WO2018121394A1 - Mobile terminal, alarm information acquisition and sending method and device - Google Patents

Mobile terminal, alarm information acquisition and sending method and device Download PDF

Info

Publication number
WO2018121394A1
WO2018121394A1 PCT/CN2017/117661 CN2017117661W WO2018121394A1 WO 2018121394 A1 WO2018121394 A1 WO 2018121394A1 CN 2017117661 W CN2017117661 W CN 2017117661W WO 2018121394 A1 WO2018121394 A1 WO 2018121394A1
Authority
WO
WIPO (PCT)
Prior art keywords
alarm
user information
authentication
user
information
Prior art date
Application number
PCT/CN2017/117661
Other languages
French (fr)
Chinese (zh)
Inventor
袁虎
李阿男
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018121394A1 publication Critical patent/WO2018121394A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • Embodiments of the present invention relate to, but are not limited to, the field of data network communication, in particular, a mobile terminal, an alarm information acquisition, and an alarm information transmission method and apparatus.
  • the alarm needs to be sent to the maintenance personnel's mobile terminal device, such as a mobile phone or a tablet, so as to notify the maintenance personnel of the alarm.
  • a monitoring port is opened on the network management server as the server, and the mobile device acts as a listening port of the client connection server. After the connection is established, the network management system can send an alarm notification to the mobile device.
  • the general method requires the network management system to be on the public network (Internet) and has a legal IP address of the public network. This is in conflict with the requirement that the network management generally needs to be located on a private local area network to maintain the security of the network management system.
  • the listening port is vulnerable to attacks by illegal users. For example, a large number of data packets are frequently sent to the listening port, which affects the normal operation of the network management system.
  • the embodiment of the invention provides a mobile terminal, an alarm information acquisition method, and an alarm information transmission method and device.
  • a method for acquiring alarm information includes: receiving an alarm message; authenticating a user identity in the alarm message according to user information input by the user; and decrypting the alarm message if the authentication is passed Encrypted alarm information carried in.
  • the authenticating the user identity in the alarm message according to the user information input by the user includes: determining whether the user information exists in the unrestricted user information list; and determining that the result is yes Confirm that the certification is passed.
  • determining whether the user information exists in the unrestricted user information list comprises: encrypting the user information input by the user; determining whether the encrypted user information exists in the unrestricted user In the information list.
  • the encrypting the user information input by the user comprises: encrypting the user information by means of non-reversible encryption.
  • the alarm message includes an authentication mark, or a content mark, or an authentication mark and a content mark, and the authentication message or the content mark, or the authentication mark and the content mark are used to distinguish the carried in the alarm message.
  • the authentication flag includes a start tag of the unrestricted user information list and a length of the unrestricted user information list;
  • the content flag includes a start tag of the alert information and a length of the alert message.
  • the decrypting the encrypted alarm information carried in the alarm message includes: acquiring a secret key used to decrypt the alarm information; and decrypting, by using the secret key, the encrypted information carried in the alarm message Alarm information.
  • the user information includes: a username and a password corresponding to the username.
  • Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information acquisition method.
  • a method for transmitting an alarm information includes: sending an alarm message, where the alarm message carries encrypted alarm information and user information for authenticating a user identity, the authentication The user information is a basis for judging whether the authentication is passed, and whether the authentication passes the basis for whether the alarm message can be decrypted.
  • the alert message carries an encrypted list of unrestricted user information, the alert message including an authentication mark, or a content mark, or an authentication mark and a content mark, the authentication message, or a content mark, or an authentication mark And the content identifier is used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
  • the recognition The certificate flag includes a start tag of the unrestricted user information list and a length of the unrestricted user information list; if the alert message includes the content flag, the content flag includes a start tag of the alert information and the The length of the alarm information.
  • Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information transmitting method.
  • a mobile terminal including: a receiving module, configured to receive an alarm message; and an authentication module, configured to authenticate a user identity in the alarm message according to user information input by the user; The encrypted alarm information carried in the alarm message is decrypted in the case that the authentication is passed.
  • the authentication module includes a determining unit, configured to determine whether the user information exists in the unrestricted user information list; and if the determination result is yes, determine that the authentication is passed.
  • an apparatus for transmitting alarm information includes: a sending module, configured to send an alarm message, where the alarm message carries encrypted alarm information and a user for authenticating a user identity
  • the user information of the authentication is a basis for judging whether the authentication is passed, and whether the authentication passes the basis of whether the alarm message can be decrypted.
  • the invention adopts the technical solution of authenticating the identity of the user in the alarm message according to the user information, and decrypting the encrypted alarm information carried in the alarm message when the authentication is passed, and obtaining the network management alarm information more securely.
  • FIG. 1 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a method for transmitting alarm information according to another embodiment of the present invention.
  • FIG. 3 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of an alarm information transmitting apparatus according to another embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention. As shown in FIG. 1, the method includes steps S102 to S106.
  • Step S102 receiving an alarm message
  • Step S104 Authenticate the user identity in the alarm message according to the user information input by the user;
  • step S106 if the authentication is passed, the encrypted alarm information carried in the alarm message is decrypted.
  • the embodiment of the invention relates to a method for acquiring alarm information, which can obtain network management alarm information more securely.
  • the execution entities of the above process steps include, but are not limited to, a network management system.
  • the user information includes a username and a password corresponding to the username.
  • the foregoing alarm message may be a short message of the operator, and the alarm information is sent to the maintenance personnel by sending a short message.
  • the mobile terminal number of the above maintenance personnel is recorded in advance on the network management.
  • the alarm message may carry multiple pieces of alarm information, and the alarm cost is reduced in a manner that sacrifices part of the alarm information in real time.
  • authentication There are many ways to implement authentication based on user information. For example, a non-restricted list can be used, and users in the list are trusted. This method is similar to the implementation of blacklist and whitelist. Of course, other methods can be used for authentication. No matter which method is used for authentication, the technical problem to be solved by the present application can be solved as long as the authentication function can be implemented.
  • the following steps may be implemented to implement the step of authenticating the user identity in the alarm message according to the user information input by the user:
  • Determining whether the user information exists in the unrestricted user information list determining that the user information exists in the unrestricted user information list, determining that the authentication is passed, and decrypting the encrypted alarm information carried in the alarm message.
  • an interface can also be provided to allow the content in the list to be modified.
  • the list is a whitelist or a blacklist, or the read permission, edit permission, etc. of the list. It is the use of an implementation such as a list that makes the above functions possible.
  • determining whether the user information exists in the unrestricted user information list includes at least the following manner:
  • the user information is encrypted by means of non-reversible encryption.
  • the irreversible encryption is opposite to the reversible encryption, and refers to the content that cannot be encrypted by using the algorithm or the original pre-encrypted content. More commonly used are MD5 (Message Digest Algorithm 5, Message Digest Algorithm Fifth Edition), SHA (Secure Hash Algorithm), and the like. Compared with the reversible encryption method, the irreversible encryption method is more secure and reliable because the original encrypted content cannot be pushed out through the encrypted content.
  • the alert message may include an authentication flag, may include a content flag, or may be a combination of an authentication flag and a content flag.
  • the authentication message and the content identifier are used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
  • the authentication flag may include a start tag of the unrestricted user information list and a length of the unrestricted user information list; the authentication flag A start tag of the unrestricted user information list and a termination tag of the unrestricted user information list may also be included.
  • the alarm message may include the content flag
  • the content flag includes a start tag of the alarm information and a length of the alarm information; the content flag may also include a start tag of the alarm information and the alarm The end tag of the message.
  • an alarm information sending method is as shown in FIG. 2, and the method includes the following steps:
  • Step S201 Send an alarm message, where the alarm message carries an encrypted alarm message.
  • the user information for authenticating the user identity is a basis for determining whether the authentication is passed, and whether the authentication passes the basis for whether the alarm message can be decrypted.
  • the alert message carries an encrypted list of unrestricted user information, the alert message including an authentication mark, or a content mark, or an authentication mark and a content mark, the authentication message, or a content mark, or an authentication mark And the content identifier is used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
  • the authentication flag may include a start tag of the unrestricted user information list and a length of the unrestricted user information list; the authentication flag A start tag of the unrestricted user information list and a termination tag of the unrestricted user information list may also be included.
  • the alarm message may include the content flag
  • the content flag includes a start tag of the alarm information and a length of the alarm information; the content flag may also include a start tag of the alarm information and the alarm The end tag of the message.
  • FIG. 3 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention. As shown in FIG. 3, the method includes steps S302-S308.
  • Step S302 recording the number of the mobile terminal of the maintenance personnel to the network management
  • Step S304 after the network management generates an alarm, encrypt the user name and password information having the reading authority as the file header AA by using the irreversible encryption algorithm A, and encrypt the alarm content as the file body BB by using the reversible encryption algorithm B and the encryption key K1. And combining the encrypted content to generate an alarm message.
  • the alarm message is also the alarm report file mentioned below.
  • the above list of users with read access is also the list of unrestricted users mentioned above.
  • the non-reversible encryption algorithm refers to that the original encrypted content cannot be calculated or inverted by using the content encrypted by the algorithm. Now more commonly used are MD5, SHA algorithm and so on.
  • the reversible encryption algorithm means that the original encrypted content can be calculated or inverted by using the content encrypted by the algorithm.
  • the more commonly used is the symmetric encryption algorithm, which is to set the secret key only known by the encryption end and the decryption end.
  • the encryption end uses the secret key to encrypt, and the decryption end can use the secret key to decrypt the encrypted content to obtain the original text, which is more commonly used now.
  • Step S306 the network management device sends the alarm message to the mobile terminal of the maintenance personnel in a short message manner. Since the network management is not required to be on the public network in this embodiment, the security of the network management is ensured.
  • Step S308 the mobile terminal installs a dedicated alarm reading program to read the received short message, and asks the maintenance personnel to input the user name and password. If the user name and password are calculated by the irreversible encryption algorithm A, the result can be reported in the alarm report file. Found in the AA section, the BB part of the alarm report file is decrypted using the reversible encryption algorithm B and the encryption key K1 to obtain the original text of the alarm information and displayed; if the user name and password are calculated by the non-reversible encryption algorithm A, the result is obtained. If the alarm report file cannot be found in the AA part, the user is prompted to fail authentication and the alarm information is not displayed. Because the user and the password are verified, and the checked content is stored in the short message, the user of the mobile terminal is not required to connect to the network management device to perform the permission check, thereby further ensuring the security of the alarm content of the network management.
  • the non-reversible encryption algorithm A, the reversible encryption algorithm B and the encryption key K1 are known only to the network management developer, and have been fixedly used in the development of installing a dedicated alarm reading program on the network management system and the mobile terminal. For security reasons, it cannot be known by other people, such as network management users.
  • the user and the password are verified, and the verified comparison content exists in the short message, and the user of the mobile terminal is not required to connect to the network management device to perform permission verification, thereby ensuring the security of the alarm content of the network management.
  • the user name and password are combined and encrypted together, and the user information of the network management is not obtained through the short message content, thereby ensuring the security of the network management user.
  • the method for acquiring an alarm information includes the steps S602 to S608.
  • Step S602 Record the mobile phone number of the mobile terminal of each maintenance personnel to the network management.
  • Step S604 After the network management generates an alarm, the non-reversible encryption algorithm A is used to encrypt all the user name and password information having the reading authority as the file header AA, and the reversible encryption algorithm B is used to encrypt the alarm content as the file body BB. And the above encrypted content is combined to generate an alarm report file.
  • the users U1, U2, U3, U4, and U5 have their own passwords for accessing the NMS, such as P1, P2, P3, P4, and P5.
  • users with alarm access rights are U1, U3, U5, and their username and password are combined and encrypted using the MD5 algorithm.
  • the combination method may use a delimiter such as ":" as a separator of the username and password to splicing the username and password, that is, "U1:P1", “ U3: P3", “U5: P5".
  • the three combinations are encrypted by the MD5 algorithm to generate the contents of the file header AA, assuming that the contents of the file header AA are:
  • a reversible encryption algorithm RC5 is used, which is a symmetric encryption algorithm that satisfies the requirements for encrypting alarm content.
  • the file header flag may be the start flag of the file header plus the length of the file header
  • the file body flag may be the start flag of the file body plus the length of the file body
  • Step S606 The network management system sends the alarm report file to the mobile terminal of the maintenance personnel in a short message manner.
  • the network management device sends the alarm report file generated in step 2 to the mobile terminal of the mobile phone numbers TEL1, TEL3, and TEL5 corresponding to the users U1, U3, and U5 having the alarm access authority by means of short messages.
  • Step S608 The mobile terminal installs a dedicated alarm reading program to read the received short message, and the maintenance personnel inputs the user name and password. If the user name and password are calculated by the irreversible encryption algorithm A, the result can be obtained in the alarm report file AA. Found in the section, the reversible encryption algorithm B is used to decrypt the BB part of the alarm report file to obtain the original text of the alarm information and display it; if the user name and password are calculated by the irreversible encryption algorithm A, the result is obtained in the AA part of the alarm report file. If it cannot be found, the user is prompted to fail authentication and the alarm information is not displayed.
  • the maintenance personnel U1 has an alarm reading program installed on the mobile phone. After receiving the short message of the alarm notification, the alarm reading program is used to read the short message, and the alarm reading program prompts the maintenance personnel U1 to input the password. If the maintenance personnel U1 enters the correct password P1, the alarm reader combines the username U1 and the password P1 and encrypts it using the MD5 algorithm. The result is necessarily
  • This content can be found in the file header AA of the alarm report file, and the alarm reading program decrypts the message body BB using the secret key K1, and the original text of the alarm can be obtained and displayed.
  • the alarm reader combines the username U2 and the password P2 and encrypts it using the MD5 algorithm. The result is necessarily
  • This content can not be found in the file header AA of the alarm report file, then the alarm reader will prompt the user to fail authentication and not display the alarm information.
  • Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information acquisition method.
  • Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information transmitting method.
  • FIG. 5 is a structural block diagram of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 5, the mobile terminal includes:
  • the receiving module 32 is configured to receive an alarm message
  • the authentication module 34 is configured to authenticate the user identity in the alarm message according to the user information input by the user;
  • the decryption module 36 is configured to decrypt the encrypted alarm information carried in the alarm message when the authentication is passed.
  • FIG. 6 is a structural block diagram of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 6, the authentication module 34 further includes:
  • the determining unit 42 is configured to determine whether the user information exists in the unrestricted user information list; and determine that the authentication is passed if it is determined that the user information exists in the unrestricted user information list.
  • an alarm information transmitting apparatus includes:
  • the sending module 56 is configured to send an alarm message, where the alarm message carries the encrypted alarm information and user information used for authenticating the user identity, and the authenticated user information is a judgment basis for whether the authentication passes, and the authentication Whether to pass the basis for whether the alarm message can be decrypted.
  • computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media.
  • Computer storage media include, but are not limited to, Random Access Memory (RAM), Read-Only Memory (ROM), and Electrically Erasable Programmable Read-only Memory (EEPROM). Flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical disc storage, magnetic cassette, magnetic tape, disk storage or other magnetic storage device, or Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
  • the embodiment of the present invention provides a mobile terminal, an alarm information acquisition method, and an alarm information transmission method and device, which use the alarm information to authenticate the user identity according to the user information, and decrypt the information carried in the alarm message when the authentication is passed.
  • the technical solution of the encrypted alarm information is used to obtain the network management alarm information more securely.

Abstract

A mobile terminal, alarm information acquisition and sending method and device, the method comprising: receiving an alarm message; authenticating a user identity in the alarm message according to user information inputted by the user; and decrypting encrypted alarm information carried in the alarm message under the condition that the user passes the authentication.

Description

移动终端、告警信息获取、告警信息发送方法及装置Mobile terminal, alarm information acquisition, alarm information transmission method and device 技术领域Technical field
本发明实施例涉及但不限于数据网络通信领域,尤其是移动终端、告警信息获取、告警信息发送方法及装置。Embodiments of the present invention relate to, but are not limited to, the field of data network communication, in particular, a mobile terminal, an alarm information acquisition, and an alarm information transmission method and apparatus.
背景技术Background technique
在网管发生告警而维护人员不在机房的情况下,需要把告警发送到维护人员的移动终端设备上,比如手机、平板等,从而及时通知维护人员告警的发生。In the case that an alarm occurs on the NMS and the maintenance personnel are not in the equipment room, the alarm needs to be sent to the maintenance personnel's mobile terminal device, such as a mobile phone or a tablet, so as to notify the maintenance personnel of the alarm.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
一般是在网管上开一个监听的端口作为服务器,而移动设备作为客户端连接服务器的监听端口,建立连接后,网管可以向移动设备发送告警的通知。而这种通用的方法要求网管处于公网(Internet)上,并具备一个公网的合法的IP地址,这与网管一般要求位于私有的局域网上,保持网管的安全性的需求有冲突。当网管位于公网上时,监听的端口容易遭到非法用户的攻击,比如频繁的发送大量的数据包到监听的端口,从而影响到网管的正常工作。Generally, a monitoring port is opened on the network management server as the server, and the mobile device acts as a listening port of the client connection server. After the connection is established, the network management system can send an alarm notification to the mobile device. The general method requires the network management system to be on the public network (Internet) and has a legal IP address of the public network. This is in conflict with the requirement that the network management generally needs to be located on a private local area network to maintain the security of the network management system. When the network management system is located on the public network, the listening port is vulnerable to attacks by illegal users. For example, a large number of data packets are frequently sent to the listening port, which affects the normal operation of the network management system.
本发明实施例提供了移动终端、告警信息获取、告警信息发送方法及装置。The embodiment of the invention provides a mobile terminal, an alarm information acquisition method, and an alarm information transmission method and device.
根据本发明的一个方面,提供一种告警信息获取方法,包括:接收告警消息;根据用户输入的用户信息在该告警消息中对用户身份进行认证;在认证通过的情况下,解密出该告警消息中携带的已加密的告警信息。According to an aspect of the present invention, a method for acquiring alarm information includes: receiving an alarm message; authenticating a user identity in the alarm message according to user information input by the user; and decrypting the alarm message if the authentication is passed Encrypted alarm information carried in.
在示例性的实施方式中,该根据用户输入的用户信息在该告警消息中对用户身份进行认证包括:判断该用户信息是否存在于该非受限用户信息清单中;在判断结果为是的情况下确定认证通过。 In an exemplary embodiment, the authenticating the user identity in the alarm message according to the user information input by the user includes: determining whether the user information exists in the unrestricted user information list; and determining that the result is yes Confirm that the certification is passed.
在示例性的实施方式中,该判断该用户信息是否存在于该非受限用户信息清单中包括:对用户输入的该用户信息进行加密;判断加密后的用户信息是否存在于该非受限用户信息清单中。In an exemplary embodiment, determining whether the user information exists in the unrestricted user information list comprises: encrypting the user information input by the user; determining whether the encrypted user information exists in the unrestricted user In the information list.
在示例性的实施方式中,该对用户输入的该用户信息进行加密包括:通过非可逆加密的方式对该用户信息进行加密。In an exemplary embodiment, the encrypting the user information input by the user comprises: encrypting the user information by means of non-reversible encryption.
在示例性的实施方式中,该告警消息包括认证标志、或内容标志、或认证标志与内容标志,该认证消息、或内容标志、或认证标志与内容标志用于区分该告警消息中携带的该非受限用户信息清单和该告警信息。In an exemplary embodiment, the alarm message includes an authentication mark, or a content mark, or an authentication mark and a content mark, and the authentication message or the content mark, or the authentication mark and the content mark are used to distinguish the carried in the alarm message. Unrestricted user information list and the alarm information.
在示例性的实施方式中,在该告警消息包括该认证标志的情况下,该认证标志包括该非受限用户信息清单的起始标记和该非受限用户信息清单的长度;在该告警消息包括该内容标志的情况下,该内容标志包括该告警信息的起始标记和该告警信息的长度。In an exemplary embodiment, where the alert message includes the authentication flag, the authentication flag includes a start tag of the unrestricted user information list and a length of the unrestricted user information list; In the case of including the content flag, the content flag includes a start tag of the alert information and a length of the alert message.
在示例性的实施方式中,该解密出该告警消息中携带的已加密的告警信息包括:获取用于解密该告警信息的秘钥;通过该秘钥解密出该告警消息中携带的已加密的告警信息。In an exemplary embodiment, the decrypting the encrypted alarm information carried in the alarm message includes: acquiring a secret key used to decrypt the alarm information; and decrypting, by using the secret key, the encrypted information carried in the alarm message Alarm information.
在示例性的实施方式中,该用户信息包括:用户名及该用户名对应的密码。In an exemplary embodiment, the user information includes: a username and a password corresponding to the username.
本发明的实施例提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述的告警信息获取方法。Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information acquisition method.
根据本发明的另一方面,提供一种告警信息发送方法,包括:发送告警消息,其中,该告警消息中携带有已加密的告警信息以及用于对用户身份进行认证的用户信息,该认证的用户信息为认证是否通过的判断依据,该认证是否通过为是否能够解密该告警消息的依据。According to another aspect of the present invention, a method for transmitting an alarm information includes: sending an alarm message, where the alarm message carries encrypted alarm information and user information for authenticating a user identity, the authentication The user information is a basis for judging whether the authentication is passed, and whether the authentication passes the basis for whether the alarm message can be decrypted.
在示例性的实施方式中,该告警消息携带加密的非受限用户信息清单,该告警消息包括认证标志、或内容标志、或认证标志与内容标志,该认证消息、或内容标志、或认证标志与内容标志用于区分该告警消息中携带的该非受限用户信息清单和该告警信息。In an exemplary embodiment, the alert message carries an encrypted list of unrestricted user information, the alert message including an authentication mark, or a content mark, or an authentication mark and a content mark, the authentication message, or a content mark, or an authentication mark And the content identifier is used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
在示例性的实施方式中,在该告警消息包括该认证标志的情况下,该认 证标志包括该非受限用户信息清单的起始标记和该非受限用户信息清单的长度;在该告警消息包括该内容标志的情况下,该内容标志包括该告警信息的起始标记和该告警信息的长度。In an exemplary embodiment, in the case that the alert message includes the authentication flag, the recognition The certificate flag includes a start tag of the unrestricted user information list and a length of the unrestricted user information list; if the alert message includes the content flag, the content flag includes a start tag of the alert information and the The length of the alarm information.
本发明的实施例提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述的告警信息发送方法。Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information transmitting method.
根据本发明的另一方面,提供一种移动终端,包括:接收模块,用于接收告警消息;认证模块,用于根据用户输入的用户信息在该告警消息中对用户身份进行认证;解密模块,用于在认证通过的情况下,解密出该告警消息中携带的已加密的告警信息。According to another aspect of the present invention, a mobile terminal is provided, including: a receiving module, configured to receive an alarm message; and an authentication module, configured to authenticate a user identity in the alarm message according to user information input by the user; The encrypted alarm information carried in the alarm message is decrypted in the case that the authentication is passed.
在示例性的实施方式中,该认证模块包括判断单元,用于判断该用户信息是否存在于该非受限用户信息清单中;在判断结果为是的情况下确定认证通过。In an exemplary embodiment, the authentication module includes a determining unit, configured to determine whether the user information exists in the unrestricted user information list; and if the determination result is yes, determine that the authentication is passed.
根据本发明的另一方面,提供一种告警信息发送装置,包括:发送模块,用于发送告警消息,其中,该告警消息中携带有已加密的告警信息以及用于对用户身份进行认证的用户信息,该认证的用户信息为认证是否通过的判断依据,该认证是否通过为是否能够解密该告警消息的依据。According to another aspect of the present invention, an apparatus for transmitting alarm information includes: a sending module, configured to send an alarm message, where the alarm message carries encrypted alarm information and a user for authenticating a user identity The user information of the authentication is a basis for judging whether the authentication is passed, and whether the authentication passes the basis of whether the alarm message can be decrypted.
通过本发明,采用根据用户信息在该告警消息对用户身份进行认证,在认证通过的情况下解密出该告警消息中携带的已加密的告警信息的技术方案,更安全的获取网管告警信息。The invention adopts the technical solution of authenticating the identity of the user in the alarm message according to the user information, and decrypting the encrypted alarm information carried in the alarm message when the authentication is passed, and obtaining the network management alarm information more securely.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1是根据本发明实施例的告警信息获取方法的流程图;1 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention;
图2是根据本发明另一个实施例的告警信息发送方法的示意图;2 is a schematic diagram of a method for transmitting alarm information according to another embodiment of the present invention;
图3是根据本发明实施例的告警信息获取方法的流程图;FIG. 3 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention; FIG.
图4是根据本发明实施例的告警信息获取方法的流程图;4 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention;
图5是根据本发明实施例的移动终端的结构框图; FIG. 5 is a structural block diagram of a mobile terminal according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的移动终端的结构框图;FIG. 6 is a structural block diagram of a mobile terminal according to an embodiment of the present invention; FIG.
图7是根据本发明另一实施例的告警信息发送装置的结构框图。FIG. 7 is a structural block diagram of an alarm information transmitting apparatus according to another embodiment of the present invention.
本发明的实施方式Embodiments of the invention
下文中将参考附图并结合实施例来详细说明本发明。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments.
在本实施例中提供了一种移动终端、告警信息获取、告警信息发送方法及装置。图1是根据本发明实施例的告警信息获取方法的流程图,如图1所示,该方法包括步骤S102-步骤S106。In this embodiment, a mobile terminal, an alarm information acquisition, and an alarm information transmission method and apparatus are provided. FIG. 1 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention. As shown in FIG. 1, the method includes steps S102 to S106.
步骤S102,接收告警消息;Step S102, receiving an alarm message;
步骤S104,根据用户输入的用户信息在该告警消息中对用户身份进行认证;Step S104: Authenticate the user identity in the alarm message according to the user information input by the user;
步骤S106,在认证通过的情况下,解密出该告警消息中携带的已加密的告警信息。In step S106, if the authentication is passed, the encrypted alarm information carried in the alarm message is decrypted.
本发明实施例涉及一种告警信息获取方法,可以更安全的获取网管告警信息。The embodiment of the invention relates to a method for acquiring alarm information, which can obtain network management alarm information more securely.
上述流程步骤的执行主体包括但不限于网管系统。在示例性的实施方式中,上述用户信息包括用户名及该用户名对应的密码。上述告警消息可以为运营商的短信,通过发送短信的方式将所述告警信息发送给维护人员。上述维护人员的移动终端号码被提前记录于网管上。在对发送的告警信息的实时性要求不高的情况下,上述告警消息中可以携带多条告警信息,以牺牲部分的告警信息实时性的方式降低告警费用。The execution entities of the above process steps include, but are not limited to, a network management system. In an exemplary embodiment, the user information includes a username and a password corresponding to the username. The foregoing alarm message may be a short message of the operator, and the alarm information is sent to the maintenance personnel by sending a short message. The mobile terminal number of the above maintenance personnel is recorded in advance on the network management. In the case that the real-time requirement of the sent alarm information is not high, the alarm message may carry multiple pieces of alarm information, and the alarm cost is reduced in a manner that sacrifices part of the alarm information in real time.
根据用户信息进行认证的方式可以有多种实现方式,例如,可以采用非受限清单的方式,在该清单中的用户都是被信任的,这种方式类似黑名单和白名单的实现方式。当然也可以采用其他的方式来进行认证,无论采用哪种方式来进行认证只要能够起到认证作用的实现方式均可以解决本申请所要解决的技术问题。There are many ways to implement authentication based on user information. For example, a non-restricted list can be used, and users in the list are trusted. This method is similar to the implementation of blacklist and whitelist. Of course, other methods can be used for authentication. No matter which method is used for authentication, the technical problem to be solved by the present application can be solved as long as the authentication function can be implemented.
采用非受限清单方式时,可以通过如下步骤来实现根据用户输入的用户信息在该告警消息中对用户身份进行认证的步骤: When the unrestricted list mode is adopted, the following steps may be implemented to implement the step of authenticating the user identity in the alarm message according to the user information input by the user:
判断该用户信息是否存在于该非受限用户信息清单中;在判断用户信息存在于该非受限用户信息清单的情况下确定认证通过,解密出该告警消息中携带的已加密的告警信息。Determining whether the user information exists in the unrestricted user information list; determining that the user information exists in the unrestricted user information list, determining that the authentication is passed, and decrypting the encrypted alarm information carried in the alarm message.
通过上述步骤,采用了清单的方式实现起来比较容易,并且也可以提供一个接口,允许对该清单中的内容进行修改,在示例性的实施方式中,不仅仅可以修改清单中的内容,还可以修改清单的属性,例如,该清单是白名单或者黑名单,或者,该清单的读取权限、编辑权限等等。正是使用了清单这样的一个实现方式,才使上述的功能成为了可能。Through the above steps, it is easier to implement by using the manifest, and an interface can also be provided to allow the content in the list to be modified. In the exemplary embodiment, not only the contents of the list but also the contents of the list can be modified. Modify the attributes of the list, for example, the list is a whitelist or a blacklist, or the read permission, edit permission, etc. of the list. It is the use of an implementation such as a list that makes the above functions possible.
在示例性的实施方式中地,该判断该用户信息是否存在于该非受限用户信息清单中至少包括如下方式:In an exemplary embodiment, determining whether the user information exists in the unrestricted user information list includes at least the following manner:
对用户输入的该用户信息进行加密;判断加密后的用户信息是否存在于该非受限用户信息清单中。在示例性的实施方式中,通过非可逆加密的方式对该用户信息进行加密。所述非可逆加密与可逆加密相对,是指无法通过使用这种算法加密后的内容计算或者倒推出原始的加密前的内容。比较常用的有MD5(Message Digest Algorithm 5,消息摘要算法第五版),SHA(Secure Hash Algorithm,安全散列算法)等。非可逆加密方式较可逆加密方式而言,由于无法通过加密后的内容倒推出原始的加密内容,因而更加安全可靠。Encrypting the user information input by the user; determining whether the encrypted user information exists in the unrestricted user information list. In an exemplary embodiment, the user information is encrypted by means of non-reversible encryption. The irreversible encryption is opposite to the reversible encryption, and refers to the content that cannot be encrypted by using the algorithm or the original pre-encrypted content. More commonly used are MD5 (Message Digest Algorithm 5, Message Digest Algorithm Fifth Edition), SHA (Secure Hash Algorithm), and the like. Compared with the reversible encryption method, the irreversible encryption method is more secure and reliable because the original encrypted content cannot be pushed out through the encrypted content.
在示例性的实施方式中,该告警消息可以包括认证标志、可以包括内容标志,也可以为认证标志和内容标志的组合。上述认证消息和内容标志用于区分该告警消息中携带的该非受限用户信息清单和该告警信息。In an exemplary embodiment, the alert message may include an authentication flag, may include a content flag, or may be a combination of an authentication flag and a content flag. The authentication message and the content identifier are used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
在示例性的实施方式中,在该告警消息包括该认证标志的情况下,该认证标志可以包括该非受限用户信息清单的起始标记和该非受限用户信息清单的长度;该认证标志也可以包括该非受限用户信息清单的起始标记和该非受限用户信息清单的终止标记。同理,在该告警消息可以包括该内容标志的情况下,该内容标志包括该告警信息的起始标记和该告警信息的长度;该内容标志也可以包括该告警信息的起始标记和该告警信息的终止标记。In an exemplary embodiment, where the alert message includes the authentication flag, the authentication flag may include a start tag of the unrestricted user information list and a length of the unrestricted user information list; the authentication flag A start tag of the unrestricted user information list and a termination tag of the unrestricted user information list may also be included. Similarly, in the case that the alarm message may include the content flag, the content flag includes a start tag of the alarm information and a length of the alarm information; the content flag may also include a start tag of the alarm information and the alarm The end tag of the message.
根据本发明另一个实施例的告警信息发送方法,如图2所示,该方法包括如下步骤:According to another embodiment of the present invention, an alarm information sending method is as shown in FIG. 2, and the method includes the following steps:
步骤S201,发送告警消息,其中,该告警消息中携带有已加密的告警信 息以及用于对用户身份进行认证的用户信息,该认证的用户信息为认证是否通过的判断依据,该认证是否通过为是否能够解密该告警消息的依据。Step S201: Send an alarm message, where the alarm message carries an encrypted alarm message. And the user information for authenticating the user identity, the authenticated user information is a basis for determining whether the authentication is passed, and whether the authentication passes the basis for whether the alarm message can be decrypted.
在示例性的实施方式中,该告警消息携带加密的非受限用户信息清单,该告警消息包括认证标志、或内容标志、或认证标志与内容标志,该认证消息、或内容标志、或认证标志与内容标志用于区分该告警消息中携带的该非受限用户信息清单和该告警信息。In an exemplary embodiment, the alert message carries an encrypted list of unrestricted user information, the alert message including an authentication mark, or a content mark, or an authentication mark and a content mark, the authentication message, or a content mark, or an authentication mark And the content identifier is used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
在示例性的实施方式中,在该告警消息包括该认证标志的情况下,该认证标志可以包括该非受限用户信息清单的起始标记和该非受限用户信息清单的长度;该认证标志也可以包括该非受限用户信息清单的起始标记和该非受限用户信息清单的终止标记。同理,在该告警消息可以包括该内容标志的情况下,该内容标志包括该告警信息的起始标记和该告警信息的长度;该内容标志也可以包括该告警信息的起始标记和该告警信息的终止标记。In an exemplary embodiment, where the alert message includes the authentication flag, the authentication flag may include a start tag of the unrestricted user information list and a length of the unrestricted user information list; the authentication flag A start tag of the unrestricted user information list and a termination tag of the unrestricted user information list may also be included. Similarly, in the case that the alarm message may include the content flag, the content flag includes a start tag of the alarm information and a length of the alarm information; the content flag may also include a start tag of the alarm information and the alarm The end tag of the message.
图3是根据本发明实施例的告警信息获取方法的流程图,如图3所示,该方法包括步骤S302-步骤S308。FIG. 3 is a flowchart of a method for acquiring alarm information according to an embodiment of the present invention. As shown in FIG. 3, the method includes steps S302-S308.
步骤S302,记录维护人员的移动终端的号码到网管上;Step S302, recording the number of the mobile terminal of the maintenance personnel to the network management;
步骤S304,当网管产生告警后,使用非可逆的加密算法A加密所有具备阅读权限的用户名和密码信息作为文件头AA,使用可逆的加密算法B和加密密钥K1加密告警内容作为文件体BB,并把上述加密后的内容合并生成告警消息。所述告警消息也即下文提及的告警汇报文件。上述具备阅读权限的用户清单也即上文提及的非受限用户清单。Step S304, after the network management generates an alarm, encrypt the user name and password information having the reading authority as the file header AA by using the irreversible encryption algorithm A, and encrypt the alarm content as the file body BB by using the reversible encryption algorithm B and the encryption key K1. And combining the encrypted content to generate an alarm message. The alarm message is also the alarm report file mentioned below. The above list of users with read access is also the list of unrestricted users mentioned above.
所述非可逆的加密算法是指,无法通过使用这种算法加密后的内容计算或者倒推出原始的加密前的内容。现在比较常用的有MD5,SHA算法等。The non-reversible encryption algorithm refers to that the original encrypted content cannot be calculated or inverted by using the content encrypted by the algorithm. Now more commonly used are MD5, SHA algorithm and so on.
所述可逆的加密算法是指,可以通过使用这种算法加密后的内容计算或者倒推出原始的加密前的内容。比较常用的是对称性加密算法,也就是先设定只有加密端和解密端知道的秘钥,加密端使用这个秘钥加密,解密端可以使用这个秘钥对加密内容解密得到原文,现在比较常用的有DES,RC算法等。The reversible encryption algorithm means that the original encrypted content can be calculated or inverted by using the content encrypted by the algorithm. The more commonly used is the symmetric encryption algorithm, which is to set the secret key only known by the encryption end and the decryption end. The encryption end uses the secret key to encrypt, and the decryption end can use the secret key to decrypt the encrypted content to obtain the original text, which is more commonly used now. There are DES, RC algorithms, etc.
步骤S306,网管把告警消息以短消息方式发送到维护人员的移动终端上, 由于本实施例中不要求网管处于公网上,保证了网管的安全性。Step S306, the network management device sends the alarm message to the mobile terminal of the maintenance personnel in a short message manner. Since the network management is not required to be on the public network in this embodiment, the security of the network management is ensured.
步骤S308,移动终端上安装专用的告警阅读程序读取接收到的短消息,要求维护人员输入用户名和密码,如果用户名和密码经过非可逆的加密算法A计算后得到的结果能够在告警汇报文件的AA部分中找到,则使用可逆的加密算法B和加密密钥K1对告警汇报文件的BB部分进行解密得到告警信息原文并显示;如果用户名和密码经过非可逆的加密算法A计算后得到的结果在告警汇报文件的AA部分中不能找到,则提示用户鉴权失败,不显示告警信息。由于对用户和密码进行了校验,且校验的比对内容存在于短消息内部,不需要移动终端的用户连接网管进行权限校验,进一步保证了网管的告警内容的安全性。Step S308, the mobile terminal installs a dedicated alarm reading program to read the received short message, and asks the maintenance personnel to input the user name and password. If the user name and password are calculated by the irreversible encryption algorithm A, the result can be reported in the alarm report file. Found in the AA section, the BB part of the alarm report file is decrypted using the reversible encryption algorithm B and the encryption key K1 to obtain the original text of the alarm information and displayed; if the user name and password are calculated by the non-reversible encryption algorithm A, the result is obtained. If the alarm report file cannot be found in the AA part, the user is prompted to fail authentication and the alarm information is not displayed. Because the user and the password are verified, and the checked content is stored in the short message, the user of the mobile terminal is not required to connect to the network management device to perform the permission check, thereby further ensuring the security of the alarm content of the network management.
其中,所述非可逆的加密算法A,可逆的加密算法B和加密密钥K1是只有网管开发人员才知道的,并且在网管和移动终端上安装专用的告警阅读程序的开发中已经被固定使用的,为了安全起见是不能被网管用户在内的其他人员知道的。The non-reversible encryption algorithm A, the reversible encryption algorithm B and the encryption key K1 are known only to the network management developer, and have been fixedly used in the development of installing a dedicated alarm reading program on the network management system and the mobile terminal. For security reasons, it cannot be known by other people, such as network management users.
本实施例对用户和密码进行了校验,而校验的比对内容存在于短消息内部,不需要移动终端的用户连接网管进行权限校验,保证了网管的告警内容的安全性。同时,用户名和密码是组合后一起加密的,也无法通过短消息内容获取网管的用户信息,保证了网管用户的安全性。In this embodiment, the user and the password are verified, and the verified comparison content exists in the short message, and the user of the mobile terminal is not required to connect to the network management device to perform permission verification, thereby ensuring the security of the alarm content of the network management. At the same time, the user name and password are combined and encrypted together, and the user information of the network management is not obtained through the short message content, thereby ensuring the security of the network management user.
结合具体实施例可以对本发明进行进一步地说明。The invention may be further illustrated in conjunction with specific embodiments.
如图4所示告警信息获取方法,该方法包括步骤S602-步骤S608。As shown in FIG. 4, the method for acquiring an alarm information includes the steps S602 to S608.
步骤S602:记录每个维护人员的移动端的手机号码到网管上。Step S602: Record the mobile phone number of the mobile terminal of each maintenance personnel to the network management.
在有5个维护人员的情况下,比如他们的用户名是U1,U2,U3,U4,U5,对应的手机号码是TEL1,TEL2,TEL3,TEL4,TEL5,需要把这用户名和手机号码信息输入到网管中并记录。上述用户名和手机号码是可以增删和修改的。In the case of 5 maintenance personnel, for example, their user names are U1, U2, U3, U4, U5, and the corresponding mobile phone numbers are TEL1, TEL2, TEL3, TEL4, TEL5, and the user name and mobile phone number information need to be input. Go to the network management and record. The above username and mobile number can be added, deleted and modified.
步骤S604:当网管产生告警后,使用非可逆的加密算法A加密所有具备阅读权限的用户名和密码信息作为文件头AA,使用可逆的加密算法B加密告警内容作为文件体BB。并把上述加密后的内容合并生成告警汇报文件。 Step S604: After the network management generates an alarm, the non-reversible encryption algorithm A is used to encrypt all the user name and password information having the reading authority as the file header AA, and the reversible encryption algorithm B is used to encrypt the alarm content as the file body BB. And the above encrypted content is combined to generate an alarm report file.
上述用户U1,U2,U3,U4,U5都有自己的访问网管的密码,比如分别是P1,P2,P3,P4,P5。The users U1, U2, U3, U4, and U5 have their own passwords for accessing the NMS, such as P1, P2, P3, P4, and P5.
比如有告警访问权限的用户是U1,U3,U5,将其用户名和密码组合并使用MD5算法加密。简便起见,在上述用户名中不出现分隔符的情况下,组合方法可以是使用分隔符,例如“:”作为用户名和密码的分隔符将用户名和密码拼接,也就是“U1:P1”,“U3:P3”,“U5:P5”。三个组合经过MD5算法加密后生成文件头AA的内容,假设文件头AA的内容为:For example, users with alarm access rights are U1, U3, U5, and their username and password are combined and encrypted using the MD5 algorithm. For the sake of simplicity, in the case where the delimiter does not appear in the above username, the combination method may use a delimiter such as ":" as a separator of the username and password to splicing the username and password, that is, "U1:P1", " U3: P3", "U5: P5". The three combinations are encrypted by the MD5 algorithm to generate the contents of the file header AA, assuming that the contents of the file header AA are:
11111111111111111111111111111111111111111111111111111111111111
33333333333333333333333333333333333333333333333333333333333333
55555555555555555555555555555555555555555555555555555555555555
设定一个网管和移动终端上的告警阅读程序都知道的一个固定的秘钥K1。网管使用该秘钥K1对告警进行加密后,告警阅读程序可以使用这个秘钥K1进行解密获得告警的原文。为了安全起见,这个秘钥K1是只有网管的开发者才知道的,包括网管用户在内的其他人是不知道的,可以避免非法用户盗用对告警信息进行破解。Set a fixed secret key K1 that is known to both the network administrator and the alarm reader on the mobile terminal. After the network administrator encrypts the alarm by using the key K1, the alarm reading program can use the secret key K1 to decrypt and obtain the original text of the alarm. For security reasons, this key K1 is known only to the developers of the network management. Others, including the network management users, do not know, and can avoid illegal user theft to crack the alarm information.
在示例性的实施方式中,使用可逆的加密算法RC5,它是一种对称型加密算法,可以满足对告警内容进行加密的要求。In an exemplary embodiment, a reversible encryption algorithm RC5 is used, which is a symmetric encryption algorithm that satisfies the requirements for encrypting alarm content.
假设告警内容经过公共秘钥K1使用RC5加密后生成文件体CC的内容,假设文件体BB的内容为:It is assumed that the content of the alarm is generated by the public key K1 using RC5 encryption, and the content of the file body CC is assumed to be:
Figure PCTCN2017117661-appb-000001
Figure PCTCN2017117661-appb-000001
将文件头AA和文件体BB的内容合并后,整个告警汇报文件的内容是:After the contents of the file header AA and the file body BB are merged, the contents of the entire alarm report file are:
文件头标志File header flag
11111111111111111111111111111111111111111111111111111111111111
33333333333333333333333333333333333333333333333333333333333333
55555555555555555555555555555555555555555555555555555555555555
文件体标志Document body mark
Figure PCTCN2017117661-appb-000002
Figure PCTCN2017117661-appb-000002
其中文件头标志可以是文件头的起始标志加上文件头的长度,文件体标志可以是文件体的起始标志加上文件体的长度。The file header flag may be the start flag of the file header plus the length of the file header, and the file body flag may be the start flag of the file body plus the length of the file body.
步骤S606:网管把告警汇报文件以短消息的方式发送到维护人员的移动终端上。Step S606: The network management system sends the alarm report file to the mobile terminal of the maintenance personnel in a short message manner.
在本实施例中,网管把步骤二生成的告警汇报文件以短消息的方式发送到有告警访问权限的用户U1,U3,U5对应的手机号码TEL1,TEL3,TEL5的移动终端上。In this embodiment, the network management device sends the alarm report file generated in step 2 to the mobile terminal of the mobile phone numbers TEL1, TEL3, and TEL5 corresponding to the users U1, U3, and U5 having the alarm access authority by means of short messages.
步骤S608:移动终端上安装专用的告警阅读程序读取接收到的短消息,维护人员输入用户名和密码,如果用户名和密码经过非可逆的加密算法A计算后得到的结果能够在告警汇报文件的AA部分中找到,则使用可逆的加密算法B对告警汇报文件的BB部分进行解密得到告警信息原文并显示;如果用户名和密码经过非可逆的加密算法A计算后得到的结果在告警汇报文件的AA部分中不能找到,则提示用户鉴权失败,不显示告警信息。Step S608: The mobile terminal installs a dedicated alarm reading program to read the received short message, and the maintenance personnel inputs the user name and password. If the user name and password are calculated by the irreversible encryption algorithm A, the result can be obtained in the alarm report file AA. Found in the section, the reversible encryption algorithm B is used to decrypt the BB part of the alarm report file to obtain the original text of the alarm information and display it; if the user name and password are calculated by the irreversible encryption algorithm A, the result is obtained in the AA part of the alarm report file. If it cannot be found, the user is prompted to fail authentication and the alarm information is not displayed.
在本实施例中,举例而言,维护人员U1的手机上安装有告警阅读程序,在收到告警通知短消息后,使用告警阅读程序读取短消息,告警阅读程序会提示维护人员U1输入密码,如果维护人员U1输入了正确的密码P1,那么告警阅读程序将用户名U1和密码P1组合并使用MD5算法加密,其结果必然是In this embodiment, for example, the maintenance personnel U1 has an alarm reading program installed on the mobile phone. After receiving the short message of the alarm notification, the alarm reading program is used to read the short message, and the alarm reading program prompts the maintenance personnel U1 to input the password. If the maintenance personnel U1 enters the correct password P1, the alarm reader combines the username U1 and the password P1 and encrypts it using the MD5 algorithm. The result is necessarily
11111111111111111111111111111111111111111111111111111111111111
这条内容能够在告警汇报文件的文件头AA中找到,那么告警阅读程序使用秘钥K1对报文体BB进行解密,可以获得告警的原文并进行显示。This content can be found in the file header AA of the alarm report file, and the alarm reading program decrypts the message body BB using the secret key K1, and the original text of the alarm can be obtained and displayed.
如果是没有权限的用户或者输入错误的用户名和密码,比如维护人员U2输入了密码P2,那么告警阅读程序将用户名U2和密码P2组合并使用MD5算法加密,其结果必然是If the user does not have permission or enters the wrong username and password, for example, the maintenance personnel U2 enters the password P2, the alarm reader combines the username U2 and the password P2 and encrypts it using the MD5 algorithm. The result is necessarily
22222222222222222222222222222222222222222222222222222222222222
这条内容不能在告警汇报文件的文件头AA中找到,那么告警阅读程序将提示用户鉴权失败,不显示告警信息。This content cannot be found in the file header AA of the alarm report file, then the alarm reading program will prompt the user to fail authentication and not display the alarm information.
如果是维护人员U1输入了错误的密码P6,那么告警阅读程序将用户名 U1和密码P6组合并使用MD5算法加密,其结果是一个与以前所有的加密出来的都不同的内容,比如If the maintenance personnel U1 has entered the wrong password P6, the alarm reader will give the user name. U1 and password P6 are combined and encrypted using the MD5 algorithm. The result is a different content than all previous encryptions, such as
66666666666666666666666666666666666666666666666666666666666666
这条内容也不能在告警汇报文件的文件头AA中找到,那么告警阅读程序将提示用户鉴权失败,不显示告警信息。This content can not be found in the file header AA of the alarm report file, then the alarm reader will prompt the user to fail authentication and not display the alarm information.
本发明的实施例提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述的告警信息获取方法。Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information acquisition method.
本发明的实施例提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述的告警信息发送方法。Embodiments of the present invention provide a computer readable storage medium storing computer executable instructions that, when executed, implement the above-described alarm information transmitting method.
图5是根据本发明实施例的移动终端的结构框图,如图5所示,该移动终端包括:FIG. 5 is a structural block diagram of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 5, the mobile terminal includes:
接收模块32,设置成接收告警消息;The receiving module 32 is configured to receive an alarm message;
认证模块34,设置成根据用户输入的用户信息在该告警消息中对用户身份进行认证;以及The authentication module 34 is configured to authenticate the user identity in the alarm message according to the user information input by the user;
解密模块36,设置成在认证通过的情况下,解密出该告警消息中携带的已加密的告警信息。The decryption module 36 is configured to decrypt the encrypted alarm information carried in the alarm message when the authentication is passed.
图6是根据本发明实施例的移动终端的结构框图,如图6所示,该认证模块34还包括:FIG. 6 is a structural block diagram of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 6, the authentication module 34 further includes:
判断单元42,设置成判断该用户信息是否存在于该非受限用户信息清单中;在判断该用户信息存在于该非受限用户信息清单中的情况下确定认证通过。The determining unit 42 is configured to determine whether the user information exists in the unrestricted user information list; and determine that the authentication is passed if it is determined that the user information exists in the unrestricted user information list.
如图7所示,根据本发明另一实施例的告警信息发送装置,该告警信息发送装置包括:As shown in FIG. 7, an alarm information transmitting apparatus according to another embodiment of the present invention includes:
发送模块56,设置成发送告警消息,其中,该告警消息中携带有已加密的告警信息以及用于对用户身份进行认证的用户信息,该认证的用户信息为认证是否通过的判断依据,该认证是否通过为是否能够解密该告警消息的依据。 The sending module 56 is configured to send an alarm message, where the alarm message carries the encrypted alarm information and user information used for authenticating the user identity, and the authenticated user information is a judgment basis for whether the authentication passes, and the authentication Whether to pass the basis for whether the alarm message can be decrypted.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于随机存取存储器(RAM,Random Access Memory)、只读存储器(ROM,Read-Only Memory)、电可擦除只读存储器(EEPROM,Electrically Erasable Programmable Read-only Memory)、闪存或其他存储器技术、光盘只读存储器(CD-ROM,Compact Disc Read-Only Memory)、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components work together. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media. Computer storage media include, but are not limited to, Random Access Memory (RAM), Read-Only Memory (ROM), and Electrically Erasable Programmable Read-only Memory (EEPROM). Flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical disc storage, magnetic cassette, magnetic tape, disk storage or other magnetic storage device, or Any other medium used to store the desired information and that can be accessed by the computer. Moreover, it is well known to those skilled in the art that communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
本领域的普通技术人员可以理解,可以对本公开的技术方案进行修改或者等同替换,而不脱离本公开技术方案的精神和范围,均应涵盖在本公开的权利要求范围当中。A person skilled in the art can understand that the technical solutions of the present disclosure may be modified or equivalent, without departing from the spirit and scope of the present disclosure, and should be included in the scope of the claims of the present disclosure.
工业实用性Industrial applicability
本发明的实施例提供了移动终端、告警信息获取、告警信息发送方法及装置,采用根据用户信息在该告警消息对用户身份进行认证,在认证通过的情况下解密出该告警消息中携带的已加密的告警信息的技术方案,更安全地获取网管告警信息。 The embodiment of the present invention provides a mobile terminal, an alarm information acquisition method, and an alarm information transmission method and device, which use the alarm information to authenticate the user identity according to the user information, and decrypt the information carried in the alarm message when the authentication is passed. The technical solution of the encrypted alarm information is used to obtain the network management alarm information more securely.

Claims (16)

  1. 一种告警信息获取方法,包括:A method for acquiring alarm information includes:
    接收告警消息;Receiving an alarm message;
    根据用户输入的用户信息在所述告警消息中对用户身份进行认证;User identity is authenticated in the alarm message according to user information input by the user;
    在认证通过的情况下,解密出所述告警消息中携带的已加密的告警信息。In the case that the authentication is passed, the encrypted alarm information carried in the alarm message is decrypted.
  2. 根据权利要求1中所述的方法,其中,所述根据用户输入的用户信息在所述告警消息中对用户身份进行认证包括:The method according to claim 1, wherein the authenticating the user identity in the alarm message according to the user information input by the user comprises:
    判断所述用户信息是否存在于所述非受限用户信息清单中;Determining whether the user information exists in the unrestricted user information list;
    在判断所述用户信息存在于所述非受限用户信息清单中的情况下确定认证通过。The authentication is determined to be determined in the case where it is judged that the user information exists in the unrestricted user information list.
  3. 根据权利要求2中所述的方法,其中,所述判断所述用户信息是否存在于所述非受限用户信息清单中包括:The method according to claim 2, wherein the determining whether the user information exists in the unrestricted user information list comprises:
    对用户输入的所述用户信息进行加密;Encrypting the user information input by the user;
    判断加密后的用户信息是否存在于所述非受限用户信息清单中。It is determined whether the encrypted user information exists in the unrestricted user information list.
  4. 根据权利要求3中所述的方法,其中,所述对用户输入的所述用户信息进行加密包括:The method of claim 3 wherein said encrypting said user information entered by a user comprises:
    通过非可逆加密的方式对所述用户信息进行加密。The user information is encrypted by means of non-reversible encryption.
  5. 根据权利要求2中所述的方法,其中,所述告警消息包括认证标志、或内容标志、或认证标志与内容标志,所述认证消息、或内容标志、或认证标志与内容标志用于区分所述告警消息中携带的所述非受限用户信息清单和所述告警信息。The method according to claim 2, wherein said alert message comprises an authentication flag, or a content flag, or an authentication flag and a content flag, said authentication message, or content flag, or authentication flag and content flag are used to distinguish The unrestricted user information list and the alarm information carried in the alarm message.
  6. 根据权利要求5中所述的方法,其中,The method according to claim 5, wherein
    在所述告警消息包括所述认证标志的情况下,所述认证标志包括所述非受限用户信息清单的起始标记和所述非受限用户信息清单的长度;In the case that the alarm message includes the authentication flag, the authentication flag includes a start tag of the unrestricted user information list and a length of the unrestricted user information list;
    在所述告警消息包括所述内容标志的情况下,所述内容标志包括所述告警信息的起始标记和所述告警信息的长度。In the case that the alarm message includes the content flag, the content flag includes a start tag of the alarm information and a length of the alarm information.
  7. 根据权利要求1中所述的方法,其中,所述解密出所述告警消息中携 带的已加密的告警信息包括:The method of claim 1 wherein said decrypting out said alert message carries The encrypted alarm information with the following includes:
    获取用于解密所述告警信息的秘钥;Obtaining a secret key for decrypting the alarm information;
    通过所述秘钥解密出所述告警消息中携带的已加密的告警信息。The encrypted alarm information carried in the alarm message is decrypted by the secret key.
  8. 根据权利要求1中所述的方法,其中,所述用户信息包括:用户名及所述用户名对应的密码。The method according to claim 1, wherein said user information comprises: a username and a password corresponding to said username.
  9. 一种告警信息发送方法,包括:A method for sending alarm information includes:
    发送告警消息,其中,所述告警消息中携带有已加密的告警信息以及用于对用户身份进行认证的用户信息,所述认证的用户信息为认证是否通过的判断依据,所述认证是否通过为是否能够解密所述告警消息的依据。Sending an alarm message, where the alarm message carries the encrypted alarm information and the user information for authenticating the user identity, and the authenticated user information is a judgment basis for whether the authentication is passed, and whether the authentication is passed Whether the basis of the alarm message can be decrypted.
  10. 根据权利要求9中所述的方法,其中,所述告警消息携带加密的非受限用户信息清单,所述告警消息包括认证标志、或内容标志、或认证标志与内容标志,所述认证消息、或内容标志、或认证标志与内容标志用于区分所述告警消息中携带的所述非受限用户信息清单和所述告警信息。The method according to claim 9, wherein the alarm message carries an encrypted list of unrestricted user information, the alarm message comprising an authentication mark, or a content mark, or an authentication mark and a content mark, the authentication message, Or the content identifier, or the authentication identifier and the content identifier, are used to distinguish the unrestricted user information list and the alarm information carried in the alarm message.
  11. 根据权利要求10中所述的方法,其中,The method according to claim 10, wherein
    在所述告警消息包括所述认证标志的情况下,所述认证标志包括所述非受限用户信息清单的起始标记和所述非受限用户信息清单的长度;In the case that the alarm message includes the authentication flag, the authentication flag includes a start tag of the unrestricted user information list and a length of the unrestricted user information list;
    在所述告警消息包括所述内容标志的情况下,所述内容标志包括所述告警信息的起始标记和所述告警信息的长度。In the case that the alarm message includes the content flag, the content flag includes a start tag of the alarm information and a length of the alarm information.
  12. 一种移动终端,包括:A mobile terminal includes:
    接收模块,设置成接收告警消息;a receiving module, configured to receive an alarm message;
    认证模块,设置成根据用户输入的用户信息在所述告警消息中对用户身份进行认证;The authentication module is configured to authenticate the user identity in the alarm message according to the user information input by the user;
    解密模块,设置成在认证通过的情况下,解密出所述告警消息中携带的已加密的告警信息。The decryption module is configured to decrypt the encrypted alarm information carried in the alarm message when the authentication is passed.
  13. 根据权利要求12中所述的移动终端,所述认证模块包括:The mobile terminal according to claim 12, wherein the authentication module comprises:
    判断单元,设置成判断所述用户信息是否存在于所述非受限用户信息清单中;在判断所述用户信息存在于所述非受限用户信息清单中的情况下,确 定认证通过。a determining unit, configured to determine whether the user information exists in the unrestricted user information list; and in the case of determining that the user information exists in the unrestricted user information list, Pass the certification.
  14. 一种告警信息发送装置,包括:An alarm information sending device includes:
    发送模块,设置成发送告警消息,其中,所述告警消息中携带有已加密的告警信息以及用于对用户身份进行认证的用户信息,所述认证的用户信息为认证是否通过的判断依据,所述认证是否通过为是否能够解密所述告警消息的依据。The sending module is configured to send an alarm message, where the alarm message carries the encrypted alarm information and the user information used to authenticate the user identity, and the authenticated user information is a judgment basis for whether the authentication is passed. Whether the authentication passes is the basis for whether the alarm message can be decrypted.
  15. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现权利要求1所述的告警信息获取方法。A computer readable storage medium storing computer executable instructions that, when executed, implement the alarm information acquisition method of claim 1.
  16. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现权利要求9所述的告警信息发送方法。 A computer readable storage medium storing computer executable instructions that, when executed, implement the alarm information transmitting method of claim 9.
PCT/CN2017/117661 2016-12-30 2017-12-21 Mobile terminal, alarm information acquisition and sending method and device WO2018121394A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611262148.8A CN108270601B (en) 2016-12-30 2016-12-30 Mobile terminal, alarm information acquisition method and device and alarm information sending method and device
CN201611262148.8 2016-12-30

Publications (1)

Publication Number Publication Date
WO2018121394A1 true WO2018121394A1 (en) 2018-07-05

Family

ID=62710832

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/117661 WO2018121394A1 (en) 2016-12-30 2017-12-21 Mobile terminal, alarm information acquisition and sending method and device

Country Status (2)

Country Link
CN (1) CN108270601B (en)
WO (1) WO2018121394A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389939A (en) * 2021-12-31 2022-04-22 烽火通信科技股份有限公司 Method and device for calculating switching reason and state based on random alarm signal

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111767529A (en) * 2020-05-18 2020-10-13 广州视源电子科技股份有限公司 File encryption method, file decryption method, storage medium and electronic device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413456A (en) * 2011-09-02 2012-04-11 中国电信股份有限公司 User terminal anti-theft method, user terminal anti-theft device and user terminal anti-theft system based on operation network
CN102571347A (en) * 2011-12-16 2012-07-11 华为技术有限公司 Method and device for checking field replaceable unit, and communication equipment
CN205121847U (en) * 2015-04-08 2016-03-30 鹰潭嘉坤云计算科技有限公司 Monitor terminal of fire alarm information

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100388684C (en) * 2005-01-26 2008-05-14 华为技术有限公司 Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network
CN101068164A (en) * 2007-06-28 2007-11-07 华为技术有限公司 Alarm information noticing method, device and system
JP2009053807A (en) * 2007-08-24 2009-03-12 Fuji Xerox Co Ltd Information processor, authentication information management method, and program
CN102149092A (en) * 2011-01-28 2011-08-10 中国联合网络通信集团有限公司 Method and device for processing user illegal access
CN102195991A (en) * 2011-06-28 2011-09-21 辽宁国兴科技有限公司 Terminal security management and authentication method and system
US8639223B1 (en) * 2011-06-29 2014-01-28 Cellco Partnership Interest-based intelligent mobile messaging service alerts subscription model
CN104883234A (en) * 2014-07-16 2015-09-02 北京华辰泽众信息科技有限公司 Warning information publishing terminal
CN105490839B (en) * 2015-11-25 2018-11-27 山东中创软件商用中间件股份有限公司 A kind of alarm method and device of website data safety
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413456A (en) * 2011-09-02 2012-04-11 中国电信股份有限公司 User terminal anti-theft method, user terminal anti-theft device and user terminal anti-theft system based on operation network
CN102571347A (en) * 2011-12-16 2012-07-11 华为技术有限公司 Method and device for checking field replaceable unit, and communication equipment
CN205121847U (en) * 2015-04-08 2016-03-30 鹰潭嘉坤云计算科技有限公司 Monitor terminal of fire alarm information

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389939A (en) * 2021-12-31 2022-04-22 烽火通信科技股份有限公司 Method and device for calculating switching reason and state based on random alarm signal
CN114389939B (en) * 2021-12-31 2023-05-16 烽火通信科技股份有限公司 Method and device for calculating switching reason and state based on random alarm signal

Also Published As

Publication number Publication date
CN108270601A (en) 2018-07-10
CN108270601B (en) 2023-04-25

Similar Documents

Publication Publication Date Title
CN108737430B (en) Encryption communication method and system for block chain node
CN108768630B (en) Encryption communication method and system for block chain node
US10554420B2 (en) Wireless connections to a wireless access point
JP5860815B2 (en) System and method for enforcing computer policy
US9847882B2 (en) Multiple factor authentication in an identity certificate service
CN105103119B (en) Data security service system
US9542568B2 (en) Systems and methods for enforcing third party oversight of data anonymization
CN110798315B (en) Data processing method and device based on block chain and terminal
US9094823B2 (en) Data processing for securing local resources in a mobile device
KR101754308B1 (en) Method for management sensitive data of mobile and escrow server for performing the method
WO2020000786A1 (en) Voting method and apparatus, and computer device and computer readable storage medium
US20120017095A1 (en) Software Service for Encrypting and Decrypting Data
US10333930B2 (en) System and method for transparent multi-factor authentication and security posture checking
US9215070B2 (en) Method for the cryptographic protection of an application
US20140351924A1 (en) Method and system for providing limited secure access to sensitive data
CN111274578A (en) Data safety protection system and method for video monitoring system
CN115277168B (en) Method, device and system for accessing server
WO2018121394A1 (en) Mobile terminal, alarm information acquisition and sending method and device
CN113868684A (en) Signature method, device, server, medium and signature system
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN114070571B (en) Method, device, terminal and storage medium for establishing connection
CN113098899B (en) Intangible asset protection method, device and computer readable medium
KR20110128371A (en) Mobile authentication system and central control system, and the method of operating them for mobile clients
US20210306306A1 (en) Method and system for secure communication
TWI807041B (en) Message processing device, message processing method, message processing program, and message processing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17886927

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17886927

Country of ref document: EP

Kind code of ref document: A1