CN112311771B - Method for managing user access equipment, management equipment and network equipment - Google Patents

Method for managing user access equipment, management equipment and network equipment Download PDF

Info

Publication number
CN112311771B
CN112311771B CN202011069819.5A CN202011069819A CN112311771B CN 112311771 B CN112311771 B CN 112311771B CN 202011069819 A CN202011069819 A CN 202011069819A CN 112311771 B CN112311771 B CN 112311771B
Authority
CN
China
Prior art keywords
password
user
approved
approval
original
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011069819.5A
Other languages
Chinese (zh)
Other versions
CN112311771A (en
Inventor
金凌皓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Big Data Technologies Co Ltd
Original Assignee
New H3C Big Data Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Big Data Technologies Co Ltd filed Critical New H3C Big Data Technologies Co Ltd
Priority to CN202011069819.5A priority Critical patent/CN112311771B/en
Publication of CN112311771A publication Critical patent/CN112311771A/en
Application granted granted Critical
Publication of CN112311771B publication Critical patent/CN112311771B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/042Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present specification provides a method for managing a user access device, a management device and a network device, wherein the method comprises the following steps: obtaining a password to be approved sent by a managed device, wherein the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and the MAC address of the user, the password to be approved is approved according to an approval password set recorded by the managed device, if the approval is passed, the managed device is informed to release the user, and if the approval is not passed, the managed device is informed to reject the user.

Description

Method for managing user access equipment, management equipment and network equipment
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method for managing a user access device, a management device, and a network device.
Background
PSK Pre-Shared Key.
PPSK Private Pre-Shared Key.
In the PSK network, small and medium-sized enterprises use public PSK keys to be easily cracked or shared, so that the security of the network is greatly reduced. In this usage scenario, this problem can be solved with PPSK keys. The PPSK is a one-person-one-key authentication mode which can ensure high security.
Disclosure of Invention
The present specification provides a method for managing a user access device, a management device, and a network device, which can reduce resource occupation of a PPSK password and improve storage resources of network device resources in different locations.
The present specification provides a method for managing a user access device, which is applied to a cloud management platform, and includes:
acquiring a password to be approved sent by a managed device, wherein the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and the MAC address of the user;
authorizing the password to be authorized according to an authorized password set recorded by the user;
if the authorization passes, the managed equipment is informed to release the user;
if the approval is not passed, the managed device is notified to reject the user.
It can be seen from the above embodiments that, when a user accesses a network device (managed device), the network device binds an original password input by the user with an MAC address of the user, sends the bound original password and MAC to a cloud management platform, and the cloud management platform approves the original password and sends the approval result to the network device, so that the cloud management platform is not required to send a PPSK password to each network device, which wastes storage resources of each network device.
Optionally, the method for obtaining the approved code set includes:
each user inputs an original password through the cloud management platform;
the cloud management platform acquires each original password and a user MAC address corresponding to each original password;
and generating an approved code set according to each original code and each corresponding MAC address.
Optionally, the approving the password to be approved according to the approval password set recorded by the user includes:
matching the password to be approved with an approved password set;
if the matching is successful, determining that the approval is passed;
if the matching is not successful, the approval is determined to be failed.
The present specification also provides a method for managing a user access device, the method comprising:
receiving an original password input by a user;
acquiring the MAC of the user who inputs the original password;
generating a password to be approved according to the original password and the MAC, and sending the password to be approved to a cloud management platform;
and receiving an approval result sent by the cloud management platform, and releasing or rejecting the user according to the approval result.
Specifically, the approval result is that the cloud management platform receives a password to be approved, approves the password to be approved according to an approval password set in the cloud management platform, and generates an approval result;
Wherein the approval result includes a pass or a rejection.
This specification also provides a management device, a cloud management platform runs on the management device, and the management device includes:
the device comprises an acquisition device and a management device, wherein the acquisition device is used for acquiring a password to be approved sent by the managed device, and the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and the MAC address of the user;
the processing module is used for approving the password to be approved according to the approved password set recorded by the processing module;
a sending module, configured to notify the managed device to allow the user to pass if the approval passes, or notify the managed device to reject the user if the approval fails.
Optionally, the obtaining module is further configured to obtain an original password input by each user through the cloud management platform;
acquiring each original password and a user MAC address corresponding to each original password;
the processing module is further configured to generate an approved code set according to each original code and each corresponding MAC address.
Optionally, the processing module is specifically configured to match the password to be approved with an approved password set;
If the matching is successful, determining that the approval is passed;
if the matching is not successful, the approval is determined to be failed.
The present specification also provides a network device, including:
the receiving module is used for receiving an original password input by a user and the MAC of the user inputting the original password;
the processing module is used for generating a password to be approved according to the original password and the MAC and sending the password to be approved to a cloud management platform;
and the receiving module is also used for receiving the approval result sent by the cloud management platform and releasing or rejecting the user according to the approval result.
Optionally, the approval result includes a pass or a rejection.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic flowchart of a user accessing a network device according to an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a method for managing a ue according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating a method for managing a ue according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
At present, as shown in fig. 1, a flow of a user accessing a network device is as follows:
1. the network equipment is connected with the cloud end through a pipeline and is managed by a cloud management platform of the cloud end.
2. And the user logs in the cloud management platform.
3. And adding a general user to the PPSK function module.
4. And the cloud management platform generates a universal user password according to the rule configured by the user and returns a creation result.
5. And the cloud management platform issues the PPSK password to the network equipment in the current place.
6. And the network equipment returns the issued result to the cloud management platform.
7. Synchronizing a general user and a password in a place selected by the user;
8. the PPSK password is issued to the network equipment at the corresponding place;
9. each place returns an issuing result to the cloud management platform, and the cloud management platform modifies the password state according to the network equipment state and the issuing state;
10. the method comprises the steps that a network device without a synchronous password sends a data smoothing request to a cloud management platform after being online;
11. the cloud management platform returns the password data to the newly online network equipment;
12. connecting a network device with a user terminal, and inputting a password;
13. the network device establishes a connection with the terminal.
As can be seen from the above steps, after the PPSK password is generated, the cloud management platform passes the PPSK password to each network device, and then the user is unlikely to log in the network devices, thereby causing waste of storage resources on each network device.
An embodiment of the present specification provides a method for managing a user access device, where the method may be applied to a server running a cloud management platform, and as shown in fig. 2, the method includes:
s101, acquiring a password to be approved sent by a managed device, wherein the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and the MAC address of the user;
s102, authorizing the password to be authorized according to the authorized password set recorded by the user;
s103, if the authorization passes, notifying the managed device to allow the user, or if the authorization fails, notifying the managed device to reject the user.
In step S101, the password to be approved transmitted by the managed device is generated by the managed device according to the original password input by the user and the MAC address of the user, the managed device is managed by the cloud management platform, and the managed device transmits the password to be approved to the cloud management platform through the channel with the cloud management platform.
In this embodiment, the server running the cloud management platform stores an approved password set that can be considered as a PPSK password set that passes authentication, the PPSK password being generated from each original password and MAC address.
Specifically, an administrator (or a user) inputs an original password through the cloud management platform, and the cloud management platform acquires the original password input by the user, acquires the MAC address of the user inputting the original password, and approves the password set according to the original password and the MAC address.
After receiving the password to be approved sent by the network device, the cloud management platform acquires the original password and the MAC address in the password to be approved (for convenience of distinguishing, the original password and the MAC address in the password to be approved are subsequently referred to as a first original password and a first MAC address), and matches the first original password and the first MAC address by using the approved password set.
If the matching is successful, the approval is considered to be passed, and a release instruction can be sent to the network equipment.
If the match is unsuccessful, the approval is deemed to be failed, at which point an instruction to reject may be sent to the network device.
As can be seen from the foregoing embodiments, in this embodiment, the cloud management platform does not need to send the PPSK password to each network device (managed device), but when the user accesses the network device, the network device approves the cloud management platform, thereby completing the authentication.
An embodiment of the present specification further provides a method for managing a user access device, where the method is applied to a network device, and as shown in fig. 3, the method includes:
S201, receiving an original password input by a user;
s202, acquiring the MAC of the user inputting the original password;
s203, generating a password to be approved according to the original password and the MAC, and sending the password to be approved to a cloud management platform;
s204, receiving the approval result sent by the cloud management platform, and releasing or rejecting the user according to the approval result.
In this embodiment, the approval result is provided by the cloud management platform, and specifically, the cloud management platform receives the password to be approved, approves the password to be approved according to the approval password set in the cloud management platform, and generates an approval result, where the approval result may include release or denial.
An embodiment of the present specification further provides a management device, where a cloud management platform runs on the management device, and the management device includes:
the device comprises an acquisition device and a management device, wherein the acquisition device is used for acquiring a password to be approved sent by the managed device, and the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and the MAC address of the user;
the processing module is used for approving the password to be approved according to the approved password set recorded by the processing module;
A sending module, configured to notify the managed device to allow the user to pass if the approval passes, or notify the managed device to reject the user if the approval fails.
Optionally, the obtaining module is further configured to obtain an original password input by each user through the cloud management platform;
acquiring each original password and a user MAC address corresponding to each original password;
the processing module is further configured to generate an approved code set according to each original code and each corresponding MAC address.
Optionally, the processing module is specifically configured to match the password to be approved with an approved password set;
if the matching is successful, determining that the approval is passed;
if the matching is not successful, determining that the approval is not passed
An embodiment of the present specification further provides a network device, where the network device includes:
the receiving module is used for receiving an original password input by a user and the MAC of the user inputting the original password;
the processing module is used for generating a password to be approved according to the original password and the MAC and sending the password to be approved to a cloud management platform;
and the receiving module is also used for receiving the approval result sent by the cloud management platform and releasing or rejecting the user according to the approval result. The approval result includes a pass or a rejection.
The foregoing description of specific embodiments has been presented for purposes of illustration and description. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (10)

1. A method for managing user access equipment is applied to a cloud management platform, and comprises the following steps:
acquiring a password to be approved sent by a managed device, wherein the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and an MAC address of the user;
authorizing the password to be authorized according to the authorized password set recorded by the user;
if the authorization passes, informing the managed equipment to pass the user;
if the approval is not passed, the managed device is notified to reject the user.
2. The method of claim 1 wherein obtaining the approved cryptographic set comprises:
each user inputs an original password through the cloud management platform;
the cloud management platform acquires each original password and a user MAC address corresponding to each original password;
And generating an approved code set according to each original code and each corresponding MAC address.
3. The method of claim 1, wherein the authorizing the password to be authorized according to the authorized password set recorded by the user, specifically comprises:
matching the password to be approved with an approved password set;
if the matching is successful, determining that the approval is passed;
if the matching is not successful, the approval is determined to be failed.
4. A method of managing user access to a device, the method comprising:
receiving an original password input by a user;
acquiring the MAC of the user who inputs the original password;
generating a password to be approved according to the original password and the MAC, and sending the password to be approved to a cloud management platform;
and receiving an approval result sent by the cloud management platform, and releasing or rejecting the user according to the approval result.
5. The method according to claim 4, wherein said approval results include:
the cloud management platform receives the password to be approved, approves the password to be approved according to the approved password set in the cloud management platform and generates an approved result;
wherein the approval result includes a pass or a rejection.
6. A management device, wherein a cloud management platform runs on the management device, the management device comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring a password to be approved sent by a managed device, and the password to be approved is generated by the managed device according to an original password input when a user accesses the managed device and the MAC address of the user;
the processing module is used for approving the password to be approved according to the approved password set recorded by the processing module;
a sending module, configured to notify the managed device to allow the user to pass if the approval passes, or notify the managed device to reject the user if the approval fails.
7. The management device according to claim 6,
the acquisition module is also used for acquiring the original password input by each user through the cloud management platform;
acquiring each original password and a user MAC address corresponding to each original password;
the processing module is further configured to generate an approved code set according to each original code and each corresponding MAC address.
8. The management device according to claim 6,
the processing module is specifically used for matching the password to be approved with the approved password set;
If the matching is successful, determining that the approval is passed;
if the matching is not successful, the approval is determined to be failed.
9. A network device, characterized in that the network device comprises:
the receiving module is used for receiving an original password input by a user and the MAC of the user inputting the original password;
the processing module is used for generating a password to be approved according to the original password and the MAC and sending the password to be approved to a cloud management platform;
and the receiving module is also used for receiving the approval result sent by the cloud management platform and releasing or rejecting the user according to the approval result.
10. The network device of claim 9, wherein the approval result comprises a pass or a reject.
CN202011069819.5A 2020-09-30 2020-09-30 Method for managing user access equipment, management equipment and network equipment Active CN112311771B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011069819.5A CN112311771B (en) 2020-09-30 2020-09-30 Method for managing user access equipment, management equipment and network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011069819.5A CN112311771B (en) 2020-09-30 2020-09-30 Method for managing user access equipment, management equipment and network equipment

Publications (2)

Publication Number Publication Date
CN112311771A CN112311771A (en) 2021-02-02
CN112311771B true CN112311771B (en) 2022-05-24

Family

ID=74488215

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011069819.5A Active CN112311771B (en) 2020-09-30 2020-09-30 Method for managing user access equipment, management equipment and network equipment

Country Status (1)

Country Link
CN (1) CN112311771B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006129287A1 (en) * 2005-06-03 2006-12-07 Koninklijke Philips Electronics N.V. Method and devices for wireless network access management
US9674892B1 (en) * 2008-11-04 2017-06-06 Aerohive Networks, Inc. Exclusive preshared key authentication
CN107241184A (en) * 2017-06-13 2017-10-10 西北工业大学 Personal identification number generation and management method based on improvement AES
CN108306875A (en) * 2018-01-29 2018-07-20 新华三技术有限公司 A kind of method and device of control catv terminal access
CN108419237A (en) * 2014-12-31 2018-08-17 广东欧珀移动通信有限公司 A kind of connection method of wireless access point and wireless access point device, storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302369A (en) * 2015-06-11 2017-01-04 杭州海康威视数字技术股份有限公司 Long-range Activiation method, device and the remote activation system of a kind of network monitoring device
US11005836B2 (en) * 2016-06-14 2021-05-11 Extreme Networks, Inc. Seamless wireless device onboarding

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006129287A1 (en) * 2005-06-03 2006-12-07 Koninklijke Philips Electronics N.V. Method and devices for wireless network access management
US9674892B1 (en) * 2008-11-04 2017-06-06 Aerohive Networks, Inc. Exclusive preshared key authentication
CN108419237A (en) * 2014-12-31 2018-08-17 广东欧珀移动通信有限公司 A kind of connection method of wireless access point and wireless access point device, storage medium
CN107241184A (en) * 2017-06-13 2017-10-10 西北工业大学 Personal identification number generation and management method based on improvement AES
CN108306875A (en) * 2018-01-29 2018-07-20 新华三技术有限公司 A kind of method and device of control catv terminal access

Also Published As

Publication number Publication date
CN112311771A (en) 2021-02-02

Similar Documents

Publication Publication Date Title
CN102790674B (en) Auth method, equipment and system
CN102457507B (en) Cloud computing resources secure sharing method, Apparatus and system
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN110049048B (en) Data access method, equipment and readable medium for government affair public service
CN107086979B (en) User terminal verification login method and device
US8060464B2 (en) Data-centric distributed computing
CN110311895B (en) Session permission verification method and system based on identity authentication and electronic equipment
CN102868702A (en) System login device and system login method
CN106304264A (en) A kind of wireless network access method and device
CN107645474B (en) Method and device for logging in open platform
US10735423B2 (en) User authentication and authorization system for a mobile application
CN106888200B (en) Identification association method, information sending method and device
CN112311771B (en) Method for managing user access equipment, management equipment and network equipment
TW201907688A (en) Systems, devices, and methods for performing verification of communications received from one or more computing devices
CN106487776B (en) Method, network entity and system for protecting machine type communication equipment
KR20110063025A (en) System for managing service user information, method for acquiring and managing of service user information
KR20120019916A (en) The certification process server and the method for graphic otp certification
CN112367365A (en) Method and system for directionally pushing data
KR101879842B1 (en) User authentication method and system using one time password
CN103905203A (en) Single-point authentication method and device
KR102666687B1 (en) Operating server for providing a safe phone service using qr code without exposing personal information by granting a communication authority level according to nickname and its operation method
CN114978552B (en) Security management method, device, equipment and medium for mailbox verification code
CN110351302B (en) Bank account login method, equipment and storage medium
CN111767524B (en) Authority management method, device, system, server and medium
CN107888474A (en) A kind of method of controlling security and device for the interconnection of different instantaneous communication systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant