Nothing Special   »   [go: up one dir, main page]

CN107241356A - A kind of network equipment legality identification method - Google Patents

A kind of network equipment legality identification method Download PDF

Info

Publication number
CN107241356A
CN107241356A CN201710606754.5A CN201710606754A CN107241356A CN 107241356 A CN107241356 A CN 107241356A CN 201710606754 A CN201710606754 A CN 201710606754A CN 107241356 A CN107241356 A CN 107241356A
Authority
CN
China
Prior art keywords
network
identification code
equipment
network identification
network equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710606754.5A
Other languages
Chinese (zh)
Other versions
CN107241356B (en
Inventor
唐秀存
王子纲
宛海宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Jiangnan Computing Technology Institute
Original Assignee
Wuxi Jiangnan Computing Technology Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Jiangnan Computing Technology Institute filed Critical Wuxi Jiangnan Computing Technology Institute
Priority to CN201710606754.5A priority Critical patent/CN107241356B/en
Publication of CN107241356A publication Critical patent/CN107241356A/en
Application granted granted Critical
Publication of CN107241356B publication Critical patent/CN107241356B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a kind of network equipment legality identification method, comprises the following steps:S101, credible root device is set up, be responsible for distribution/renewal network identification code to the first order legitimate network equipment;S102, set up a legal network equipment hierarchical relationship;When S103, two network device communications, the network identification code legitimacy to determine other side whether identical with oneself of other side is verified, whom verification method be accessed the principle of whose checking using;S104, the network identification code renewal frequency according to setting, when needing to update network identification code, credible root device is initiated, and classification successively updates network identification code.The legitimacy of communication equipment is determined by its parent device in the present invention, once the equipment is deleted from its parent device, the equipment will can not obtain legal network identification code as stand-alone device;There is no password/certificate storage, in the absence of the situation of leakage.

Description

A kind of network equipment legality identification method
Technical field
The present invention relates to computer communication technology field, more particularly to a kind of network equipment legality identification method.
Background technology
In a network system, it is understood that there may be the different network equipments, the legitimacy of a network equipment how is determined. Traditional method is as follows:First, using account/Number for access and password, as long as the equipment possesses the account and password of access, then it is assumed that The equipment is legal;2nd, using SSL two-way authentications, as long as possessing legal certificate, then it is assumed that legal equipment.But, above-mentioned side Method can not exclude non-when the equipment access of illegality equipment legal identity, such as Number for access/password leakage, or SSL certificate are leaked Method equipment is possible to normally enter in network system, menace network safety.
The content of the invention
It is an object of the invention to by a kind of network equipment legality identification method, to solve background section above The problem of mentioning.
For up to this purpose, the present invention uses following technical scheme:
A kind of network equipment legality identification method, this method comprises the following steps:
S101, credible root device is set up, be responsible for first order legitimate network equipment, and be responsible for distribution/renewal network mark Code is known to the first order legitimate network equipment;
S102, a legal network equipment hierarchical relationship is set up, the network equipment hierarchical relationship is as follows:It is each legal The network equipment has a parent device and manages some sub- equipment, and sub- equipment obtains network identification code from parent device;
When S103, two network device communications, verify whether the network identification code of other side is identical with oneself and determine other side Legitimacy, verification method using who be accessed who checking principle;
S104, the network identification code renewal frequency according to setting, when needing to update network identification code, credible root device hair Rise, classification successively updates network identification code.
Especially, credible root device is initiated in the step S104, and classification successively updates network identification code, specifically includes: Credible root device distributes the network identification code after updating to first order legitimate network equipment, and first order legitimate network equipment is each to its From the distribution of sub- equipment update after network identification code, the like, until all-network equipment completes network identification code more Newly.
Especially, the network identification code renewal frequency default setting is one week.
Network equipment legality identification method proposed by the present invention solves the legal sex chromosome mosaicism of communication equipment, communication equipment Legitimacy determine that, once the equipment is deleted from its parent device, the equipment will can not as stand-alone device by its parent device Obtain legal network identification code;Network identification code automatic dynamic is changed, and changes non-in primary network equivalent to removing every time Method equipment;There is no password/certificate storage, in the absence of the situation of leakage.The present invention carries out legitimacy classification using network identification code Certification, and network identification code is controllable, sets renewal frequency, regularly updates.
Brief description of the drawings
Fig. 1 is network equipment legality identification method flow chart provided in an embodiment of the present invention.
Embodiment
The invention will be further described with reference to the accompanying drawings and examples.It is understood that tool described herein Body embodiment is used only for explaining the present invention, rather than limitation of the invention.It also should be noted that, for the ease of retouching State, part related to the present invention rather than full content are illustrate only in accompanying drawing, it is unless otherwise defined, used herein all Technology and scientific terminology are identical with belonging to the implication that the those skilled in the art of the present invention are generally understood that.It is used herein Term be intended merely to describe specific embodiment, it is not intended that in limitation the present invention.
It refer to shown in Fig. 1, Fig. 1 is network equipment legality identification method flow chart provided in an embodiment of the present invention.
Network equipment legality identification method comprises the following steps in the present embodiment:
S101, credible root device is set up, be responsible for first order legitimate network equipment, and be responsible for distribution/renewal network mark Code is known to the first order legitimate network equipment.
S102, a legal network equipment hierarchical relationship is set up, the network equipment hierarchical relationship is as follows:It is each legal The network equipment has a parent device and manages some sub- equipment, and sub- equipment obtains network identification code from parent device.
When S103, two network device communications, verify whether the network identification code of other side is identical with oneself and determine other side Legitimacy, verification method using who be accessed who checking principle.
S104, the network identification code renewal frequency according to setting, when needing to update network identification code, credible root device hair Rise, classification successively updates network identification code.Credible root device described in the present embodiment is initiated, and classification successively updates network identity Code, is specifically included:Credible root device distributes the network identification code after updating, the legal net of the first order to first order legitimate network equipment Network equipment distributes the network identification code after updating to its respective sub- equipment, the like, until all-network equipment is completed Network identification code updates.The network identification code renewal frequency default setting is one week, but is not limited to this, according to practical application Difference can set the replacement frequency of different network identification codes.
Below to equipment generation network identification code, parent device, sub- equipment intercommunication, the implementation of checking, briefly It is described as follows:First, parent device, the definition of sub- communication between devices agreement:1st, IDP (trusted identity indentification protocol) is based on HTTP (s) On the basis of, client is indicated using IP address as the identity of itself;2nd, network identification code is obtained;3rd, parameter is a random number (MD5 (Code (network identification code)+Random+timestamp (YYYY-MM-DD HH:MM)), Random), returning result For true, user registers this equipment ip before creating communication linkage.4th, parameter ip is counterpart device ip addresses, is local or this group the Tripartite's application provides the legitimacy of checking IP address.2nd, parent device, sub- equipment communication:1st, parent device (being set to P) is set from higher level It is standby/or from produce a network identification code;2nd, equipment P adds the IP address of sub- equipment (being set to A) and sub- equipment (being set to B);3、 The interface of device A and equipment B difference access equipment P, obtains network identification code, and device A is with the network identification code+random of oneself + timestamp generation MD5 (identifying S1);4th, device A asks summation device B to set up before communication, device A access equipment B, equipment B Whether it is equal to S2 such as with the network identification code+random+timestamp generation MD5 (identifying S2) of oneself, equipment B checkings S1 Fruit is not equal to, then returns to false;5th, for equipment B application, device A verifies whether its IP is legal, if legal, allows Link, otherwise refuses.
Technical scheme solves the legal sex chromosome mosaicism of communication equipment, and the legitimacy of communication equipment is by its parent device It is determined that, once the equipment is deleted from its parent device, the equipment will can not obtain legal network identity as stand-alone device Code;Network identification code automatic dynamic is changed, and is changed every time equivalent to the illegality equipment removed in primary network;There is no password/card Book is stored, in the absence of the situation of leakage.The present invention carries out legitimacy classification certification, and network identification code using network identification code It is controllable, renewal frequency is set, is regularly updated.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment, it can be by Computer program instructs the hardware of correlation to complete, and described program can be stored in a computer read/write memory medium, The program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can for magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for those skilled in the art For, the present invention can have various changes and change.It is all any modifications made within spirit and principles of the present invention, equivalent Replace, improve etc., it should be included in the scope of the protection.

Claims (3)

1. a kind of network equipment legality identification method, it is characterised in that comprise the following steps:
S101, credible root device is set up, be responsible for first order legitimate network equipment, and be responsible for distribution/renewal network identification code To the first order legitimate network equipment;
S102, a legal network equipment hierarchical relationship is set up, the network equipment hierarchical relationship is as follows:Each legitimate network Equipment has a parent device and manages some sub- equipment, and sub- equipment obtains network identification code from parent device;
When S103, two network device communications, the network identification code conjunction to determine other side whether identical with oneself of other side is verified Whom method, verification method be accessed the principle of whose checking using;
S104, the network identification code renewal frequency according to setting, when needing to update network identification code, credible root device is initiated, Classification successively updates network identification code.
2. network equipment legality identification method according to claim 1, it is characterised in that credible in the step S104 Root device is initiated, and classification successively updates network identification code, specifically includes:Credible root device is distributed to first order legitimate network equipment Network identification code after renewal, first order legitimate network equipment distributes the network identification code after updating to its respective sub- equipment, The like, until all-network equipment completes network identification code renewal.
3. network equipment legality identification method according to claim 1, it is characterised in that the network identification code updates Frequency default setting is one week.
CN201710606754.5A 2017-07-24 2017-07-24 Network equipment validity verification method Active CN107241356B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710606754.5A CN107241356B (en) 2017-07-24 2017-07-24 Network equipment validity verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710606754.5A CN107241356B (en) 2017-07-24 2017-07-24 Network equipment validity verification method

Publications (2)

Publication Number Publication Date
CN107241356A true CN107241356A (en) 2017-10-10
CN107241356B CN107241356B (en) 2020-08-14

Family

ID=59989665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710606754.5A Active CN107241356B (en) 2017-07-24 2017-07-24 Network equipment validity verification method

Country Status (1)

Country Link
CN (1) CN107241356B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021091490A1 (en) * 2019-11-05 2021-05-14 Envision Digital International Pte. Ltd. Method and apparatus for managing iot device, and server and storage medium thereof
CN113543128A (en) * 2020-04-09 2021-10-22 中国移动通信有限公司研究院 Method, apparatus and computer readable storage medium for secure synchronization between access devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1267515A2 (en) * 2000-01-21 2002-12-18 Sony Corporation Method and apparatus for symmetric encryption/decryption of recorded data
CN102918922A (en) * 2011-05-31 2013-02-06 华为技术有限公司 Data transmission method, stream distribution node device, user equipment and system
CN105393565A (en) * 2013-05-21 2016-03-09 阿尔卡特朗讯公司 Method of device discovery for device-to-device communication in a telecommunication network, user equipment device and computer program product
CN105812343A (en) * 2014-12-31 2016-07-27 中兴通讯股份有限公司 Wearable service authentication method, cloud platform, wearable device and terminal
CN106027571A (en) * 2016-07-21 2016-10-12 曹蕊 Network security method and network security server applied in cluster

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1267515A2 (en) * 2000-01-21 2002-12-18 Sony Corporation Method and apparatus for symmetric encryption/decryption of recorded data
CN102918922A (en) * 2011-05-31 2013-02-06 华为技术有限公司 Data transmission method, stream distribution node device, user equipment and system
CN105393565A (en) * 2013-05-21 2016-03-09 阿尔卡特朗讯公司 Method of device discovery for device-to-device communication in a telecommunication network, user equipment device and computer program product
CN105812343A (en) * 2014-12-31 2016-07-27 中兴通讯股份有限公司 Wearable service authentication method, cloud platform, wearable device and terminal
CN106027571A (en) * 2016-07-21 2016-10-12 曹蕊 Network security method and network security server applied in cluster

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021091490A1 (en) * 2019-11-05 2021-05-14 Envision Digital International Pte. Ltd. Method and apparatus for managing iot device, and server and storage medium thereof
CN113543128A (en) * 2020-04-09 2021-10-22 中国移动通信有限公司研究院 Method, apparatus and computer readable storage medium for secure synchronization between access devices

Also Published As

Publication number Publication date
CN107241356B (en) 2020-08-14

Similar Documents

Publication Publication Date Title
CN104901931B (en) certificate management method and device
CN107426165B (en) Bidirectional secure cloud storage data integrity detection method supporting key updating
CN103268460B (en) A kind of cloud integrity of data stored verification method
CN107483509A (en) A kind of auth method, server and readable storage medium storing program for executing
MX2019010625A (en) Core network access provider.
CN107395557A (en) A kind of processing method and processing device of service request
CN107276765A (en) The processing method and processing device known together in block chain
CN112152778B (en) Node management method and device and electronic equipment
CN112069550B (en) Electronic contract evidence-storing system based on intelligent contract mode
CN105072108B (en) Transmission method, the apparatus and system of user information
CN104363207A (en) Multi-factor security enhancement authorization and authentication method
CN102823217A (en) Certificate authority
CN109257365A (en) A kind of information processing method, device, equipment and storage medium
KR101586439B1 (en) User data integrity verification method and apparatus capable of guaranteeing privacy
CN111835526A (en) Method and system for generating anonymous voucher
CN110826052A (en) Method and device for protecting server password security
US9202038B1 (en) Risk based authentication
CN107241356A (en) A kind of network equipment legality identification method
CN104506557A (en) Method and device for managing login information
CN104170351B (en) System for the deployment of the communication terminal in cloud computing system
CN112148280A (en) Block chain-based data evidence storage service templated development method
CN111177265A (en) Block chain domain division method
CN104270368A (en) Authentication method, authentication server and authentication system
CN113438082A (en) Database access method, device, equipment and storage medium
CN111597584B (en) Privacy protection and data sharing method, device and equipment based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant