effective duration;
if the effective duration is smaller than a preset time threshold, determining that the effective duration check result is a first check result;
and if the valid time length is greater than or equal to the time threshold, determining that the valid period check result is a second check result.
In some embodiments of the present application, the step of obtaining the target network certificate based on the validity period verification result includes:
if the validity period checking result is a first checking result, generating a certificate acquisition request, and sending the certificate acquisition request to a server to acquire a target network certificate fed back by the server;
and if the validity period checking result is a second checking result, determining the local network certificate as the target network certificate.
In some embodiments of the present application, before the step of verifying and installing the target network certificate and performing system pre-configuration on the installed target network certificate to obtain a system valid certificate, the method further includes:
Based on a message digest algorithm, carrying out security verification on the target network certificate fed back by the server, and obtaining a security verification result of the target network certificate fed back by the server;
if the security verification result is that verification is successful, acquiring storage path information, certificate password information and certificate file name information of the target network certificate;
the storage path information, the certificate password information and the certificate file name information are used for verifying and installing the target network certificate.
In some embodiments of the present application, the step of verifying and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system valid certificate includes:
acquiring storage path information, certificate password information and certificate file name information of the target network certificate through a preset second interface;
based on the storage path information, the certificate password information and the certificate file name information, verifying and installing the target network certificate to obtain an installed target network certificate;
acquiring a network identity of the target network through a preset third interface, and acquiring a user credential key of the installed target network certificate;
And performing system pre-configuration on the installed target network certificate based on the network identity and the user credential key to obtain a system effective certificate.
In a second aspect, the present application provides a network connection authentication apparatus, including:
the instruction response module is used for responding to a network connection operation instruction acting on a target network, carrying out validity verification on the local network certificate and obtaining a validity verification result;
the certificate acquisition module is used for acquiring a target network certificate based on the validity period verification result;
the certificate configuration module is used for verifying and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system effective certificate;
and the network connection module is used for sending the system effective certificate to a router corresponding to the target network for network authentication so as to connect the target network after the system effective certificate passes the authentication.
In a third aspect, the present application also provides a computer device comprising:
one or more processors;
a memory; and one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the network connection authentication method.
In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program, the computer program being loaded by a processor to perform the steps of the network connection authentication method.
In a fifth aspect, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the method provided in the first aspect.
According to the network connection authentication method, the device, the computer equipment and the storage medium, the terminal can realize full-automatic verification, installation and pre-configuration of the local network certificate by responding to the network connection operation instruction acted on the target network and performing validity verification on the local network certificate without manually inputting an activation code to load the certificate and complete network connection, so that the operation flow of network connection authentication is saved, and the network connection authentication efficiency is further improved. Meanwhile, the terminal also completes validity period verification operation before the pre-configuration of the certificate, effectively solves the timeliness problem of the existing certificate authentication scheme, greatly ensures the usability of the certificate, further improves the reliability of network connection authentication, and finally effectively improves the security of the network connection authentication.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of a scenario of a network connection authentication method in an embodiment of the present application;
fig. 2 is a flow chart of a network connection authentication method in an embodiment of the present application;
FIG. 3 is a flowchart illustrating a network certificate verification step in an embodiment of the present application;
fig. 4 is a schematic flow chart of a target network connection step in the embodiment of the present application;
fig. 5 is a schematic flowchart of a specific network connection authentication method in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a network connection authentication device in the embodiment of the present application;
fig. 7 is a schematic structural diagram of a computer device in the embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
In the description of the present application, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more of the described features. In the description of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
In the description of the present application, the term "for example" is used to mean "serving as an example, instance, or illustration. Any embodiment described herein as "for example" is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is presented to enable any person skilled in the art to make and use the invention. In the following description, details are set forth for purposes of explanation. It will be apparent to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and processes have not been described in detail so as not to obscure the description of the invention with unnecessary detail. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
The embodiment of the application provides a network connection authentication method, a network connection authentication device, computer equipment and a storage medium, and the method, the device, the computer equipment and the storage medium are respectively described in detail below.
Referring to fig. 1, fig. 1 is a schematic view of a scenario of a network connection authentication method provided in the present application, where the network connection authentication method can be applied to a network connection authentication system. The network connection authentication system includes a terminal 100 and a server 200, which establish a communication connection through a network. The terminal 100 may be a device comprising both receiving and transmitting hardware, i.e. having receiving and transmitting hardware capable of performing bi-directional communication over a bi-directional communication link. Such a device may include: a cellular or other communication device having a single-line display or a multi-line display or a cellular or other communication device without a multi-line display. The terminal 100 may specifically be a desktop terminal or a mobile terminal, and the terminal 100 may specifically be one of a mobile phone, a tablet computer, a gun, a notebook computer, and the like.
The server 200 may be an independent server, or may be a server network or a server cluster formed by servers, including but not limited to a computer, a network host, a single network server, a plurality of network server sets, or a cloud server formed by a plurality of servers. Wherein, the Cloud server is composed of a large number of computers or network servers based on Cloud Computing (Cloud Computing); the network includes, but is not limited to: a wide area network, a metropolitan area network, or a local area network.
It should be understood by those skilled in the art that the application environment shown in fig. 1 is only one application scenario applicable to the present application scenario, and is not limited to the application scenario of the present application scenario, and other application environments may also include more or fewer computer devices than those shown in fig. 1, for example, only one server 200 is shown in fig. 1, and it is understood that the system may also include one or more other servers, or one or more other terminals, and is not limited herein. In addition, the system may further include a memory for storing data, such as logistics data, for example, various data of a logistics platform, such as logistics transportation information of logistics sites, such as a transfer site, and the like, specifically, such as waybill information, delivery vehicle information, logistics site information, and the like.
It should be understood by those skilled in the art that the schematic view of the network connection authentication system shown in fig. 1 is only an example, and the network connection authentication system and the scene described in the embodiments of the present invention are for more clearly describing the technical solutions of the embodiments of the present invention, and do not constitute a limitation on the technical solutions provided by the embodiments of the present invention, and those skilled in the art can know that, with the evolution of the network connection authentication system and the appearance of a new service scenario, the technical solutions provided by the embodiments of the present invention are equally applicable to similar technical problems.
Referring to fig. 2, an embodiment of the present application provides a network connection authentication method, which is mainly applied to the terminal 100 in fig. 1 and is hereinafter described as an example, and the method includes steps S201 to S204, which are specifically as follows:
s201, responding to a network connection operation instruction acting on a target network, and performing validity verification on a local network certificate to obtain a validity verification result.
The target network may be at least one candidate network satisfying a preset condition, and the candidate network may be set for a certain place (such as a place in a logistics transfer), that is, the network information covers a wireless network to which the place may be connected for use, where the preset condition may refer to a condition such as a signal strength, a signal name, a signal privacy, and the like. For example, 2 candidate networks are arranged in the logistics transit site, including: WI-FI No. 1 and WIFI No. 2, where the signal strength of WI-FI No. 1 is higher than WIFI No. 2, the terminal 100 may select WI-FI No. 1 as the target network to which it wants to apply for connection.
The local network certificate refers to a digital certificate stored in a local device of the terminal 100.
Specifically, before the network connection authentication method provided by the embodiment of the application is clarified, a Digital certificate (Digital Certificate, digital ID) needs to be understood first, which provides a way of identity verification on the Internet, and is a Digital information file used for marking and proving identities of two parties of network communication. Digital certificates are issued by an authority, CA, also known as a certificate authority (Certificate Authority) center, which people can use to identify the identity of each other in an exchange. In addition, the digital certificate has timeliness, that is, it not only contains a public key, a name and a digital signature of a certificate authority, but also generally includes information such as the validity time of the key, the name of a certification authority (certificate authority), the serial number of the certificate, and the like, and the format of the certificate conforms to the related international standard. The effective time of the key is key information for representing the timeliness of the digital certificate.
Specifically, in the existing internet communication scene, when the external network device communicates with the internal network device, the external network device is authenticated by adopting a digital certificate authentication mode and a user name password authentication mode, namely, the modes described in the background technology of the application, but the authentication efficiency is low, the external network device is easy to impersonate, and the potential safety hazard is extremely large. Therefore, the present application proposes an optimized network connection authentication manner, so that the terminal 100 can customize an interface through a pre-developed operating system, thereby realizing full-automatic certificate installation, reducing the probability of errors caused by manual operation, improving the security of network connection, and eliminating the operation threshold. And the certificate is used for replacing the fixed activation code, so that the security of network identity verification is effectively improved, and the security of network access is improved.
However, the authentication mode of using the digital certificate to replace the fixed activation code has two problems of manually inputting the activation code and timeliness of the certificate, so the embodiment of the application cuts in from two points of full automation and timeliness, and improves the problems of the existing certificate authentication. Therefore, when receiving and responding to the network connection operation instruction acting on the target network, the embodiment of the application firstly needs to perform validity verification on the local network certificate so as to ensure the timeliness of the certificate, and further performs subsequent steps after obtaining the validity verification result. The validity period checking step involved in this embodiment will be described in detail below.
In one embodiment, the step includes: responding to a network connection operation instruction acting on a target network, and acquiring a local network certificate label through a preset first interface; if the label information of the local network certificate label is first label information, acquiring a certificate expiration date corresponding to the local network certificate label through a preset first interface, and taking the certificate expiration date as the certificate expiration time of the local network certificate; and carrying out validity verification on the local network certificate based on the certificate expiration time, and obtaining a validity verification result.
It should be noted that, the operating system used by the terminal 100 in this embodiment of the present application is an Android system, and the Android system supports manual installation of certificates, and then certificate pre-configuration can be performed when a specified WI-FI is connected, so that installation and connection of certificates are realized. However, to be "fully automated," both installation and pre-configuration of certificates requires API (Application Programming Interface ) support of the operating system. However, the existing Android system does not develop an API interface for certificate validity judgment, certificate installation or uninstallation and certificate pre-configuration, so that the following functional interfaces are provided for the terminal 100 by combining actual service requirements with the Android operating system to perform deep customization of the functional interfaces: (1) acquiring a certificate validity period interface; (2) installing/uninstalling a certificate interface; (3) the certificate pre-configures the functional interface to provide a convenient path for the terminal 100 to connect to the network.
The first interface according to this embodiment may refer to the certificate validity period acquisition interface described above.
Wherein, the local network certificate tag may be a Boolean value for identifying whether the local network certificate exists, which is denoted as "true" or "false"; when the local network certificate tag is "true", it represents that the local network certificate exists, and when the local network certificate tag is "false", it represents that the local network certificate does not exist. The first tag information described above is "true".
The expiration date of the certificate may refer to the validity time of the key described above, that is, the expiration start time of the digital certificate, for example, 2021, 1, and further, for example, 2021, 1, 0 hour, 0 minutes.
Specifically, when the terminal 100 detects a network connection operation instruction acting on the target network, a pre-stored local network certificate label may be obtained through a preset first interface, so as to determine whether label information of the label is first label information "true" or second label information "false", if the label information is determined to be the first label information, it indicates that the terminal 100 already has a local network certificate, at this time, the terminal 100 may further obtain a corresponding certificate expiration time through the first interface, so as to analyze the certificate expiration time to perform validity verification on the local network certificate, and finally obtain a validity verification result.
More specifically, if the tag information of the local network certificate tag is the second tag information "false", it indicates that the terminal 100 does not store the local network certificate, and it is necessary to apply the latest certificate to the CA certificate issuing server, thereby setting the validity period verification result as the first verification result, and acting on the subsequently acquired certificate. The validity period check result acquisition step involved in the present embodiment will be described in detail below.
In one embodiment, the step of obtaining, in response to a network connection operation instruction acting on the target network, a local network certificate tag through a preset first interface includes: when a screen unlocking operation instruction acting on a display screen is detected, a screen unlocking result corresponding to the screen unlocking operation instruction is obtained; if the screen unlocking result is that the unlocking is successful, determining that the screen unlocking operation instruction is a network connection operation instruction, and acquiring a target network, wherein the target network is a candidate network meeting a preset condition in at least one candidate network; and responding to a network connection operation instruction acting on the target network, and acquiring a local network certificate label through a preset first interface.
The screen unlocking command may be a digital code or a graphic code for unlocking the terminal 100, that is, it may be a character string or a graphic image having coordinate information or digital information.
Specifically, as shown in fig. 3, a user of the terminal 100 presets that an effective unlocking instruction is an "S" graphic instruction, and when the terminal 100 detects a screen unlocking operation instruction acting on a display screen, the currently received screen unlocking operation instruction can be matched with the effective unlocking instruction. If the screen unlocking operation instruction and the screen unlocking operation instruction are matched, the screen unlocking result corresponding to the screen unlocking operation instruction is obtained to be 'successful in unlocking', and the screen unlocking operation instruction is used as a network connection operation instruction capable of triggering the starting of the tag obtaining step, so that the local network certificate tag is further obtained through the first interface.
In one embodiment, the step of performing validity verification on the local network certificate based on the certificate expiration time to obtain a validity verification result includes: acquiring the current time of the equipment; calculating a time difference value between the current time of the equipment and the certificate expiration time to obtain effective duration; if the effective duration is smaller than a preset time threshold, determining that the effective duration check result is a first check result; and if the valid time length is greater than or equal to the time threshold, determining that the valid period check result is a second check result.
The current time of the device may refer to the Beijing time recorded by the terminal 100, and may be "2021, 3, 1, 12, 23 minutes", for example.
The time threshold may be a time threshold used for determining whether the certificate needs to be updated, for example, the time threshold may be a time threshold calculated by day of 15 days, 30 days, and the like, and for example, the time threshold may be a time threshold calculated by hour, week, month, and year, which is not limited in the embodiment of the present application.
Specifically, after obtaining the certificate expiration time of the local network certificate, the terminal 100 may further obtain the current time of the device, so as to calculate a time difference between the current time of the device and the certificate expiration time, obtain a validity duration, and analyze a validity duration verification result. As is known in connection with the above-described embodiments, the validity period check result includes a first check result, which is denoted as "check certificate need to be updated", and a second check result, which is denoted as "check certificate need not be updated".
For example, when the current time of the device is "2021, 3, 1, and 12, and the expiration time of the certificate is" 2021, 3, 12, and the preset time threshold is "30", the calculated effective duration is "11 days", the effective duration is smaller than the currently set time threshold, which means that the time is less than 30 days from expiration of the certificate, and the certificate should be updated, it may be determined that the validity period verification result of the certificate is the first verification result.
For another example, the current time of the device is "2021, 2, 1, and 12, the expiration time of the certificate is" 2021, 3, 12, and the preset time threshold is "30, the calculated effective duration is" 39, and the effective duration is longer than the currently set time threshold, which indicates that the time from expiration of the certificate is still more than 30 days, and the validity period verification result of the certificate can be determined to be the second verification result without updating the certificate.
More specifically, if the terminal 100 presets a buffer pool (designated file directory) for storing the certificate, the certificate aging time described in the above embodiment should be a time obtained by preferentially acquiring from the buffer pool. And after the validity period verification result is determined to be the first verification result based on the time, the certificate expiration date stored in the operating system database can be further accessed, whether the validity period verification result is still the first verification result is analyzed again, and if the validity period verification result is still the first verification result, the certificate stored in the terminal 100 is determined to need to be updated.
Further, the foregoing access to the operating system database is provided that the validity period check tag is a first tag. Wherein the validity period check tag may be a tag for identifying a certificate validity period check status, denoted as "1" or "0". For example, a time point is set within a 24-hour daily period, after which if the terminal 100 verifies the validity period of the certificate, the terminal sets the tag to "1" and then analyzes whether there is a valid period of the verified certificate based on this value. For another example, 8 points per day reset this tag to "0" which indicates that the validity period of the certificate has not been verified, and the subsequent certificate verification steps may proceed.
The first tag may be a tag "1" of a valid period verification tag, which indicates that the valid period of the certificate has been verified; the second tag may refer to tag "0" of the validity period verification tag, indicating that the validity period of the certificate has not been verified. The first tag and the second tag are two tags that identify opposite check states.
That is, the terminal 100 may access the certificate expiration time in the buffer pool of the terminal 100 first, and analyze whether the validity period check result corresponding to the certificate expiration time is the first check result; if the valid period verification label is the first label, the valid period verification label is required to be analyzed; if the first label is the first label, a certificate acquisition request can be generated subsequently to acquire a target network certificate fed back by the CA certificate issuing server; if the second label is the second label, the certificate expiration time in the operating system database can be further accessed, and whether the validity period check result is still the first check result is further analyzed; if the first verification result is still obtained, a certificate acquisition request can be generated subsequently to acquire a target network certificate fed back by the CA certificate issuing server; if the first check result is no longer the second check result, the final validity period check result may be determined to be the second check result.
S202, acquiring a target network certificate based on the validity period verification result.
Specifically, after the terminal 100 analyzes the validity period verification result of the local network certificate, different synchronization may be performed based on the result to determine the target network certificate required for networking. The target network certificate acquisition step involved in the present embodiment will be described in detail below.
In one embodiment, the step includes: if the validity period checking result is a first checking result, generating a certificate acquisition request, and sending the certificate acquisition request to a server to acquire a target network certificate fed back by the server; and if the validity period checking result is a second checking result, determining the local network certificate as the target network certificate.
Wherein the certificate acquisition request is a request for requesting the CA certificate issuing server to feed back the latest certificate.
Specifically, the manner in which the terminal 100 analyzes the validity period check result may be as described in the previous embodiment, and the validity period check result to be analyzed may be finally determined in combination with the validity period check tag. If the validity period verification result is a first verification result and indicates that the certificate needs to be updated, the terminal 100 may generate a certificate acquisition request based on the equipment identity thereof, so as to send the certificate acquisition request to the server 200, so that the server 200 performs identity validity verification on the certificate, and after obtaining a verification result that is legal in verification, forwards the certificate acquisition request to the CA certificate issuing server, so as to obtain the latest certificate fed back by the CA certificate issuing server as the target network certificate.
More specifically, if the validity period checking result is the second checking result, which means that "checking does not need to update the certificate", the terminal 100 may determine that the local network certificate currently stored is the target network certificate required for the subsequent networking.
S203, checking and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system effective certificate.
Specifically, after the terminal 100 obtains the target network certificate, the validity of the certificate may be checked first, then the checked target network certificate is installed in the operating system, and finally the installed target network certificate is preconfigured, so that the terminal may wait for the router signal of the target network to find the preconfigured target network certificate, and further complete a series of certificate authentication operations, so as to realize automatic security access to the target network. The certificate verification installation step and the certificate pre-arrangement step involved in the present embodiment will be described in detail below.
In one embodiment, before this step, the network connection authentication method further includes: based on a message digest algorithm, carrying out security verification on the target network certificate fed back by the server, and obtaining a security verification result of the target network certificate fed back by the server; if the security verification result is that verification is successful, acquiring storage path information, certificate password information and certificate file name information of the target network certificate; the storage path information, the certificate password information and the certificate file name information are used for verifying and installing the target network certificate.
The Message Digest Algorithm may be, among other things, the MD5 (Message-Digest Algorithm) Algorithm that generates a unique "digital fingerprint" for any file (regardless of its size, format, number) by which it is known whether the source file has been altered by checking whether the MD5 values have changed before and after the file. For example, the target network certificate is an encrypted string, and the server 200 not only feeds back the encrypted string of the certificate, but also returns the MD5 value corresponding to the string, so that after receiving the string of the certificate, the terminal 100 converts the certificate into a file, and then directly takes a new MD5 value from the file, and matches the MD5 value obtained in the previous step, so as to ensure that the obtained certificate is valid.
Specifically, before the terminal 100 performs verification and installation on the currently obtained target network certificate, it is first determined whether the target network certificate is newly issued by the CA certificate issuing server, and is fed back through the server 200. If so, the validity of the certificate needs to be checked by the MD5 value, and after the verification is passed, the storage path information of the target network certificate (i.e. the storage path of the certificate in the operating system of the terminal 100), the certificate password information (i.e. the access password preset for the certificate) and the certificate file name information (i.e. the file name preset for the certificate) are obtained, so that the verification and installation of the target network certificate are realized through the operating system. Otherwise, if not, the certificate does not need to be legally checked.
In one embodiment, the step includes: acquiring storage path information, certificate password information and certificate file name information of the target network certificate through a preset second interface; based on the storage path information, the certificate password information and the certificate file name information, verifying and installing the target network certificate to obtain an installed target network certificate; acquiring a network identity of the target network through a preset third interface, and acquiring a user credential key of the installed target network certificate; and performing system pre-configuration on the installed target network certificate based on the network identity and the user credential key to obtain a system effective certificate.
The second interface related to the present embodiment may refer to the above-described installation/removal certificate interface; the third interface to which the present embodiment relates may refer to the certificate provisioning function interface described above.
The network identity may be referred to as a globally unique identity of the target network, i.e. SSID (Service Set Identifier).
The user credential key may be a preset string key for implementing a certificate pre-configuration operation, and the user credential keys corresponding to different terminals 100 are generally different.
Specifically, after the terminal 100 acquires the target network certificate, the storage path information, the certificate password information, and the certificate file name information of the target network certificate may be acquired through the second interface, and the target network certificate may be checked and installed based on such information to install the target network certificate in the operating system of the terminal 100. However, after the installation of the certificate, the terminal 100 cannot be caused to connect to the target network, and the SSID of the target network, that is, the network identity of the target network, needs to be obtained during the installation of the certificate, so that the certificate is bound under the network identity of the target network to be preconfigured, and the finally configured certificate is determined to be used as a system valid certificate required for the subsequent network connection authentication, and the system valid certificate only needs to be stored in an operating system so as to be accessed when the terminal 100 or other external devices are used.
And S204, the system effective certificate is sent to a router corresponding to the target network for network authentication, so that the target network is connected after the system effective certificate is authenticated.
Specifically, as shown In fig. 4, the system valid certificate installed on the terminal 100 may be obtained In real time by the router corresponding to the target network, that is, after the router signal sent by the router is found, the certificate information of the system valid certificate may be brought to the router, and then the certificate information is transmitted to an authentication cluster (authentication Server cluster) through radius (Remote Authentication Dial-In User Server) protocol, so that the authentication management platform authenticates the certificate information, and then a trust channel is established, thereby realizing the secure access of the terminal 100 to the target network.
According to the network connection authentication method, the terminal can realize full-automatic verification, installation and pre-configuration of the local network certificate by responding to the network connection operation instruction acting on the target network and performing the validity period verification on the local network certificate without manually inputting an activation code to load the certificate and complete network connection, so that the operation flow of network connection authentication is saved, and the network connection authentication efficiency is further improved. Meanwhile, the terminal also completes validity period verification operation before the pre-configuration of the certificate, effectively solves the timeliness problem of the existing certificate authentication scheme, greatly ensures the usability of the certificate, further improves the reliability of network connection authentication, and finally effectively improves the security of the network connection authentication.
In order to enable those skilled in the art to fully understand the network connection authentication scheme provided by the application, the application also provides an application scenario, and the application scenario applies the network connection authentication method. Specifically, the application of the network connection authentication method in the application scenario will be described below with reference to fig. 5:
as shown in fig. 5, the network connection authentication scheme proposed in the present application includes the following steps:
1) The terminal detects an effective screen unlocking operation instruction, which is equivalent to receiving a network connection operation instruction acting on a target network, and further triggers timeliness verification of a local network certificate in response to the instruction, namely, whether an expiration date of a certain certificate exists in a local equipment file directory is queried, and if so, whether the current certificate is expired or is about to be expired is analyzed based on the expiration date. If so, a first interface (acquire certificate validity interface) may be invoked to query the operating system for the expiration date of the certificate stored therein, further determining whether the current certificate is still judged to be expired or about to expire. If the front and back analysis results are consistent, the current certificate can be judged to be updated.
2) After the terminal analyzes and determines that no available certificate exists at present, a certificate application interface or a certificate updating interface can be called, a request is initiated to a server, the server forwards the request to a CA certificate issuing server, and the available certificate is fed back by the server.
3) After receiving the available certificate, the terminal can firstly check the validity of the certificate, if the verification is passed, the terminal can further realize the installation of the certificate through a second interface (an installation/uninstallation certificate interface), and then realize the pre-configuration of the certificate through a third interface (a certificate pre-configuration function interface), so that the terminal can be connected with a target network in a rapid authentication manner, and the safe access to the target network is realized.
According to the network connection authentication method provided by the embodiment, the terminal can realize full-automatic verification, installation and pre-configuration of the local network certificate by responding to the network connection operation instruction acting on the target network and performing the validity period verification on the local network certificate without manually inputting an activation code to load the certificate and complete network connection, so that the operation flow of network connection authentication is saved, and the network connection authentication efficiency is further improved. Meanwhile, the terminal also completes validity period verification operation before the pre-configuration of the certificate, effectively solves the timeliness problem of the existing certificate authentication scheme, greatly ensures the usability of the certificate, further improves the reliability of network connection authentication, and finally effectively improves the security of the network connection authentication.
In order to better implement the network connection authentication method in the embodiments of the present application, based on the network connection authentication method, the embodiments of the present application further provide a network connection authentication device, as shown in fig. 6, where the network connection authentication device 600 includes:
the instruction response module 610 is configured to respond to a network connection operation instruction acting on the target network, perform validity verification on the local network certificate, and obtain a validity verification result;
A certificate acquisition module 620, configured to acquire a target network certificate based on the validity period verification result;
the certificate configuration module 630 is configured to verify and install the target network certificate, and perform system pre-configuration on the installed target network certificate to obtain a system valid certificate;
and the network connection module 640 is configured to send the system valid certificate to a router corresponding to the target network for network authentication, so as to connect to the target network after the system valid certificate is authenticated.
In some embodiments of the present application, the instruction response module 610 is further configured to obtain, through a preset first interface, a local network certificate tag in response to a network connection operation instruction acting on the target network; if the label information of the local network certificate label is first label information, acquiring a certificate expiration date corresponding to the local network certificate label through a preset first interface, and taking the certificate expiration date as the certificate expiration time of the local network certificate; and carrying out validity verification on the local network certificate based on the certificate expiration time, and obtaining a validity verification result.
In some embodiments of the present application, the instruction response module 610 is further configured to, when detecting a screen unlocking operation instruction acting on a display screen, obtain a screen unlocking result corresponding to the screen unlocking operation instruction; if the screen unlocking result is that the unlocking is successful, determining that the screen unlocking operation instruction is a network connection operation instruction, and acquiring a target network, wherein the target network is a candidate network meeting a preset condition in at least one candidate network; and responding to a network connection operation instruction acting on the target network, and acquiring a local network certificate label through a preset first interface.
In some embodiments of the present application, the instruction response module 610 is further configured to obtain a current time of the device; calculating a time difference value between the current time of the equipment and the certificate expiration time to obtain effective duration; if the effective duration is smaller than a preset time threshold, determining that the effective duration check result is a first check result; and if the valid time length is greater than or equal to the time threshold, determining that the valid period check result is a second check result.
In some embodiments of the present application, the certificate acquisition module 620 is further configured to generate a certificate acquisition request if the validity period verification result is a first verification result, and send the certificate acquisition request to a server to acquire a target network certificate fed back by the server; and if the validity period checking result is a second checking result, determining the local network certificate as the target network certificate.
In some embodiments of the present application, the network connection authentication device 600 further includes an information acquisition module, configured to perform security verification on the target network certificate fed back by the server based on a message digest algorithm, and acquire a security verification result of the target network certificate fed back by the server; if the security verification result is that verification is successful, acquiring storage path information, certificate password information and certificate file name information of the target network certificate; the storage path information, the certificate password information and the certificate file name information are used for verifying and installing the target network certificate.
In some embodiments of the present application, the certificate configuration module 630 is further configured to obtain, through a preset second interface, storage path information, certificate password information, and certificate file name information of the target network certificate; based on the storage path information, the certificate password information and the certificate file name information, verifying and installing the target network certificate to obtain an installed target network certificate; acquiring a network identity of the target network through a preset third interface, and acquiring a user credential key of the installed target network certificate; and performing system pre-configuration on the installed target network certificate based on the network identity and the user credential key to obtain a system effective certificate.
In the above embodiment, the terminal performs validity verification on the local network certificate by responding to the network connection operation instruction acting on the target network, so that full-automatic verification, installation and pre-configuration on the local network certificate can be realized, and the activation code is not required to be manually input to load the certificate and complete network connection, thereby saving the operation flow of network connection authentication and further improving the network connection authentication efficiency. Meanwhile, the terminal also completes validity period verification operation before the pre-configuration of the certificate, effectively solves the timeliness problem of the existing certificate authentication scheme, greatly ensures the usability of the certificate, further improves the reliability of network connection authentication, and finally effectively improves the security of the network connection authentication.
For specific limitations of the network connection authentication apparatus, reference may be made to the above limitation of the network connection authentication method, and no further description is given here. The respective modules in the network connection authentication apparatus described above may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In some embodiments of the present application, the network connection authentication apparatus 600 may be implemented in the form of a computer program that is executable on a computer device as shown in fig. 7. The memory of the computer device may store various program modules constituting the network connection authentication apparatus 600, such as the instruction response module 610, the certificate acquisition module 620, the certificate configuration module 630, and the network connection module 640 shown in fig. 6. The computer program constituted by the respective program modules causes the processor to execute the steps in the logistics line recommendation method of the respective embodiments of the present application described in the present specification.
For example, the computer apparatus shown in fig. 7 may perform step S201 through the instruction response module 610 in the network connection authentication apparatus 600 shown in fig. 6. The computer device may perform step S202 through the certificate acquisition module 620. The computer device may perform step S203 through the certificate configuration module 630. The computer device may perform step S204 through the network connection module 640. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus.
Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for communicating with an external terminal in a wired or wireless manner, and the wireless manner can be realized through WI-FI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a network connection authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 7 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In some embodiments of the present application, a computer device is provided that includes one or more processors; a memory; and one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to perform the steps of the network connection authentication method described above. The steps of the network connection authentication method herein may be the steps in the network connection authentication method of the above-described respective embodiments.
In some embodiments of the present application, a computer readable storage medium is provided, in which a computer program is stored, where the computer program is loaded by a processor, so that the processor performs the steps of the network connection authentication method described above. The steps of the network connection authentication method herein may be the steps in the network connection authentication method of the above-described respective embodiments.
Those skilled in the art will appreciate that implementing all or part of the above-described embodiment methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein can include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can take many forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing has described in detail the network connection authentication method, apparatus, computer device and storage medium provided by the embodiments of the present application, and specific examples have been applied to illustrate the principles and embodiments of the present invention, where the foregoing description of the embodiments is only for aiding in understanding the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in light of the ideas of the present invention, the present description should not be construed as limiting the present invention.

Claims (9)

1. A network connection authentication method, comprising:
responding to a network connection operation instruction acting on a target network, and performing validity verification on a local network certificate to obtain a validity verification result;
acquiring a target network certificate based on the validity period verification result;
Verifying and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system effective certificate; the method specifically comprises the following steps: acquiring storage path information, certificate password information and certificate file name information of the target network certificate through a preset second interface; based on the storage path information, the certificate password information and the certificate file name information, verifying and installing the target network certificate to obtain an installed target network certificate; acquiring a network identity of the target network through a preset third interface, and acquiring a user credential key of the installed target network certificate; based on the network identity and the user credential key, performing system pre-configuration on the installed target network certificate to obtain a system effective certificate;
and sending the system effective certificate to a router corresponding to the target network for network authentication, so as to connect the target network after the system effective certificate is authenticated.
2. The network connection authentication method of claim 1, wherein the step of performing validity verification on the local network certificate in response to the network connection operation instruction acting on the target network to obtain a validity verification result comprises:
Responding to a network connection operation instruction acting on a target network, and acquiring a local network certificate label through a preset first interface;
if the label information of the local network certificate label is first label information, acquiring a certificate expiration date corresponding to the local network certificate label through a preset first interface, and taking the certificate expiration date as the certificate expiration time of the local network certificate;
and carrying out validity verification on the local network certificate based on the certificate expiration time, and obtaining a validity verification result.
3. The network connection authentication method as claimed in claim 2, wherein the step of acquiring the local network certificate tag through a preset first interface in response to the network connection operation instruction acting on the target network, comprises:
when a screen unlocking operation instruction acting on a display screen is detected, a screen unlocking result corresponding to the screen unlocking operation instruction is obtained;
if the screen unlocking result is that the unlocking is successful, determining that the screen unlocking operation instruction is a network connection operation instruction, and acquiring a target network, wherein the target network is a candidate network meeting a preset condition in at least one candidate network;
And responding to a network connection operation instruction acting on the target network, and acquiring a local network certificate label through a preset first interface.
4. The network connection authentication method of claim 2, wherein the step of performing validity verification on the local network certificate based on the certificate expiration time to obtain a validity verification result includes:
acquiring the current time of the equipment;
calculating a time difference value between the current time of the equipment and the certificate expiration time to obtain effective duration;
if the effective duration is smaller than a preset time threshold, determining that the effective duration check result is a first check result;
and if the valid time length is greater than or equal to the time threshold, determining that the valid period check result is a second check result.
5. The network connection authentication method of claim 1, wherein the step of acquiring the target network certificate based on the validity period check result comprises:
if the validity period checking result is a first checking result, generating a certificate acquisition request, and sending the certificate acquisition request to a server to acquire a target network certificate fed back by the server;
And if the validity period checking result is a second checking result, determining the local network certificate as the target network certificate.
6. The network connection authentication method of claim 1, wherein before the step of verifying the installation of the target network certificate and performing system pre-configuration on the installed target network certificate to obtain a system valid certificate, the method further comprises:
based on a message digest algorithm, carrying out security check on a target network certificate fed back by a server, and obtaining a security check result of the target network certificate fed back by the server;
if the security verification result is that verification is successful, acquiring storage path information, certificate password information and certificate file name information of the target network certificate;
the storage path information, the certificate password information and the certificate file name information are used for verifying and installing the target network certificate.
7. A network connection authentication apparatus, comprising:
the instruction response module is used for responding to a network connection operation instruction acting on a target network, carrying out validity verification on the local network certificate and obtaining a validity verification result;
The certificate acquisition module is used for acquiring a target network certificate based on the validity period verification result;
the certificate configuration module is used for verifying and installing the target network certificate, and performing system pre-configuration on the installed target network certificate to obtain a system effective certificate; the certificate configuration module is also used for acquiring the storage path information, the certificate password information and the certificate file name information of the target network certificate through a preset second interface; based on the storage path information, the certificate password information and the certificate file name information, verifying and installing the target network certificate to obtain an installed target network certificate; acquiring a network identity of the target network through a preset third interface, and acquiring a user credential key of the installed target network certificate; based on the network identity and the user credential key, performing system pre-configuration on the installed target network certificate to obtain a system effective certificate;
and the network connection module is used for sending the system effective certificate to a router corresponding to the target network for network authentication so as to connect the target network after the system effective certificate passes the authentication.
8. A computer device, the computer device comprising:
one or more processors;
a memory; and one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the processor to implement the network connection authentication method of any of claims 1 to 6.
9. A computer-readable storage medium, having stored thereon a computer program, the computer program being loaded by a processor to perform the steps in the network connection authentication method of any of claims 1 to 6.
CN202110387901.0A 2021-04-12 2021-04-12 Network connection authentication method, device, computer equipment and storage medium Active CN115250186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110387901.0A CN115250186B (en) 2021-04-12 2021-04-12 Network connection authentication method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110387901.0A CN115250186B (en) 2021-04-12 2021-04-12 Network connection authentication method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115250186A CN115250186A (en) 2022-10-28
CN115250186B true CN115250186B (en) 2024-04-16

Family

ID=83696333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110387901.0A Active CN115250186B (en) 2021-04-12 2021-04-12 Network connection authentication method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115250186B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1799240A (en) * 2002-03-20 2006-07-05 捷讯研究有限公司 Certificate information storage system and method
CN104506534A (en) * 2014-12-25 2015-04-08 青岛微智慧信息有限公司 Safety communication secret key negotiation interaction scheme
WO2017020546A1 (en) * 2015-08-06 2017-02-09 中兴通讯股份有限公司 Network access device verifying method and apparatus
CN107026738A (en) * 2016-02-01 2017-08-08 阿里巴巴集团控股有限公司 Digital certificate updating method, digital signature verification method and digital authentication device
CN109359977A (en) * 2018-09-10 2019-02-19 平安科技(深圳)有限公司 Network communication method, device, computer equipment and storage medium
CN110879879A (en) * 2018-09-05 2020-03-13 航天信息股份有限公司 Internet of things identity authentication method and device, electronic equipment, system and storage medium
US10708256B1 (en) * 2015-10-13 2020-07-07 Amazon Technologies, Inc. Identification of trusted certificates
WO2020233308A1 (en) * 2019-05-22 2020-11-26 深圳壹账通智能科技有限公司 Self-checking method, apparatus and device based on local certificate, and storage medium
CN112291279A (en) * 2020-12-31 2021-01-29 南京敏宇数行信息技术有限公司 Router intranet access method, system and equipment and readable storage medium
WO2021031689A1 (en) * 2019-08-19 2021-02-25 北京国双科技有限公司 Single sign-on method, device, and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160134621A1 (en) * 2014-11-12 2016-05-12 Qualcomm Incorporated Certificate provisioning for authentication to a network

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1799240A (en) * 2002-03-20 2006-07-05 捷讯研究有限公司 Certificate information storage system and method
CN104506534A (en) * 2014-12-25 2015-04-08 青岛微智慧信息有限公司 Safety communication secret key negotiation interaction scheme
WO2017020546A1 (en) * 2015-08-06 2017-02-09 中兴通讯股份有限公司 Network access device verifying method and apparatus
US10708256B1 (en) * 2015-10-13 2020-07-07 Amazon Technologies, Inc. Identification of trusted certificates
CN107026738A (en) * 2016-02-01 2017-08-08 阿里巴巴集团控股有限公司 Digital certificate updating method, digital signature verification method and digital authentication device
CN110879879A (en) * 2018-09-05 2020-03-13 航天信息股份有限公司 Internet of things identity authentication method and device, electronic equipment, system and storage medium
CN109359977A (en) * 2018-09-10 2019-02-19 平安科技(深圳)有限公司 Network communication method, device, computer equipment and storage medium
WO2020233308A1 (en) * 2019-05-22 2020-11-26 深圳壹账通智能科技有限公司 Self-checking method, apparatus and device based on local certificate, and storage medium
WO2021031689A1 (en) * 2019-08-19 2021-02-25 北京国双科技有限公司 Single sign-on method, device, and system
CN112291279A (en) * 2020-12-31 2021-01-29 南京敏宇数行信息技术有限公司 Router intranet access method, system and equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
构建基于PKI高校校园网身份认证系统;吴向东;;通信技术(第06期);全文 *

Also Published As

Publication number Publication date
CN115250186A (en) 2022-10-28

Similar Documents

Publication Publication Date Title
CN108200050B (en) Single sign-on server, method and computer readable storage medium
US11887176B2 (en) Method for registering customized device, server, and terminal
KR102182906B1 (en) Securely handling server certificate errors in synchronization communication
CN104025539A (en) Methods And Apparatus To Facilitate Single Sign-On Services
CN112039826B (en) Login method and device applied to applet end, electronic equipment and readable medium
CN110365684B (en) Access control method and device for application cluster and electronic equipment
CN112131021A (en) Access request processing method and device
CN110247758B (en) Password management method and device and password manager
US20140317704A1 (en) Method and system for enabling the federation of unrelated applications
CN110895603B (en) Multi-system account information integration method and device
CN106453263A (en) Method and system of binding cellphone number with APP
CN113271296A (en) Login authority management method and device
CN112434818A (en) Model construction method, device, medium and electronic equipment
WO2023093500A1 (en) Access verification method and apparatus
CN107635221A (en) A kind of car-mounted terminal identifying processing method and device
CN109510799B (en) Page display method, browser client, equipment and storage medium
CN111405016A (en) User information acquisition method and related equipment
CN107645474B (en) Method and device for logging in open platform
CN111400684A (en) Electronic certificate information acquisition method, system, device, equipment and storage medium
CN111666590A (en) Distributed file secure transmission method, device and system
CN115250186B (en) Network connection authentication method, device, computer equipment and storage medium
CN113114623B (en) Data connection method, device, terminal equipment and computer readable storage medium
CN108228280A (en) The configuration method and device of browser parameters, storage medium, electronic equipment
CN114329534A (en) Authority determination method and device, computer equipment and computer readable storage medium
CN114448722A (en) Cross-browser login method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant