CN103731422A - Trusted access method and device of network device - Google Patents
Trusted access method and device of network device Download PDFInfo
- Publication number
- CN103731422A CN103731422A CN201310714389.1A CN201310714389A CN103731422A CN 103731422 A CN103731422 A CN 103731422A CN 201310714389 A CN201310714389 A CN 201310714389A CN 103731422 A CN103731422 A CN 103731422A
- Authority
- CN
- China
- Prior art keywords
- network equipment
- course
- described network
- authorization information
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a trusted access method of a network device. The trusted access method includes the step of (1) verifying the starting process of the network device, and when the starting process of the network device meets preset requirements, allowing the network device to complete starting to enable the network device to have access to a network. Correspondingly, the invention further provides a trusted access device of the network device. According to the trusted access method and device of the network device, the starting process of the network device can be verified to guarantee the trusted degree of the network device having access to the network, and when the starting process of the network device does not meet the expectation, the network device is refused to have access to the network.
Description
Technical field
The present invention relates to network security technology field, relate in particular to a kind of trusted access method and device of the network equipment.
Background technology
Along with the development of network technology, network security also more and more receives people's concern, and building a believable network architecture is a problem demanding prompt solution.The chief component of a network architecture can be divided into the network equipment and user terminal.
The research of existing trusted network architecture, mainly in the credibility of guaranteeing user terminal, only from the angle of user terminal, thinks that user terminal is the source of network security problem.But in whole network, the network equipment can be subjected to attack, invasion etc. equally.Information, before sending to destination from user terminal, need to, through storage, the forwarding of a large amount of network equipments, if the network equipment exists hidden danger, may cause information be stolen or distort, or the problem such as the loss of information.
Therefore, need to provide a kind of method to guarantee to join the network equipment in network as believable, safe.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of trusted access method and device of the network equipment, can guarantee to be linked into the network equipment in network as believable, safe.
For achieving the above object, the invention provides a kind of trusted access method of the network equipment, the trusted access method of the described network equipment comprises:
The start-up course of S1, the checking network equipment, when the start-up course of the described network equipment meets preset requirement, allows the described network equipment to complete and starts so that described network equipment connecting network.
Preferably, before described S1, also comprise:
S01, start-up course authorization information default in trusted root server is sent to the described network equipment;
Described S1 comprises:
S11, in the start-up course of the described network equipment, obtain the start-up course characteristic information of the described network equipment;
S12, the start-up course characteristic information of the described network equipment and described start-up course authorization information are contrasted, if described start-up course characteristic information mates with described start-up course authorization information, allow the described network equipment to complete and start so that described network equipment connecting network; If described start-up course characteristic information does not mate with described start-up course authorization information, stop the startup of the described network equipment to refuse described network equipment connecting network.
Preferably, described S01 comprises:
S011, obtain the log-on message of the described network equipment;
S012, judge in log-on message pre-stored in described trusted root server whether have the log-on message matching with the log-on message of the described network equipment, if exist, by trusted root server, the start-up course authorization information setting in advance be sent to the described network equipment; If do not exist, refuse the registration of the described network equipment.
Preferably, described S011 comprises:
S0111, the described network equipment send application for registration to described trusted root server;
S0112, described trusted root server send Registry according to described application for registration to the described network equipment;
S0113, the described network equipment send described log-on message according to described Registry to described trusted root server.
Preferably, the start-up course authorization information setting in advance described in comprises: the Power-On Self-Test authorization information, boot authorization information, operating system authorization information and the configuration file authorization information that set in advance;
The start-up course characteristic information of the described network equipment comprises: Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information in described network equipment start-up course.
Preferably, before described S1, also comprise:
S021, starting in described network equipment process, when the described network equipment lacks startup file, the described network equipment is downloaded application to described trusted root server Transmit message;
S022, described trusted root server download application according to described file and check in pre-stored startup file, whether there is the startup file mating with the described network equipment, if have, the startup file mating with the described network equipment is sent to the described network equipment so that the described network equipment continues start-up course; Otherwise, stop the startup of this network equipment.
Correspondingly, the present invention also provides a kind of credible access device of the network equipment, the credible access device of the described network equipment comprises authentication unit, for verifying the start-up course of the network equipment, and when the start-up course of the described network equipment meets preset requirement, described authentication unit allows the described network equipment to complete startup so that described network equipment connecting network.
Preferably, the credible access device of the described network equipment also comprises: authorization information transmitting element, for start-up course authorization information default trusted root server is sent to the described network equipment;
Described authentication unit comprises:
Characteristic information obtains subelement, for obtain the start-up course characteristic information of the described network equipment in the start-up course of the described network equipment;
The first contrast subunit, be used for receiving described start-up course authorization information, and the start-up course characteristic information of the described network equipment and described start-up course authorization information are contrasted, if described start-up course characteristic information mates with described start-up course authorization information, allow described equipment to complete and start so that described network equipment connecting network; If described start-up course characteristic information does not mate with described start-up course authorization information, stop the startup of the described network equipment to refuse described network equipment connecting network.
Preferably, described authorization information transmitting element comprises:
Log-on message obtains subelement, for obtaining the log-on message of the described network equipment;
The second contrast subunit, for judging in the pre-stored log-on message of described trusted root server whether have the log-on message matching with the log-on message of the described network equipment, if exist, described the second contrast subunit is sent to the described network equipment at server end by the start-up course authorization information setting in advance; If do not exist, described the second contrast subunit is refused the registration of the described network equipment.
Preferably, described log-on message obtains subelement and comprises:
Application for registration module, for sending application for registration at described network equipment end to described trusted root server;
Registry feedback module, for sending Registry according to described application for registration to the described network equipment at described trusted root server end;
Log-on message sending module, for sending described log-on message according to described Registry to described trusted root server at described network equipment end.
Preferably, the start-up course authorization information setting in advance described in comprises: the Power-On Self-Test authorization information, boot authorization information, operating system authorization information and the configuration file authorization information that set in advance;
The start-up course characteristic information of the described network equipment comprises: Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information in described network equipment start-up course.
Preferably, the credible access device of the described network equipment also comprises:
Startup file query unit, for starting described network equipment process, when the described network equipment lacks startup file, the described network equipment is downloaded application to described trusted root server Transmit message;
Startup file download unit, for downloading application at described trusted root server end according to described file, check whether pre-stored startup file exists the startup file mating with the described network equipment, if have, the startup file mating with the described network equipment is sent to the described network equipment so that the described network equipment continues start-up course; Otherwise, stop the startup of this network equipment.
Can find out, the present invention can pass through the start-up course of the checking network equipment with the confidence level of the network equipment of assurance access network, when the start-up course of the network equipment does not meet expection, refuses its access network.Meanwhile, the present invention can also verify the log-on message of the network equipment in advance, further to guarantee the confidence level of the network equipment.And the present invention can also remedy the start-up course of the network equipment, and can in remedial procedures, further verify that whether the network equipment is credible.
Accompanying drawing explanation
Accompanying drawing is to be used to provide a further understanding of the present invention, and forms a part for specification, is used from explanation the present invention, but is not construed as limiting the invention with embodiment one below.In the accompanying drawings:
Fig. 1 is the flow chart of the trusted access method of the network equipment provided by the present invention;
Fig. 2 is another flow chart of the trusted access method of the network equipment provided by the present invention;
Fig. 3 is S01 particular flow sheet in method provided by the present invention;
Fig. 4 is S011 particular flow sheet in method provided by the present invention;
Fig. 5 is a flow chart again of the trusted access method of the network equipment provided by the present invention;
Fig. 6 is the credible access device topology example figure of the network equipment provided by the present invention;
Fig. 7 is authorization information transmitting element topology example figure provided by the present invention;
Fig. 8 is startup file query unit provided by the present invention and startup file download unit topology example figure.
Description of reference numerals
10-authentication unit; 11-characteristic information obtains subelement; 12-the first contrast subunit; 20-authorization information transmitting element; 21-log-on message obtains subelement; 22-the second contrast subunit; 211-application for registration module; 212-Registry feedback module; 213-log-on message sending module; 30-startup file query unit; 40-startup file download unit.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is elaborated.Should be understood that, embodiment described herein only, for description and interpretation the present invention, is not limited to the present invention.
As one aspect of the present invention, a kind of trusted access method of the network equipment is provided, can be as shown in Figure 1, the method can comprise:
The start-up course of S1, the checking network equipment, when the start-up course of the described network equipment meets preset requirement, allows the described network equipment to complete and starts so that described network equipment connecting network.
Particularly, can be in the start-up course of the network equipment, whether the start-up course of the checking network equipment meets preset requirement, if meet, thinks that the network equipment is believable, can make the network equipment normally complete and start and access network; If do not meet, think that the network equipment is incredible, can stop the startup of the network equipment, to refuse the network equipment, add network.
The above-mentioned preset requirement for the start-up course of verifying the network equipment can be set according to actual needs, preferably, can utilize characteristic information in network equipment start-up course to verify the start-up course of the network equipment, can as shown in Figure 2, before S1, can also comprise:
S01, start-up course authorization information default in trusted root server is sent to the described network equipment;
And S1 specifically can comprise:
S11, in the start-up course of the described network equipment, obtain the start-up course characteristic information of the described network equipment;
S12, the start-up course characteristic information of the described network equipment and described start-up course authorization information are contrasted, if described start-up course characteristic information mates with described start-up course authorization information, allow described equipment to complete and start so that described network equipment connecting network; If described start-up course characteristic information does not mate with described start-up course authorization information, stop the startup of the described network equipment to refuse described network equipment connecting network.
Particularly, can in trusted root server, set in advance the start-up course authorization information corresponding with the network equipment, and in advance start-up course authorization information is sent to the network equipment by trusted root server, afterwards in the start-up course of the network equipment, obtain the start-up course characteristic information of the network equipment, and obtained start-up course characteristic information and start-up course authorization information are compared, if the two coupling, think that the start-up course of the network equipment meets the preset requirement described in S1 (thinking that this network equipment is believable), can complete the startup of the network equipment and make this network equipment connecting network, otherwise, think that the start-up course of the network equipment does not meet the preset requirement described in S1 (thinking that this network equipment is incredible), can stop the startup of the network equipment to refuse its access network.
It should be noted that, in said method, can to the network equipment, arrange in advance, make the network equipment in start-up course, can obtain the start-up course characteristic information of the network equipment, and after contrasting with start-up course authorization information, complete and start or stop to start; Or, also can in advance startup execute file be sent to the network equipment by trusted root server, make the network equipment according to this startup execute file, start to obtain the start-up course characteristic information of the network equipment, and after contrasting with start-up course authorization information, complete and start or stop to start.
Further, before trusted root server is sent to the network equipment by start-up course authorization information, can also verify the log-on message of the network equipment, particularly, as shown in Figure 3, S01 can comprise:
S011, obtain the log-on message of the described network equipment;
S012, judge in log-on message pre-stored in described trusted root server whether have the log-on message matching with the log-on message of the described network equipment, if exist, by trusted root server, the start-up course authorization information setting in advance be sent to the described network equipment; If do not exist, refuse the registration of the described network equipment.
, can in trusted root server, store in advance the corresponding log-on message with each network equipment, afterwards, trusted root server obtains the log-on message of the network equipment, and check in pre-stored log-on message, whether there is the log-on message matching with the log-on message of the obtained network equipment, if exist, by the log-on message checking (thinking that the log-on message of this network equipment is credible) of this network equipment, and the start-up course authorization information setting in advance is sent to this network equipment, make this network equipment can carry out follow-up start-up course verification step, if do not exist, refuse the registration (thinking that the log-on message of this network equipment is insincere) of this network equipment, particularly, can to this network equipment, not send start-up course authorization information and carry out follow-up step to refuse this network equipment.
By above-mentioned steps S011 and S012, can, before the start-up course of the checking network equipment, in advance the log-on message of the network equipment be verified, and only allow the believable network equipment of log-on message to carry out the verification step of follow-up start-up course.Adopt aforesaid way, can further guarantee the confidence level of the network equipment.
Further, as shown in Figure 4, in above-mentioned S011, can comprise the steps, to make trusted root server obtain the log-on message of the network equipment:
S0111, the described network equipment send application for registration to described trusted root server;
S0112, described trusted root server send Registry according to described application for registration to the described network equipment;
S0113, the described network equipment send described log-on message according to described Registry to described trusted root server.
Particularly, can first by the network equipment, to trusted root server, send application for registration, afterwards, trusted root server is according to received application for registration, to the network equipment, send corresponding Registry, the network equipment receive after Registry to trusted root server, send Registry in corresponding log-on message, with this, can make trusted root server get the log-on message of the network equipment.
It should be noted that, in said method, can to the network equipment, be configured in advance, the network equipment is sent and log-on message corresponding in Registry receiving after Registry to trusted root server; Or, also can receive after Registry at the network equipment, by relevant log-on message in keeper's filling registration information table of network equipment end, and be sent to trusted root server.
Further, in said method, for the start-up course authorization information of verifying network equipment start-up course, can comprise: the Power-On Self-Test authorization information, boot authorization information, operating system authorization information and the configuration file authorization information that set in advance.Correspondingly, the start-up course characteristic information that the network equipment obtains in start-up course can comprise: Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information in network equipment start-up course.
Particularly, Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information that the Power-On Self-Test authorization information setting in advance, boot authorization information, operating system authorization information and the configuration file authorization information setting in advance can be obtained in start-up course with the network equipment are respectively corresponding.Wherein, Power-On Self-Test authorization information and Power-On Self-Test characteristic information can be the relevant informations of the hardware such as the board that obtains in Power-On Self-Test (Power-on self-test) process of the network equipment, internal memory; Boot authorization information and boot characteristic information can be the relevant informations such as the type, version of network equipment start-up routine while starting; Operating system authorization information and operating system features information can be the relevant informations such as the type, title, version of the operating system of the network equipment; Configuration file authorization information and configuration file characteristic information can be the relevant informations such as the configuration parameter in configuration file.In the start-up course of the S12 checking network equipment, characteristic information in above-mentioned multiple network equipment start-up course is verified accordingly respectively, if wherein having a certain characteristic information and corresponding authorization information does not mate, stop starting, that is, only, when all characteristic information and corresponding authorization information are mated, just think that the network equipment is believable, like this, can further guarantee the fail safe of the network equipment.
In actual applications, can the Hash digest of above-mentioned each start-up course authorization information be sent to the network equipment by trusted root server, meanwhile, can be obtained by the network equipment Hash digest of each start-up course characteristic information, to contrast with the Hash digest of each start-up course authorization information.Utilize the Hash digest of each start-up course authorization information and each start-up course authorization information to carry out the checking of start-up course, may further guarantee reliability and the fail safe of proof procedure.
Further, as shown in Figure 5, before S1, can also comprise:
S021, starting in described network equipment process, when the described network equipment lacks startup file, the described network equipment is downloaded application to described trusted root server Transmit message;
S022, described trusted root server download application according to described file and check in pre-stored startup file, whether there is the startup file mating with the described network equipment, if have, the startup file mating with the described network equipment is sent to the described network equipment, and makes this network equipment continue start-up course; Otherwise, stop the startup of this network equipment.
Particularly, can be in trusted root server pre-stored and startup file (as operating system file and configuration file) that each network equipment is corresponding, in the start-up course of the network equipment, if the network equipment lacks startup file, can download application to trusted root server Transmit message and download corresponding startup file with application, file is downloaded the brand, model, initiating sequence information etc. that in application, can comprise this network equipment.Trusted root server is downloaded application according to received file, checks in pre-stored startup file whether have the startup file mating with this network equipment, if having, startup file is sent to the network equipment so that this network equipment continues start-up course; If no, think that this network equipment is insincere, stop the startup of this network equipment.The mechanism of remedying in the time of can providing a kind of network equipment to start by above-mentioned S021 and S022, that is, when the network equipment lacks startup file, can provide corresponding startup file to guarantee that the network equipment continues to start by trusted root server.Meanwhile, this remedies the machine-processed confidence level that also can further guarantee the network equipment,, if there is not the startup file corresponding with this network equipment in trusted root server, thinks that this network equipment is incredible that is, can stop it and continue to start.
In actual applications, above-mentioned S021 and S022 can be before S1, and carry out after S01.
Be understandable that, in the above-mentioned description that method provided by the present invention is carried out, communication data between trusted root server and the network equipment can adopt existing method to be encrypted, to guarantee the fail safe of communication data between trusted root server and the network equipment.
The above-mentioned description for method provided by the present invention is carried out, can find out, the present invention can pass through the start-up course of the checking network equipment with the confidence level of the network equipment of assurance access network, when the start-up course of the network equipment does not meet expection, refuses its access network.Meanwhile, the present invention can also verify the log-on message of the network equipment in advance, further to guarantee the confidence level of the network equipment.And the present invention can also remedy the start-up course of the network equipment, and can in remedial procedures, further verify that whether the network equipment is credible.
In actual applications, for new application, want the network equipment of access network, can first verify its log-on message, registration by after make the network equipment restart to verify its start-up course.For registering the network equipment passing through, can when starting at every turn, the network equipment verify its start-up course.
As another aspect of the present invention, a kind of credible access device of the network equipment is provided, for realizing the method that the invention described above provides, as shown in Figure 6, the credible access device of this network equipment can comprise authentication unit 10, for verifying the start-up course of the network equipment, and when the start-up course of the described network equipment meets preset requirement, authentication unit 10 allows the described network equipment to complete startup so that described network equipment connecting network.
Further, the credible access device of this network equipment can also comprise: authorization information transmitting element 20, for start-up course authorization information default trusted root server is sent to the described network equipment;
Characteristic information obtains subelement 11, for obtain the start-up course characteristic information of the described network equipment in the start-up course of the described network equipment;
The first contrast subunit 12, be used for receiving described start-up course authorization information, and the start-up course characteristic information of the described network equipment and described start-up course authorization information are contrasted, if described start-up course characteristic information mates with described start-up course authorization information, allow described equipment to complete and start so that described network equipment connecting network; If described start-up course characteristic information does not mate with described start-up course authorization information, stop the startup of the described network equipment to refuse described network equipment connecting network.Particularly, characteristic information obtains subelement 11 and the first contrast subunit 12 can be arranged on network equipment end, the start-up course authorization information that the first contrast subunit 12 can Receipt Validation information transmitting unit 20 sends.
Further, as shown in Figure 7, authorization information transmitting element 20 can comprise:
Log-on message obtains subelement 21, for obtaining the log-on message of the described network equipment;
The second contrast subunit 22, for judging in the pre-stored log-on message of described trusted root server whether have the log-on message matching with the log-on message of the described network equipment, if exist, the second contrast subunit 22 is sent to the described network equipment at server end by the start-up course authorization information setting in advance; If do not exist, the second contrast subunit 22 is refused the registration of the described network equipment.
Further, log-on message obtains subelement 21 and can comprise:
Application for registration module 211, for sending application for registration at described network equipment end to described trusted root server;
Log-on message sending module 213, for sending described log-on message according to described Registry to described trusted root server at described network equipment end.
Particularly, application for registration module 211 and log-on message sending module 213 can be arranged on network equipment end, Registry feedback module 212 and the second contrast subunit 22 can be arranged on trusted root server end, and the second contrast subunit 22 can receive the log-on message that log-on message sending module 213 sends.
Further, the above-mentioned start-up course authorization information setting in advance can comprise: the Power-On Self-Test authorization information, boot authorization information, operating system authorization information and the configuration file authorization information that set in advance;
The start-up course characteristic information of the described network equipment can comprise: Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information in described network equipment start-up course.
Further, as shown in Figure 8, the credible access device of this network equipment can also comprise:
Startup file query unit 30, for starting described network equipment process, when the described network equipment lacks startup file, the described network equipment is downloaded application to described trusted root server Transmit message;
Startup file download unit 40, for downloading application at described trusted root server end according to described file, check whether pre-stored startup file exists the startup file mating with the described network equipment, if have, the startup file mating with the described network equipment is sent to the described network equipment so that the described network equipment continues start-up course; Otherwise, stop the startup of this network equipment.Particularly, startup file query unit 30 can be arranged on network equipment end, and startup file download unit 40 can be arranged on trusted root server end, and startup file download unit 40 can receive the file download application that startup file query unit 30 sends.
Be understandable that, above execution mode is only used to principle of the present invention is described and the illustrative embodiments that adopts, but the present invention is not limited thereto.For those skilled in the art, without departing from the spirit and substance in the present invention, can make various modification and improvement, these modification and improvement are also considered as protection scope of the present invention.
Claims (12)
1. a trusted access method for the network equipment, is characterized in that, the trusted access method of the described network equipment comprises:
The start-up course of S1, the checking network equipment, when the start-up course of the described network equipment meets preset requirement, allows the described network equipment to complete and starts so that described network equipment connecting network.
2. the trusted access method of the network equipment according to claim 1, is characterized in that, before described S1, also comprises:
S01, start-up course authorization information default in trusted root server is sent to the described network equipment;
Described S1 comprises:
S11, in the start-up course of the described network equipment, obtain the start-up course characteristic information of the described network equipment;
S12, the start-up course characteristic information of the described network equipment and described start-up course authorization information are contrasted, if described start-up course characteristic information mates with described start-up course authorization information, allow the described network equipment to complete and start so that described network equipment connecting network; If described start-up course characteristic information does not mate with described start-up course authorization information, stop the startup of the described network equipment to refuse described network equipment connecting network.
3. the trusted access method of the network equipment according to claim 2, is characterized in that, described S01 comprises:
S011, obtain the log-on message of the described network equipment;
S012, judge in log-on message pre-stored in described trusted root server whether have the log-on message matching with the log-on message of the described network equipment, if exist, by trusted root server, the start-up course authorization information setting in advance be sent to the described network equipment; If do not exist, refuse the registration of the described network equipment.
4. the trusted access method of the network equipment according to claim 3, is characterized in that, described S011 comprises:
S0111, the described network equipment send application for registration to described trusted root server;
S0112, described trusted root server send Registry according to described application for registration to the described network equipment;
S0113, the described network equipment send described log-on message according to described Registry to described trusted root server.
5. according to the trusted access method of the network equipment described in any one in claim 2 to 4, it is characterized in that, described in the start-up course authorization information that sets in advance comprise: the Power-On Self-Test authorization information, boot authorization information, operating system authorization information and the configuration file authorization information that set in advance;
The start-up course characteristic information of the described network equipment comprises: Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information in described network equipment start-up course.
6. according to the trusted access method of the network equipment described in any one in claim 1 to 4, it is characterized in that, before described S1, also comprise:
S021, starting in described network equipment process, when the described network equipment lacks startup file, the described network equipment is downloaded application to described trusted root server Transmit message;
S022, described trusted root server download application according to described file and check in pre-stored startup file, whether there is the startup file mating with the described network equipment, if have, the startup file mating with the described network equipment is sent to the described network equipment so that the described network equipment continues start-up course; Otherwise, stop the startup of this network equipment.
7. the credible access device of a network equipment, it is characterized in that, the credible access device of the described network equipment comprises authentication unit, for verifying the start-up course of the network equipment, and when the start-up course of the described network equipment meets preset requirement, described authentication unit allows the described network equipment to complete startup so that described network equipment connecting network.
8. the credible access device of the network equipment according to claim 7, it is characterized in that, the credible access device of the described network equipment also comprises: authorization information transmitting element, for start-up course authorization information default trusted root server is sent to the described network equipment;
Described authentication unit comprises:
Characteristic information obtains subelement, for obtain the start-up course characteristic information of the described network equipment in the start-up course of the described network equipment;
The first contrast subunit, be used for receiving described start-up course authorization information, and the start-up course characteristic information of the described network equipment and described start-up course authorization information are contrasted, if described start-up course characteristic information mates with described start-up course authorization information, allow described equipment to complete and start so that described network equipment connecting network; If described start-up course characteristic information does not mate with described start-up course authorization information, stop the startup of the described network equipment to refuse described network equipment connecting network.
9. the credible access device of the network equipment according to claim 8, is characterized in that, described authorization information transmitting element comprises:
Log-on message obtains subelement, for obtaining the log-on message of the described network equipment;
The second contrast subunit, for judging in the pre-stored log-on message of described trusted root server whether have the log-on message matching with the log-on message of the described network equipment, if exist, described the second contrast subunit is sent to the described network equipment at server end by the start-up course authorization information setting in advance; If do not exist, described the second contrast subunit is refused the registration of the described network equipment.
10. the credible access device of the network equipment according to claim 9, is characterized in that, described log-on message obtains subelement and comprises:
Application for registration module, for sending application for registration at described network equipment end to described trusted root server;
Registry feedback module, for sending Registry according to described application for registration to the described network equipment at described trusted root server end;
Log-on message sending module, for sending described log-on message according to described Registry to described trusted root server at described network equipment end.
The credible access device of the network equipment in 11. according to Claim 8 to 10 described in any one, it is characterized in that, described in the start-up course authorization information that sets in advance comprise: the Power-On Self-Test authorization information, boot authorization information, operating system authorization information and the configuration file authorization information that set in advance;
The start-up course characteristic information of the described network equipment comprises: Power-On Self-Test characteristic information, boot characteristic information, operating system features information and configuration file characteristic information in described network equipment start-up course.
12. according to the credible access device of the network equipment described in any one in claim 7 to 10, it is characterized in that, the credible access device of the described network equipment also comprises:
Startup file query unit, for starting described network equipment process, when the described network equipment lacks startup file, the described network equipment is downloaded application to described trusted root server Transmit message;
Startup file download unit, for downloading application at described trusted root server end according to described file, check whether pre-stored startup file exists the startup file mating with the described network equipment, if have, the startup file mating with the described network equipment is sent to the described network equipment so that the described network equipment continues start-up course; Otherwise, stop the startup of this network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310714389.1A CN103731422A (en) | 2013-12-20 | 2013-12-20 | Trusted access method and device of network device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310714389.1A CN103731422A (en) | 2013-12-20 | 2013-12-20 | Trusted access method and device of network device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103731422A true CN103731422A (en) | 2014-04-16 |
Family
ID=50455349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310714389.1A Pending CN103731422A (en) | 2013-12-20 | 2013-12-20 | Trusted access method and device of network device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103731422A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254370A (en) * | 2016-08-30 | 2016-12-21 | 成都源知信息技术有限公司 | A kind of network equipment fingerprint generation method and detecting devices |
| CN111315035A (en) * | 2020-02-24 | 2020-06-19 | 华为技术有限公司 | WiFi network connection method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103024545A (en) * | 2012-12-26 | 2013-04-03 | 深圳市九洲电器有限公司 | Starting method of operating system of set-top box, set-top box and server |
| CN103023911A (en) * | 2012-12-25 | 2013-04-03 | 北京工业大学 | Authentication method for access of trusted network devices to trusted network |
-
2013
- 2013-12-20 CN CN201310714389.1A patent/CN103731422A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023911A (en) * | 2012-12-25 | 2013-04-03 | 北京工业大学 | Authentication method for access of trusted network devices to trusted network |
| CN103024545A (en) * | 2012-12-26 | 2013-04-03 | 深圳市九洲电器有限公司 | Starting method of operating system of set-top box, set-top box and server |
Non-Patent Citations (1)
| Title |
|---|
| 安爱国: "基于可信平台的网络资源共享研究", 《中国优秀硕士论文电子期刊网》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254370A (en) * | 2016-08-30 | 2016-12-21 | 成都源知信息技术有限公司 | A kind of network equipment fingerprint generation method and detecting devices |
| CN111315035A (en) * | 2020-02-24 | 2020-06-19 | 华为技术有限公司 | WiFi network connection method and device |
| CN111315035B (en) * | 2020-02-24 | 2023-11-10 | 华为技术有限公司 | WiFi network connection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5785277B2 (en) | Methods and equipment for H (e) NB integrity verification and validation | |
| EP3259928B1 (en) | Establishing and managing identities for constrained devices | |
| US20190245704A1 (en) | Template based credential provisioning | |
| WO2017186005A1 (en) | Method, server, and terminal for cloud desktop authentication | |
| US20090276620A1 (en) | Client authentication during network boot | |
| US8892602B2 (en) | Secure configuration of authentication servers | |
| WO2011119297A1 (en) | System and methods for remote maintenance of multiple clients in an electronic network using virtual machines | |
| WO2013086968A1 (en) | Method, device and system for network security protection | |
| CN111108735A (en) | Asset update service | |
| WO2017152864A1 (en) | Secure communication method and apparatus for vehicle, vehicle multimedia system, and vehicle | |
| CN112632573A (en) | Intelligent contract execution method, device and system, storage medium and electronic equipment | |
| CN103731422A (en) | Trusted access method and device of network device | |
| US11943213B2 (en) | Device and method for mediating configuration of authentication information | |
| US9027096B2 (en) | Method and device for enhancing security of user security model | |
| US20140256366A1 (en) | Network Traffic Control via SMS Text Messaging | |
| CN112219416A (en) | Techniques for authenticating data transmitted over a cellular network | |
| CN114422167A (en) | Network access control method, device, electronic equipment and storage medium | |
| CN105871901A (en) | Dynamic security encryption method for Internet of Things | |
| JP2011197912A (en) | Thin client system, integrity verification server, program, storage medium, and thin client communication relay method | |
| TWI516974B (en) | Message communication system and operation method thereof | |
| WO2016065919A1 (en) | Method for transmitting configuration information, mobile terminal and device management server as well as storage medium | |
| CN116010910A (en) | Software authorization method, data processing method, device, equipment and medium | |
| CN116939608A (en) | Network access control method, device, equipment and storage medium | |
| CN114143198A (en) | Firmware upgrading method | |
| CN116861395A (en) | Application program code scanning login method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140416 |