CN108696509B - Access processing method and device for terminal - Google Patents

Access processing method and device for terminal Download PDF

Info

Publication number
CN108696509B
CN108696509B CN201810322445.XA CN201810322445A CN108696509B CN 108696509 B CN108696509 B CN 108696509B CN 201810322445 A CN201810322445 A CN 201810322445A CN 108696509 B CN108696509 B CN 108696509B
Authority
CN
China
Prior art keywords
terminal
keep
alive
message
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810322445.XA
Other languages
Chinese (zh)
Other versions
CN108696509A (en
Inventor
张琨
张磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Co Ltd
Original Assignee
Hisense Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Co Ltd filed Critical Hisense Co Ltd
Priority to CN201810322445.XA priority Critical patent/CN108696509B/en
Publication of CN108696509A publication Critical patent/CN108696509A/en
Application granted granted Critical
Publication of CN108696509B publication Critical patent/CN108696509B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/54Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides an access processing method and device of a terminal, which are applied to the terminal, wherein the terminal is accessed to a server, and the method comprises the following steps: receiving a keep-alive challenge message sent by the server; generating a keep-alive response message for the keep-alive challenge message; generating a terminal token according to the keep-alive challenge message; generating a terminal check code according to the keep-alive challenge message and the keep-alive response message; packaging the keep-alive response message, the terminal token and the terminal check code into a target message; and sending the target message to the server so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication. The two communication parties only exchange messages once and only carry out communication interaction once, so that the number of communication interaction is greatly reduced, the utilization rate of network bandwidth is increased, and the processing pressure of the server is reduced to a certain extent.

Description

Access processing method and device for terminal
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an access processing method and an access processing device for a terminal.
Background
The internet of things revolution brings human beings into a virtual world, and the internet of things revolution brings the virtual world back to reality, so that the boundary between the virtual world and the real world is more and more fuzzy and network systems of different terminal organizations are more and more huge in life, work, business and industrial scenes.
In a network system, when a terminal accesses the network system, the terminal usually authenticates the validity, checks whether the identity of the terminal is consistent with the declared identity, and then reports data, at least two times of communication interaction are performed during the period, and the access processing is complicated, so that the processing pressure of the network system is high.
Especially for network systems such as the internet of things, the number of the accessed internet of things terminals is huge and can reach millions, and the processing pressure of an internet of things server for providing services for the internet of things terminals is huge.
Disclosure of Invention
The embodiment of the invention provides a method and a device for processing terminal access, which aim to solve the problem that the network system pressure is caused by the fact that the terminal access processing is relatively complex.
According to an aspect of the present invention, there is provided an access processing method for a terminal, which is applied in a terminal that accesses a server, the method including:
receiving a keep-alive challenge message sent by the server;
generating a keep-alive response message for the keep-alive challenge message;
generating a terminal token according to the keep-alive challenge message;
generating a terminal check code according to the keep-alive challenge message and the keep-alive response message;
packaging the keep-alive response message, the terminal token and the terminal check code into a target message;
and sending the target message to the server so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication.
Optionally, the generating a keep-alive response message for the keep-alive challenge message includes:
judging whether the keep-alive challenge message has a subscription message;
if yes, generating a keep-alive response message in a specified format, inquiring terminal data corresponding to the subscription message, and writing the terminal data into the keep-alive response message;
if not, generating the keep-alive response message with the specified format.
Optionally, the generating a terminal token according to the keep-alive challenge message includes:
extracting a preset key;
combining the key and the keep-alive challenge message into first terminal candidate data according to a preset first combination mode;
generating second terminal candidate data for the first terminal candidate data according to a preset first generation mode;
and extracting data of the first designated position from the second terminal candidate data as a terminal token.
Optionally, the generating a terminal check code according to the keep-alive challenge message and the keep-alive response message includes:
extracting a preset key;
combining the key, the keep-alive challenge message and the keep-alive response message into third terminal candidate data according to a preset second combination mode;
generating fourth terminal candidate data for the third terminal candidate data according to a preset second generation mode;
and extracting data of a second appointed position from the fourth terminal candidate data to be used as a terminal check code.
According to another aspect of the present invention, there is provided an access processing method for a terminal, which is applied in a server to which a plurality of terminals access, the method including:
sending a keep-alive challenge message to the terminal;
receiving a target message sent by the terminal aiming at the keep-alive challenge message, wherein the target message comprises a keep-alive response message, a terminal token and a terminal check code;
performing entity authentication on the terminal token according to the keep-alive challenge message;
performing data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message;
and when the terminal token passes the entity authentication and the terminal passes the data authentication, performing access processing based on the keep-alive response message.
Optionally, the performing entity authentication on the terminal token according to the keep-alive challenge message includes:
searching a key corresponding to the terminal;
combining the key and the keep-alive challenge message into first cloud candidate data according to a preset first combination mode;
generating second cloud candidate data for the first cloud candidate data according to a preset first generation mode;
extracting data of a first designated position from the second cloud candidate data to serve as a cloud token;
judging whether the cloud token is the same as the terminal token;
if so, determining that the terminal token passes entity authentication;
if not, determining that the terminal token is not authenticated by the entity.
Optionally, the performing data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message includes:
searching a key corresponding to the terminal;
combining the key, the keep-alive challenge message and the keep-alive response message into third cloud candidate data according to a preset second combination mode;
generating fourth cloud candidate data for the third cloud candidate data according to a preset second generation mode;
extracting data of a second designated position from the fourth cloud candidate data to serve as a cloud check code;
judging whether the cloud check code is the same as the terminal check code;
if so, determining that the terminal check code passes data authentication;
if not, determining that the terminal check code does not pass the data authentication.
Optionally, the performing access processing based on the keep-alive response message includes:
judging whether the keep-alive response message has terminal data or not;
if so, determining that the terminal is in an online state, and performing service processing on the terminal data;
if not, determining that the terminal is in an online state.
According to another aspect of the present invention, there is provided an access processing apparatus of a terminal, which is applied in a terminal that accesses a server, the apparatus including:
a keep-alive challenge message receiving module, configured to receive a keep-alive challenge message sent by the server;
a keep-alive response message generating module for generating a keep-alive response message for the keep-alive challenge message;
the terminal token generating module is used for generating a terminal token according to the keep-alive challenge message;
a terminal check code generating module, configured to generate a terminal check code according to the keep-alive challenge message and the keep-alive response message;
a target message encapsulation module, configured to encapsulate the keep-alive response message, the terminal token, and the terminal check code into a target message;
and the target message sending module is used for sending the target message to the server so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication.
Optionally, the keep-alive response message generating module includes:
a subscription message judgment sub-module, configured to judge whether the keep-alive challenge message includes a subscription message; if yes, calling a first generation submodule, and if not, calling a second generation submodule;
a first generating submodule, configured to generate a keep-alive response message in a specified format, query terminal data corresponding to the subscription message, and write the terminal data into the keep-alive response message;
and the second generation submodule is used for generating the keep-alive response message in the specified format.
Optionally, the terminal token generating module includes:
the first key extraction submodule is used for extracting a preset key;
a first terminal candidate data composition submodule, configured to combine the key and the keep-alive challenge message into first terminal candidate data according to a preset first combination manner;
the second terminal candidate data generation submodule is used for generating second terminal candidate data for the first terminal candidate data according to a preset first generation mode;
and the terminal token setting submodule is used for extracting data of a first specified position from the second terminal candidate data to be used as a terminal token.
Optionally, the terminal check code generating module includes:
the second key extraction submodule is used for extracting a preset key;
a third terminal candidate data composition submodule, configured to combine the key, the keep-alive challenge message, and the keep-alive response message into third terminal candidate data according to a preset second combination manner;
a fourth terminal candidate data generation submodule, configured to generate fourth terminal candidate data for the third terminal candidate data according to a preset second generation manner;
and the terminal check code setting and extracting submodule is used for extracting data at a second appointed position from the fourth terminal candidate data to be used as a terminal check code.
According to another aspect of the present invention, there is provided an access processing apparatus of a terminal, which is applied in a server to which a plurality of terminals access, the apparatus including:
a keep-alive challenge message sending module, configured to send a keep-alive challenge message to the terminal;
a target message receiving module, configured to receive a target message sent by the terminal for the keep-alive challenge message, where the target message includes a keep-alive response message, a terminal token, and a terminal check code;
the entity authentication module is used for carrying out entity authentication on the terminal token according to the keep-alive challenge message;
the data authentication module is used for performing data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message;
and the access processing module is used for performing access processing based on the keep-alive response message when the terminal token passes the entity authentication and the terminal passes the data authentication.
Optionally, the entity authentication module includes:
the first key searching submodule is used for searching a key corresponding to the terminal;
the first cloud candidate data composition submodule is used for combining the key and the keep-alive challenge message into first cloud candidate data according to a preset first combination mode;
the second cloud candidate data generation submodule is used for generating second cloud candidate data for the first cloud candidate data according to a preset first generation mode;
the cloud token setting submodule is used for extracting data of a first specified position from the second cloud candidate data to serve as a cloud token;
the token judgment submodule is used for judging whether the cloud token is the same as the terminal token or not; if yes, calling a first determining submodule, and if not, calling a second determining submodule;
the first determining submodule is used for determining that the terminal token passes entity authentication;
and the second determining submodule is used for determining that the terminal token is not authenticated by the entity.
Optionally, the data authentication module includes:
the second key searching submodule is used for searching a key corresponding to the terminal;
a third cloud candidate data composition submodule, configured to combine the key, the keep-alive challenge message, and the keep-alive response message into third cloud candidate data according to a preset second combination manner;
the fourth cloud candidate data generation submodule is used for generating fourth cloud candidate data for the third cloud candidate data according to a preset second generation mode;
the cloud check code setting submodule is used for extracting data of a second specified position from the fourth cloud candidate data to serve as a cloud check code;
the check code judging submodule is used for judging whether the cloud check code is the same as the terminal check code; if yes, calling a third determining submodule, and if not, calling a fourth determining submodule;
a third determining submodule, configured to determine that the terminal check code passes data authentication;
and the fourth determining submodule is used for determining that the terminal check code does not pass the data authentication.
Optionally, the access processing module includes:
the terminal data judgment submodule is used for judging whether the keep-alive response message contains terminal data; if yes, calling a first processing submodule, and if not, calling a second processing submodule;
the first processing submodule is used for determining that the terminal is in an online state and performing service processing on the terminal data;
and the second processing submodule is used for determining that the terminal is in an online state.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, a server sends a keep-alive challenge message to an accessed terminal, on one hand, the terminal generates a terminal token according to the keep-alive challenge message, on the other hand, the terminal generates a keep-alive response message aiming at the keep-alive challenge message, generates a terminal check code according to the keep-alive challenge message and the keep-alive response message, packages the keep-alive response message, the terminal token and the terminal check code into a target message and sends the target message to the server, the server performs entity authentication on the terminal token according to the keep-alive challenge message, performs data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message, if the terminal check code passes the entity authentication and the data authentication, performs access processing based on the keep-alive response message, the server sends the keep-alive challenge message in the access processing process, the terminal feeds, in the communication interaction, not only entity authentication and data authentication are combined, but also survival authentication and entity authentication are combined, so that the normal operation of access processing is ensured, and the number of times of communication interaction is greatly reduced aiming at network systems such as the Internet of things, so that the utilization rate of network bandwidth is increased, and the processing pressure of a server is reduced to a certain extent.
Drawings
Fig. 1 is a flowchart illustrating steps of an access processing method of a terminal according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating steps of an access processing method of another terminal according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating an example of communication interaction between a terminal and a server according to an embodiment of the present invention;
fig. 4 is a block diagram of an access processing apparatus of a terminal according to an embodiment of the present invention;
fig. 5 is a block diagram of an access processing apparatus of another terminal according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Referring to fig. 1, a flowchart illustrating steps of an access processing method of a terminal according to an embodiment of the present invention is shown, which may specifically include the following steps:
step 101, receiving a keep-alive challenge message sent by the server.
In a specific implementation, the embodiment of the invention can be applied to a terminal, and the terminal accesses a server to obtain corresponding services.
Wherein, this terminal can be the thing networking terminal, like water gauge, ammeter, weather detector etc. then this server can be the thing networking server, provides the thing networking service to this thing networking terminal.
In the embodiment of the present invention, the server may send the keep-alive challenge message to the terminal accessing the server at fixed intervals, and the terminal accessing the server may receive the keep-alive challenge message sent by the server at fixed intervals.
Step 102, generating a keep-alive response message for the keep-alive challenge message.
If the terminal receives the keep-alive challenge message from the server, a keep-alive response message can be generated accordingly.
In one embodiment of the present invention, step 102 may include the following sub-steps:
a substep S11, determining whether the keep-alive challenge message has a subscription message; if yes, go to substep S12, otherwise go to substep S13.
And a substep S12, generating a keep-alive response message with a specified format, inquiring terminal data corresponding to the subscription message, and writing the terminal data into the keep-alive response message.
And sub-step S13, generating a keep-alive response message in a specified format.
In the embodiment of the invention, the server can subscribe the relevant data to the terminal according to the service requirement.
For example, if the terminal is an electricity meter, the electricity consumption of the user, the electricity consumption of the terminal itself, the temperature, and the like may be subscribed to.
For another example, if the terminal is a weather detector, the terminal may subscribe to temperature, humidity, and the like.
For this case, the server may then add a subscribe message in the keep-alive challenge message.
The terminal may parse the keep-alive challenge message after receiving it.
If the subscription message is analyzed, on one hand, terminal data corresponding to the subscription message is inquired, on the other hand, a keep-alive response message in a specified format is generated according to a protocol negotiated in advance, and the terminal data is embedded into a specified position in the keep-alive response message.
And if the subscription message is not analyzed, generating a keep-alive response message in a specified format according to a protocol negotiated in advance.
And 103, generating a terminal token according to the keep-alive challenge message.
For the keep-alive challenge message, the terminal may generate a terminal token according to a protocol negotiated with the server in advance to perform entity authentication at the server.
In one embodiment of the present invention, step 103 may comprise the following sub-steps:
and a sub-step S21 of extracting a preset key.
Sub-step S22, combining said key and said keep-alive challenge message into a first terminal candidate data according to a preset first combination.
And a substep S23 of generating second terminal candidate data for the first terminal candidate data according to a preset first generation manner.
And a substep S24 of extracting data of the first designated position from the second terminal candidate data as a terminal token.
In the embodiment of the invention, the key can be preset in the terminal, the key has uniqueness, and different terminals preset different keys.
And combining the key and the keep-alive challenge message according to a first combination mode, for example, splicing the key after the keep-alive challenge message, splicing the key before the keep-alive challenge message, or inserting the key into the keep-alive challenge message, or the like, wherein the combined data is the first terminal candidate data.
Thereafter, the first terminal candidate data is processed according to a first generation manner, such as calculating a Hash (Hash Algorithm), calculating a SHA1(Secure Hash Algorithm), and the like, and the processed data is the second terminal candidate data.
And extracting data of a first designated position, such as m bits at the top of the sequence (m is a positive integer), m bits at the last of the sequence, m bits in the middle of the sequence, and the like, from the second terminal candidate data as a terminal token.
104, generating a terminal check code according to the keep-alive challenge message and the keep-alive response message;
for the keep-alive challenge message, the terminal may generate a terminal check code check according to a protocol negotiated with the server in advance in combination with the keep-alive response message, so as to perform data authentication at the server.
In one embodiment of the present invention, step 104 may include the following sub-steps:
and a sub-step S31 of extracting a preset key.
And a substep S32 of combining the key, the keep-alive challenge message and the keep-alive response message into third terminal candidate data according to a preset second combination mode.
And a substep S33 of generating fourth terminal candidate data for the third terminal candidate data according to a preset second generation method.
And a substep S34 of extracting data at a second designated position from the fourth terminal candidate data as a terminal check code.
In the embodiment of the invention, the key can be preset in the terminal, the key has uniqueness, and different terminals preset different keys.
And combining the key, the keep-alive challenge message and the keep-alive challenge response according to a second combination mode, for example, splicing according to the sequence of the key, the keep-alive challenge message and the keep-alive challenge response, splicing according to the sequence of the key, the keep-alive challenge response and the keep-alive challenge message, inserting the key into the keep-alive challenge message and the keep-alive response message at intervals, and the like, wherein the combined data is the third terminal candidate data.
And then, processing the third terminal candidate data according to a second generation mode, such as calculating Hash, calculating SHA1 value, and the like, wherein the processed data is the fourth terminal candidate data.
And extracting data at a second appointed position, such as n (n is a positive integer) bits at the top of the sequence, n bits at the last of the sequence, n bits in the middle of the sequence, and the like, from the fourth terminal candidate data as a terminal check code check.
And 105, packaging the keep-alive response message, the terminal token and the terminal check code into a target message.
If the terminal generates the keep-alive response message, the terminal token and the terminal check code check, the target message may be generated based on the keep-alive response message, the terminal token and the terminal check code check.
And 106, sending the target message to the server so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication.
The terminal sends the target message to the server, the server can perform entity authentication for the terminal token, perform data authentication for the terminal check code check, and perform access processing on the keep-alive response message when the entity authentication and the data authentication are passed at the same time.
In the embodiment of the invention, a server sends a keep-alive challenge message to an accessed terminal, on one hand, the terminal generates a terminal token according to the keep-alive challenge message, on the other hand, the terminal generates a keep-alive response message aiming at the keep-alive challenge message, generates a terminal check code according to the keep-alive challenge message and the keep-alive response message, packages the keep-alive response message, the terminal token and the terminal check code into a target message and sends the target message to the server, the server performs entity authentication on the terminal token according to the keep-alive challenge message, performs data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message, if the terminal check code passes the entity authentication and the data authentication, performs access processing based on the keep-alive response message, the server sends the keep-alive challenge message in the access processing process, the terminal feeds, in the communication interaction, not only entity authentication and data authentication are combined, but also survival authentication and entity authentication are combined, so that the normal operation of access processing is ensured, and the number of times of communication interaction is greatly reduced aiming at network systems such as the Internet of things, so that the utilization rate of network bandwidth is increased, and the processing pressure of a server is reduced to a certain extent.
In addition, the server and the terminal can realize communication by maintaining the existing hardware, other hardware equipment does not need to be additionally deployed, and the operation cost is ensured to be in a controllable state.
And moreover, the target message comprises a keep-alive response message, a terminal token and a terminal check code, and the message length section has low sending delay, so that the network bandwidth occupation is low.
Referring to fig. 2, a flowchart illustrating steps of another method for processing access by a terminal according to an embodiment of the present invention is shown, and specifically includes the following steps:
step 201, sending a keep-alive challenge message to the terminal.
In a specific implementation, the embodiment of the present invention may be applied to a server, and a plurality of terminals access the server to provide corresponding services.
Wherein, this terminal can be the thing networking terminal, like water gauge, ammeter, weather detector etc. then this server can be the thing networking server, provides the thing networking service to this thing networking terminal.
In the embodiment of the invention, the server can send the keep-alive challenge message to the terminal accessing the server at fixed time intervals.
In one case, the server may subscribe to the terminal according to the service requirement, and encapsulate the corresponding subscription message into the keep-alive challenge message.
Of course, if the server does not have data of the subscribing terminal, the subscription message does not need to be encapsulated into the keep-alive challenge message.
And 202, receiving a target message sent by the terminal aiming at the keep-alive challenge message.
If the terminal receives the keep-alive challenge message of the server, a keep-alive response message is generated aiming at the keep-alive challenge message, a terminal token is generated according to the keep-alive challenge message, a terminal check code check is generated according to the keep-alive challenge message and the keep-alive response message, the terminal token and the terminal check code are packaged into a target message, and the target message is sent to the server.
Therefore, the target message has the keep-alive response message, the terminal token and the terminal check code check.
If the server receives the target message of the terminal, the server can analyze the target message to obtain the keep-alive response message, the terminal token and the terminal check code check.
Of course, if the server does not receive the target message of the terminal within a period of time, it may confirm that the terminal is in an offline state.
And 203, performing entity authentication on the terminal token according to the keep-alive challenge message.
For the keep-alive challenge message, the terminal generates a terminal token according to a protocol negotiated with the server in advance, and then the server can generate a cloud token in the same manner according to the protocol negotiated in advance.
When entity authentication is carried out, whether the terminal token is the same as the cloud token or not is judged, if so, entity authentication can be confirmed to be passed, and if not, entity authentication can be confirmed to be failed.
In one embodiment of the present invention, step 203 may comprise the sub-steps of:
and a substep S41 of finding a key corresponding to the terminal.
And a substep S42, combining the key and the keep-alive challenge message into a first cloud candidate data according to a preset first combination mode.
And a substep S43, generating second cloud candidate data for the first cloud candidate data according to a preset first generation mode.
And a substep S44, extracting data of the first designated location from the second cloud candidate data as a cloud token.
Substep S45, determining whether the cloud token is the same as the terminal token; if yes, go to substep S46, otherwise go to substep S47.
Sub-step S46, determining that the terminal token is authenticated by an entity.
Sub-step S47, determining that the terminal token has not been authenticated by an entity.
In the embodiment of the invention, the key can be preset in the terminal, the key has uniqueness, different terminals preset different keys, and meanwhile, the keys of different terminals can be stored in the server in advance, so that the mapping relation between the terminal identification (such as terminal ID and the like) and the key is established.
Therefore, when entity authentication is performed, the server can query the key corresponding to the terminal (characterized by the terminal identifier) through the mapping relationship.
Combining the key and the keep-alive challenge message according to a first combination method, for example, splicing the key after the keep-alive challenge message, splicing the key before the keep-alive challenge message, inserting the key into the keep-alive challenge message occasionally, and the like, where the combined data is the first cloud candidate data.
Thereafter, the first cloud candidate data is processed according to a first generation manner, such as calculating a Hash, calculating a SHA1 value, and the like, and the processed data is the second cloud candidate data.
And extracting data of a first specified position, such as m (m is a positive integer) bits at the top of the sequence, m bits at the last of the sequence, m bits in the middle of the sequence, and the like, from the second cloud candidate data as a cloud token.
And comparing the terminal token with the cloud token, if the terminal token is the same as the cloud token, determining that the entity authentication is passed, and if the terminal token is different from the cloud token, determining that the entity authentication is not passed.
And 204, performing data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message.
For the keep-alive challenge message, the terminal generates a terminal check code check according to a protocol negotiated with the server in advance and in combination with the keep-alive response message, and then the server can generate a cloud check code check in the same manner according to the protocol negotiated in advance.
When data authentication is carried out, whether the terminal check code check is the same as the cloud check code check is judged, if yes, data authentication can be confirmed to be passed, and if not, data authentication can be confirmed to be failed.
In one embodiment of the present invention, step 204 may include the following sub-steps:
and a substep S51 of finding a key corresponding to the terminal.
And a substep S52, combining the key, the keep-alive challenge message and the keep-alive response message into third cloud candidate data according to a preset second combination mode.
And a substep S53, generating fourth cloud candidate data for the third cloud candidate data according to a preset second generation manner.
And a substep S54, extracting data at a second designated position from the fourth cloud candidate data, and using the data as a cloud check code.
The substep S55 is to judge whether the cloud check code is the same as the terminal check code; if yes, go to substep S56, otherwise go to substep S57.
And a sub-step S56, determining that the terminal check code passes data authentication.
And a substep S57 of determining that the terminal check code fails data authentication.
In the embodiment of the invention, the key can be preset in the terminal, the key has uniqueness, different terminals preset different keys, and meanwhile, the keys of different terminals can be stored in the server in advance, so that the mapping relation between the terminal identification (such as terminal ID and the like) and the key is established.
Therefore, when data authentication is performed, the server can query the key corresponding to the terminal (characterized by the terminal identifier) through the mapping relation.
And combining the key, the keep-alive challenge message and the keep-alive challenge response according to a second combination mode, for example, splicing according to the sequence of the key, the keep-alive challenge message and the keep-alive challenge response, splicing according to the sequence of the key, the keep-alive challenge response and the keep-alive challenge message, inserting the key into the keep-alive challenge message and the keep-alive response message at intervals, and the like, wherein the combined data is the third cloud candidate data.
And processing the third cloud candidate data according to a second generation manner, such as calculating a Hash, calculating a SHA1 value, and the like, wherein the processed data is the fourth cloud candidate data.
And extracting data at a second specified position from the fourth cloud candidate data, such as n (n is a positive integer) bits at the top of the sequence, n bits at the last of the sequence, n bits in the middle of the sequence, and the like, as a cloud check code check.
And comparing the terminal check code check with the cloud check code check, if the terminal check code check is the same as the cloud check code check, determining that the data authentication is passed, and if the terminal check code check is different from the cloud check code check, determining that the data authentication is not passed.
It should be noted that, the server may perform the entity authentication first (step 203), perform the data authentication after the entity authentication is passed (step 204), perform the data authentication first (step 204), perform the entity authentication after the data authentication is passed (step 203), perform the entity authentication (step 203) and the data authentication simultaneously (step 204), and the like, which is not limited in this embodiment of the present invention.
And step 205, when the terminal token passes the entity authentication and the terminal passes the data authentication, performing access processing based on the keep-alive response message.
And if the terminal passes the entity authentication and the data authentication at the same time, performing corresponding access processing on the terminal based on the keep-alive response message.
In one embodiment of the present invention, step 205 may include the following sub-steps:
a substep S61, determining whether the keep-alive response message has terminal data; if yes, go to substep S62, otherwise go to substep S63.
And a substep S62, determining that the terminal is in an online state, and performing service processing on the terminal data.
And a sub-step S63 of determining that the terminal is in an online state.
In the embodiment of the invention, as the terminal normally feeds back the keep-alive response message, the terminal can be determined to be in an online state, and meanwhile, whether the keep-alive response message contains subscribed terminal data or not is analyzed.
If the terminal data exists, corresponding service processing can be carried out according to the type of the terminal data.
For example, data on the electricity consumption, temperature, humidity, etc. of the user may be stored in a database for other processing by the user.
For another example, for the power consumption and the temperature of the terminal itself, it may be determined whether the power consumption is lower than a preset power threshold and whether the temperature is higher than a preset temperature threshold, and if the power consumption is lower than the power threshold and the temperature is higher than the temperature threshold, corresponding power alarm information and temperature alarm information may be generated.
In the embodiment of the invention, a server sends a keep-alive challenge message to an accessed terminal, on one hand, the terminal generates a terminal token according to the keep-alive challenge message, on the other hand, the terminal generates a keep-alive response message aiming at the keep-alive challenge message, generates a terminal check code according to the keep-alive challenge message and the keep-alive response message, packages the keep-alive response message, the terminal token and the terminal check code into a target message and sends the target message to the server, the server performs entity authentication on the terminal token according to the keep-alive challenge message, performs data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message, if the terminal check code passes the entity authentication and the data authentication, performs access processing based on the keep-alive response message, the server sends the keep-alive challenge message in the access processing process, the terminal feeds, in the communication interaction, not only entity authentication and data authentication are combined, but also survival authentication and entity authentication are combined, so that the normal operation of access processing is ensured, and the number of times of communication interaction is greatly reduced aiming at network systems such as the Internet of things, so that the utilization rate of network bandwidth is increased, and the processing pressure of a server is reduced to a certain extent.
In addition, the server and the terminal can realize communication by maintaining the existing hardware, other hardware equipment does not need to be additionally deployed, and the operation cost is ensured to be in a controllable state.
And moreover, the target message comprises a keep-alive response message, a terminal token and a terminal check code, and the message length section has low sending delay, so that the network bandwidth occupation is low.
In order to make those skilled in the art better understand the embodiment of the present invention, as shown in fig. 3, the access processing method of the terminal in the embodiment of the present invention is described below by using a specific example.
1. And the server B sends a keep-alive challenge message C to a part of or all accessed electric meters T every 1 day, wherein the keep-alive challenge message C comprises a subscription message for subscribing the electricity consumption.
2. When the electric meter T receives the keep-alive challenge message C, the following operations are carried out:
and 2.1, the ammeter T analyzes the keep-alive challenge C, acquires the current power consumption due to the subscription information, generates a keep-alive response message D, and writes the power consumption of the user into the keep-alive response message D.
2.2, the electric meter T calculates Token _ T ═ Hash (C, K) using the key K and the keep-alive challenge message C.
And 2.3, taking the first m bits of the Token _ T, namely Token _ T (m), as the terminal Token by the electric meter T.
And 2.4, the electric meter T calculates the Check _ T as Hash (D, C and K) by using the secret key K, the keep-alive challenge message C and the keep-alive response message D.
And 2.5, taking the first n bits of the Check _ T as Check _ T (n) as a terminal Check code by the electric meter T.
2.6. The electric meter T will combine into a target message M ═ Token _ T (M), D, Check _ T (n), and send to the server B.
3. After receiving the target message M ═ Token _ t (M), D, Check _ t (n), the server B performs the following operations:
3.1, the server B calculates Token _ B ═ Hash (C, K) with the keep-alive challenge message C using the key K of the terminal T.
3.2, server B takes the first m bits of Token _ B, which are denoted as Token _ B (m), as a cloud Token.
3.3, the server B judges whether the Token _ T (M) is the same as the Token _ B (M), if so, the process turns to 3.4, and if not, the target message M is discarded, and the access processing is ended.
And 3.4, the server B calculates the Check _ B as Hash (D, C and K) by using the key K of the terminal T, the keep-alive challenge message C and the keep-alive response message D.
3.5, the server B takes the first n bits of the Check _ B, which are expressed as Check _ B (n), as a cloud Check code.
And 3.6, judging whether the Check _ T (n) is the same as the Check _ B (n) or not by the server B, if so, turning to 3.7, otherwise, discarding the target message M and ending the access processing.
And 3.7, recording the electric meter T as an online state, and recording the electricity consumption of the user in a database.
In the internet of things, the access number of terminals of the internet of things such as an electric meter can reach one million, and at least two million communication interactions are performed according to a traditional access processing mode.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a block diagram of an access processing apparatus of a terminal according to an embodiment of the present invention is shown, and the access processing apparatus is applied to a terminal, where the terminal accesses a server, and the apparatus may specifically include the following modules:
a keep-alive challenge message receiving module 401, configured to receive a keep-alive challenge message sent by the server;
a keep-alive response message generating module 402, configured to generate a keep-alive response message for the keep-alive challenge message;
a terminal token generating module 403, configured to generate a terminal token according to the keep-alive challenge message;
a terminal check code generating module 404, configured to generate a terminal check code according to the keep-alive challenge message and the keep-alive response message;
a target message encapsulation module 405, configured to encapsulate the keep-alive response message, the terminal token, and the terminal check code into a target message;
a target message sending module 406, configured to send the target message to the server, so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication.
In one embodiment of the present invention, the keep-alive response message generating module 402 comprises:
a subscription message judgment sub-module, configured to judge whether the keep-alive challenge message includes a subscription message; if yes, calling a first generation submodule, and if not, calling a second generation submodule;
a first generating submodule, configured to generate a keep-alive response message in a specified format, query terminal data corresponding to the subscription message, and write the terminal data into the keep-alive response message;
and the second generation submodule is used for generating the keep-alive response message in the specified format.
In an embodiment of the present invention, the terminal token generating module 403 includes:
the first key extraction submodule is used for extracting a preset key;
a first terminal candidate data composition submodule, configured to combine the key and the keep-alive challenge message into first terminal candidate data according to a preset first combination manner;
the second terminal candidate data generation submodule is used for generating second terminal candidate data for the first terminal candidate data according to a preset first generation mode;
and the terminal token setting submodule is used for extracting data of a first specified position from the second terminal candidate data to be used as a terminal token.
In an embodiment of the present invention, the terminal check code generating module 404 includes:
the second key extraction submodule is used for extracting a preset key;
a third terminal candidate data composition submodule, configured to combine the key, the keep-alive challenge message, and the keep-alive response message into third terminal candidate data according to a preset second combination manner;
a fourth terminal candidate data generation submodule, configured to generate fourth terminal candidate data for the third terminal candidate data according to a preset second generation manner;
and the terminal check code setting and extracting submodule is used for extracting data at a second appointed position from the fourth terminal candidate data to be used as a terminal check code.
Referring to fig. 5, a block diagram of a structure of an access processing apparatus of another terminal according to an embodiment of the present invention is shown, and the access processing apparatus is applied in a server, where a plurality of terminals access the server, and the apparatus may specifically include the following modules:
a keep-alive challenge message sending module 501, configured to send a keep-alive challenge message to the terminal;
a target message receiving module 502, configured to receive a target message sent by the terminal for the keep-alive challenge message, where the target message includes a keep-alive response message, a terminal token, and a terminal check code;
an entity authentication module 503, configured to perform entity authentication on the terminal token according to the keep-alive challenge message;
a data authentication module 504, configured to perform data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message;
and an access processing module 505, configured to perform access processing based on the keep-alive response message when the terminal token passes the entity authentication and the terminal passes the data authentication.
In one embodiment of the present invention, the entity authentication module 503 includes:
the first key searching submodule is used for searching a key corresponding to the terminal;
the first cloud candidate data composition submodule is used for combining the key and the keep-alive challenge message into first cloud candidate data according to a preset first combination mode;
the second cloud candidate data generation submodule is used for generating second cloud candidate data for the first cloud candidate data according to a preset first generation mode;
the cloud token setting submodule is used for extracting data of a first specified position from the second cloud candidate data to serve as a cloud token;
the token judgment submodule is used for judging whether the cloud token is the same as the terminal token or not; if yes, calling a first determining submodule, and if not, calling a second determining submodule;
the first determining submodule is used for determining that the terminal token passes entity authentication;
and the second determining submodule is used for determining that the terminal token is not authenticated by the entity.
In one embodiment of the present invention, the data authentication module 504 includes:
the second key searching submodule is used for searching a key corresponding to the terminal;
a third cloud candidate data composition submodule, configured to combine the key, the keep-alive challenge message, and the keep-alive response message into third cloud candidate data according to a preset second combination manner;
the fourth cloud candidate data generation submodule is used for generating fourth cloud candidate data for the third cloud candidate data according to a preset second generation mode;
the cloud check code setting submodule is used for extracting data of a second specified position from the fourth cloud candidate data to serve as a cloud check code;
the check code judging submodule is used for judging whether the cloud check code is the same as the terminal check code; if yes, calling a third determining submodule, and if not, calling a fourth determining submodule;
a third determining submodule, configured to determine that the terminal check code passes data authentication;
and the fourth determining submodule is used for determining that the terminal check code does not pass the data authentication.
In one embodiment of the present invention, the access processing module 505 comprises:
the terminal data judgment submodule is used for judging whether the keep-alive response message contains terminal data; if yes, calling a first processing submodule, and if not, calling a second processing submodule;
the first processing submodule is used for determining that the terminal is in an online state and performing service processing on the terminal data;
and the second processing submodule is used for determining that the terminal is in an online state.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The foregoing describes in detail an access processing method of a terminal and an access processing apparatus of a terminal provided by the present invention, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the foregoing embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. An access processing method of a terminal, applied in a terminal, the terminal accessing a server, the method comprising:
receiving a keep-alive challenge message sent by the server;
generating a keep-alive response message for the keep-alive challenge message;
generating a terminal token according to the keep-alive challenge message;
generating a terminal check code according to the keep-alive challenge message and the keep-alive response message;
packaging the keep-alive response message, the terminal token and the terminal check code into a target message;
and sending the target message to the server so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication.
2. The method of claim 1, wherein generating a keep-alive response message for the keep-alive challenge message comprises:
judging whether the keep-alive challenge message has a subscription message;
if yes, generating a keep-alive response message in a specified format, inquiring terminal data corresponding to the subscription message, and writing the terminal data into the keep-alive response message;
if not, generating the keep-alive response message with the specified format.
3. The method according to claim 1 or 2, wherein the generating of a terminal token from the keep-alive challenge message comprises:
extracting a preset key;
combining the key and the keep-alive challenge message into first terminal candidate data according to a preset first combination mode;
generating second terminal candidate data for the first terminal candidate data according to a preset first generation mode;
and extracting data of the first designated position from the second terminal candidate data as a terminal token.
4. The method according to claim 1 or 2, wherein the generating a terminal check code according to the keep-alive challenge message and the keep-alive response message comprises:
extracting a preset key;
combining the key, the keep-alive challenge message and the keep-alive response message into third terminal candidate data according to a preset second combination mode;
generating fourth terminal candidate data for the third terminal candidate data according to a preset second generation mode;
and extracting data of a second appointed position from the fourth terminal candidate data to be used as a terminal check code.
5. An access processing method of a terminal, applied in a server, a plurality of terminals access to the server, the method comprising:
sending a keep-alive challenge message to the terminal;
receiving a target message sent by the terminal aiming at the keep-alive challenge message, wherein the target message comprises a keep-alive response message, a terminal token and a terminal check code;
performing entity authentication on the terminal token according to the keep-alive challenge message;
performing data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message;
and when the terminal token passes the entity authentication and the terminal passes the data authentication, performing access processing based on the keep-alive response message.
6. The method of claim 5, wherein the entity authenticating the terminal token according to the keep-alive challenge message comprises:
searching a key corresponding to the terminal;
combining the key and the keep-alive challenge message into first cloud candidate data according to a preset first combination mode;
generating second cloud candidate data for the first cloud candidate data according to a preset first generation mode;
extracting data of a first designated position from the second cloud candidate data to serve as a cloud token;
judging whether the cloud token is the same as the terminal token;
if so, determining that the terminal token passes entity authentication;
if not, determining that the terminal token is not authenticated by the entity.
7. The method of claim 5, wherein the data authenticating the terminal check code according to the keep-alive challenge message and the keep-alive response message comprises:
searching a key corresponding to the terminal;
combining the key, the keep-alive challenge message and the keep-alive response message into third cloud candidate data according to a preset second combination mode;
generating fourth cloud candidate data for the third cloud candidate data according to a preset second generation mode;
extracting data of a second designated position from the fourth cloud candidate data to serve as a cloud check code;
judging whether the cloud check code is the same as the terminal check code;
if so, determining that the terminal check code passes data authentication;
if not, determining that the terminal check code does not pass the data authentication.
8. The method according to any of claims 5-7, wherein the performing access processing based on the keep-alive response message comprises:
judging whether the keep-alive response message has terminal data or not;
if so, determining that the terminal is in an online state, and performing service processing on the terminal data;
if not, determining that the terminal is in an online state.
9. An access processing device of a terminal, applied in a terminal, the terminal accessing a server, the device comprising:
a keep-alive challenge message receiving module, configured to receive a keep-alive challenge message sent by the server;
a keep-alive response message generating module for generating a keep-alive response message for the keep-alive challenge message;
the terminal token generating module is used for generating a terminal token according to the keep-alive challenge message;
a terminal check code generating module, configured to generate a terminal check code according to the keep-alive challenge message and the keep-alive response message;
a target message encapsulation module, configured to encapsulate the keep-alive response message, the terminal token, and the terminal check code into a target message;
and the target message sending module is used for sending the target message to the server so as to perform access processing based on the keep-alive response message when the terminal token passes entity authentication and the terminal check code passes data authentication.
10. An access processing apparatus of a terminal, applied in a server to which a plurality of terminals access, the apparatus comprising:
a keep-alive challenge message sending module, configured to send a keep-alive challenge message to the terminal;
a target message receiving module, configured to receive a target message sent by the terminal for the keep-alive challenge message, where the target message includes a keep-alive response message, a terminal token, and a terminal check code;
the entity authentication module is used for carrying out entity authentication on the terminal token according to the keep-alive challenge message;
the data authentication module is used for performing data authentication on the terminal check code according to the keep-alive challenge message and the keep-alive response message;
and the access processing module is used for performing access processing based on the keep-alive response message when the terminal token passes the entity authentication and the terminal passes the data authentication.
CN201810322445.XA 2018-04-11 2018-04-11 Access processing method and device for terminal Active CN108696509B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810322445.XA CN108696509B (en) 2018-04-11 2018-04-11 Access processing method and device for terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810322445.XA CN108696509B (en) 2018-04-11 2018-04-11 Access processing method and device for terminal

Publications (2)

Publication Number Publication Date
CN108696509A CN108696509A (en) 2018-10-23
CN108696509B true CN108696509B (en) 2020-09-11

Family

ID=63845492

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810322445.XA Active CN108696509B (en) 2018-04-11 2018-04-11 Access processing method and device for terminal

Country Status (1)

Country Link
CN (1) CN108696509B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111309395B (en) * 2020-02-10 2021-07-20 北京星选科技有限公司 Object keep-alive method and device, electronic equipment and computer readable storage medium
CN112231679B (en) * 2020-09-29 2023-03-28 新华三信息安全技术有限公司 Terminal equipment verification method and device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101281214A (en) * 2007-04-02 2008-10-08 深圳市国电科技通信有限公司 Remote meter reading system heart-throb frame real-time detection method
CN101848463A (en) * 2010-03-16 2010-09-29 苏州汉明科技有限公司 Method for protecting access of legal user based on wireless access point
CN102710643B (en) * 2012-05-30 2016-04-20 杭州华三通信技术有限公司 A kind of Portal server and the method with user's keep-alive thereof
CN105788218A (en) * 2016-03-24 2016-07-20 北京远东仪表有限公司 Wireless meter reading system
CN106656999A (en) * 2016-11-10 2017-05-10 济南浪潮高新科技投资发展有限公司 Secure transmission authentication method and device of IoT (Internet of Things) terminal equipment
CN106817697A (en) * 2015-12-02 2017-06-09 中国电信股份有限公司 A kind of methods, devices and systems for device authentication
CN107222460A (en) * 2017-05-03 2017-09-29 飞天诚信科技股份有限公司 A kind of shared method and device of server data memory space
CN107707023A (en) * 2017-08-30 2018-02-16 深圳市盛路物联通讯技术有限公司 A kind of apparatus control method and relevant device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7587598B2 (en) * 2002-11-19 2009-09-08 Toshiba America Research, Inc. Interlayer fast authentication or re-authentication for network communication
US20130339736A1 (en) * 2012-06-19 2013-12-19 Alex Nayshtut Periodic platform based web session re-validation
CN103501486B (en) * 2013-09-29 2016-09-28 华为软件技术有限公司 A kind of information push method and push server
US10771583B2 (en) * 2014-12-29 2020-09-08 Akamai Technologies, Inc. Managing mobile device user subscription and service preferences to predictively pre-fetch content
US10117171B2 (en) * 2016-05-13 2018-10-30 Gainspan Corporation Estimating intervals at which to transmit keep-alive messages from a wireless station to an access point
CN106452866A (en) * 2016-10-10 2017-02-22 上海畅星软件有限公司 Vehicle-mounted electronic equipment interconnecting gateway device based on IoT (Internet of Things) technology and communication method
CN107483558B (en) * 2017-07-27 2021-05-28 浩鲸云计算科技股份有限公司 Method for AP configuration management and wireless terminal access control of cloud platform

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101281214A (en) * 2007-04-02 2008-10-08 深圳市国电科技通信有限公司 Remote meter reading system heart-throb frame real-time detection method
CN101848463A (en) * 2010-03-16 2010-09-29 苏州汉明科技有限公司 Method for protecting access of legal user based on wireless access point
CN102710643B (en) * 2012-05-30 2016-04-20 杭州华三通信技术有限公司 A kind of Portal server and the method with user's keep-alive thereof
CN106817697A (en) * 2015-12-02 2017-06-09 中国电信股份有限公司 A kind of methods, devices and systems for device authentication
CN105788218A (en) * 2016-03-24 2016-07-20 北京远东仪表有限公司 Wireless meter reading system
CN106656999A (en) * 2016-11-10 2017-05-10 济南浪潮高新科技投资发展有限公司 Secure transmission authentication method and device of IoT (Internet of Things) terminal equipment
CN107222460A (en) * 2017-05-03 2017-09-29 飞天诚信科技股份有限公司 A kind of shared method and device of server data memory space
CN107707023A (en) * 2017-08-30 2018-02-16 深圳市盛路物联通讯技术有限公司 A kind of apparatus control method and relevant device

Also Published As

Publication number Publication date
CN108696509A (en) 2018-10-23

Similar Documents

Publication Publication Date Title
CN104144419B (en) Identity authentication method, device and system
CN110298421B (en) Online generation, offline generation and verification method and device for two-dimensional code
CN104320377B (en) The anti-stealing link method and equipment of a kind of files in stream media
EP3697042A1 (en) Traffic analysis method, public service traffic attribution method and corresponding computer system
CN106470184B (en) Security authentication method, device and system
CN108063714B (en) Network request processing method and device
CN105871786B (en) A kind of verification method of user information, device and system
US10630574B2 (en) Link processing method, apparatus, and system
US11838281B1 (en) Secure authentication of devices
CN105095726A (en) Method and device for generating verification code
CN104346365A (en) Device and method for determining specific service associated logs
CN108696509B (en) Access processing method and device for terminal
CN112165448B (en) Service processing method, device, system, computer equipment and storage medium
CN110445792A (en) Verification code generation method, verifying code verification method and identifying code login system
CN106899564A (en) A kind of login method and device
CN106302345B (en) A kind of terminal authentication method and device
CN108418679B (en) Method and device for processing secret key under multiple data centers and electronic equipment
CN110048833B (en) Electric power service encryption method and device based on quantum satellite key network
CN113065859A (en) Information verification method based on block chain
CN106559386A (en) A kind of authentication method and device
CN113129008B (en) Data processing method, device, computer readable medium and electronic equipment
CN105184559B (en) A kind of payment system and method
CN108235067B (en) Authentication method and device for video stream address
CN110247905A (en) The data backup memory method and system of secure authentication mode based on Token
CN116647345A (en) Method and device for generating permission token, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant