CN114079573B - Router access method and router - Google Patents
Router access method and router Download PDFInfo
- Publication number
- CN114079573B CN114079573B CN202010812342.9A CN202010812342A CN114079573B CN 114079573 B CN114079573 B CN 114079573B CN 202010812342 A CN202010812342 A CN 202010812342A CN 114079573 B CN114079573 B CN 114079573B
- Authority
- CN
- China
- Prior art keywords
- router
- verification instruction
- user side
- session request
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012795 verification Methods 0.000 claims abstract description 162
- 150000003839 salts Chemical class 0.000 claims description 25
- 238000004891 communication Methods 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims 9
- 230000008569 process Effects 0.000 description 10
- 230000003993 interaction Effects 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 235000013409 condiments Nutrition 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 241000282414 Homo sapiens Species 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a router access method and a router, wherein the method comprises the following steps: receiving a session request sent by a user terminal, wherein the session request comprises a verification instruction; determining whether the verification instruction is identical to the verification instruction stored in the router; if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request and returning an updated verification instruction to the user terminal, wherein the updated verification instruction is used for the user terminal to send the session request to the router next time. According to the router access method and the router, the difficulty that the session request sent by the user side is tampered is increased, the session request is effectively prevented from being counterfeited, and the security of the session between the user side and the router is guaranteed.
Description
Technical Field
The application relates to the technical field of the internet of things, in particular to a router access method and a router.
Background
The wave of the internet of things affects various aspects of society and life. The Internet of things solves the existing living problems by using an informatization technology for human beings. For example, a plurality of terminals generally exist in a modern household, such as hanging devices including a mobile phone, a tablet personal computer, a television, an air conditioner and the like, and the internet of things can solve the interconnection between objects and the data exchange between the objects, so that a user can interconnect the plurality of terminals in the modern household through the internet of things.
At present, in order to solve the problem of interconnection among the things in the internet of things and data exchange among the things, the internet is generally accessed based on an internet of things router when the internet of things is connected, and then information interaction such as access and control is realized through the internet of things router. For example, the equipment terminals such as the tablet personal computer, the television and the air conditioner are connected with the router server through the router of the internet of things, the mobile terminal controls the router of the internet of things through the mobile terminal APP (Application), adjusts or sets the parameters of the router of the internet of things, controls access or controls the access terminal through the router of the internet of things, and the like.
At present, a mobile terminal and a device terminal are generally connected with an internet of things router by adopting WIFI, and the current internet of things router is convenient for a user to use, the initialized configured WIFI password is often an administrator password of the internet of things router, and once the mobile terminal can be connected with the internet of things router, the management password of the internet of things router can be known. If the illegal user obtains the password by intercepting the interaction message between the mobile terminal and the router of the Internet of things, the safe operation of the router of the Internet of things and the access equipment terminal can be made without limitation.
Disclosure of Invention
The embodiment of the application provides a router access method and a router, and improves the security of router session of the Internet of things.
In a first aspect, the present application provides a router access method, the method including:
receiving a session request sent by a user terminal, wherein the session request comprises a verification instruction;
determining whether the verification instruction is identical to the verification instruction stored in the router;
if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request and returning an updated verification instruction to the user terminal, wherein the updated verification instruction is used for the user terminal to send the session request to the router next time.
In a second aspect, the present application provides a router, including a controller, where the controller is communicatively connected to a client;
the router is configured to:
receiving a session request sent by a user terminal, wherein the session request comprises a verification instruction;
determining whether the verification instruction is identical to the verification instruction stored in the router;
if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request and returning an updated verification instruction to the user terminal, wherein the updated verification instruction is used for the user terminal to send the session request to the router next time.
In the router access method and the router, a user side carries a verification instruction in a session request sent to the router, the router receives the session request sent by the user side, and the router verifies the authenticity and effectiveness of the session request by determining whether the verification instruction in the session request is identical with a verification instruction stored in the router; when the router determines that the verification instruction in the session request is the same as the verification instruction stored in the router, a session with the user terminal is established according to the session request, and the session is processed, so that the security of the session between the user terminal and the router is guaranteed to a certain extent. The router updates the verification instruction and returns the updated verification instruction to the user terminal, and the updated verification instruction is used in the next session request sent to the router by the user terminal, so that the verification instruction in the session request sent by the user terminal in the application is dynamically variable, the difficulty that the session request sent by the user terminal is tampered is increased, the falsification of the session request is effectively avoided, and further the security of the session between the user terminal and the router is guaranteed.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is an interaction timing diagram of a user terminal and a router according to an embodiment of the present application;
fig. 2 is a flow chart of a router access method according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The Internet of things related to the embodiment of the application comprises a router and a user side, wherein the user side is in communication connection with the router, and the Internet of things is provided with the communication connection router of the hanging equipment. The user terminal can be a mobile terminal provided with an APP, so in the use environment of the current router, the user terminal is generally connected with the router by using WIFI, and the router is exposed in dangerous environments because the WIFI signal is not affected by regional isolation, such as the dangerous substance networking router and the safe operation of the access equipment terminal can be made by illegal users without limitation.
In the embodiment of the application, in order to ensure the safety of the session between the user terminal and the router and avoid the session from being stolen, tampered and the like, the embodiment of the application provides a router access method. The router access method provided by the embodiment of the application relates to a user side and a router. Fig. 1 is a schematic diagram of an interaction timing diagram of a user side and a router according to an embodiment of the present application, where an APP is set on the user side, and is configured to implement interaction between the user side and the router by operating the APP. The number of clients may be more than one. As shown in fig. 1, the user terminal sends a session request to the router to establish a session between the user terminal and the router, thereby implementing user login, accessing the router, and the like.
Fig. 2 is a schematic flow chart of a router access method provided by an example of the present application, where the router access method provided by the embodiment of the present application is used for a router. As shown in fig. 2, a router access method provided in an embodiment of the present application includes:
s100: and receiving a session request sent by the user terminal, wherein the session request comprises a verification instruction.
When the user needs to log in, access the router and control the equipment hung down by the router, the user operates the user terminal to send a session request to the router. The session request in the embodiments of the present application thus includes a pre-authentication request, a login request, a request to modify a login password, etc.
In the embodiment of the application, the session request sent by the user side to the router includes a verification instruction. And when the router receives the session request sent by the user terminal, the authentication instruction can be obtained in the session request. For example, the router analyzes the received session request, and obtains the verification instruction carried in the session request from the received session request.
Alternatively, the verification instruction may be a string having a certain length, such as a random string generated by the user side or the router using time as a seed. When the user terminal sends a session request to the router for the first time, the verification instruction in the session request is generated by the user terminal. Further, in the embodiment of the present application, the verification instruction may include a string with a certain length, and may further include a plurality of strings with a certain length. For example, the verification instruction includes two character strings with a certain length, and the verification instruction includes a first password and a second password.
S200: and determining whether the verification instruction is identical to the verification instruction stored in the router.
In this embodiment of the present application, a verification instruction corresponding to a user is generally stored in a router, and when the router receives a session request sent by a user side and obtains the verification instruction in the session request, it is determined by comparing whether the verification instruction in the session request is the same as the verification instruction stored in the router, and verification is performed on the verification instruction. If the verification instruction in the session request is the same as the verification instruction stored in the router, the session between the router and the user terminal is established, the session request is processed, and the step S300 may be specifically executed. If the verification instruction in the session request is different from the verification instruction stored in the router, the session request can be considered as a fake request, and the router does not perform session processing.
If the verification instruction in the session request comprises a first password and a second password, comparing and determining the first password and the second password respectively, and only when the first password and the second password are the same as the passwords stored in the router respectively, considering that the verification instruction in the session request is the same as the verification instruction stored in the router.
In the embodiment of the application, if the user side sends a session request to the router for the first time, the verification instruction contained in the session request sent by the user side like the router is unlikely to be identical to the verification instruction stored in the router; or the router does not store the verification instruction corresponding to the user terminal. Further, when the router receives the session request sent by the user terminal, it is first determined whether the session request sent by the user terminal is the first time the user terminal sends the session request to the router; or firstly determining whether the router stores a verification instruction corresponding to the user terminal when the router receives the session request sent by the user terminal. When the session request sent by the user terminal is determined not to be sent to the router for the first time by the user, and when the router receives the session request sent by the user terminal, the authentication instruction corresponding to the user terminal is stored in the router, comparison is performed to determine whether the authentication instruction in the session request is identical to the authentication instruction stored in the router, and authentication instruction verification is performed.
S300: if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request and returning an updated verification instruction to the user terminal, wherein the updated verification instruction is used for the user terminal to send the session request to the router next time.
When the verification instruction in the session request is the same as the verification instruction stored in the router, the session request sent by the user side to the router is considered to be true and effective, the session between the router and the user side is established, the router processes according to the session request sent by the user side, and the processing result is returned to the user side. When the verification instruction in the session request is verified successfully, the router updates the verification instruction stored in the router, and returns the updated verification instruction to the user side together when the router returns a result or requests to the user side, so that the user side uses the updated verification instruction when sending the next session request, and therefore, when the user side sends the session request to the router next time, the verification instruction in the session request is the verification instruction returned to the user side by the router.
In the router access method provided by the embodiment of the application, a session request sent by a user side to a router carries a verification instruction, the router receives the session request sent by the user side, and the router verifies the authenticity and effectiveness of the session request by determining whether the verification instruction in the session request is identical to the verification instruction stored in the router; when the router determines that the verification instruction in the session request is the same as the verification instruction stored in the router, a session with the user terminal is established according to the session request, and the session is processed, so that the security of the session between the user terminal and the router is guaranteed to a certain extent. The router updates the verification instruction and returns the updated verification instruction to the user terminal, and the updated verification instruction is used in the next session request sent to the router by the user terminal, so that the verification instruction in the session request sent by the user terminal in the application is dynamically variable, the difficulty that the session request sent by the user terminal is tampered is increased, the falsification of the session request is effectively avoided, and further the security of the session between the user terminal and the router is guaranteed.
In the embodiment of the application, the session request sent to the router by the user terminal for the nth time further comprises the verification instruction returned by the router during the (N-1) -th session, so that the dynamic update of the verification instruction in the session process of the user terminal and the router can be realized. In the conventional session process between the user terminal and the router, session connection is maintained by using a fixed session (session control), and once a message is intercepted, the message may be falsified.
In the embodiment of the application, the session request between the user terminal and the router and the message returned to the user terminal by the router are packaged based on the RESTful framework. The RESTful framework is typically based on the use of HTTP, URI, and JSON, XML, and HTML, existing widely popular protocols and standards. By using RESTful architecture, interaction between the client and the application end can be abstracted into json messages, the interaction amount of information is reduced, all parameters in the router are abstracted into resources, each resource defines 'adding', 'deleting', 'changing', 'searching', direct operation is performed by using URL, data and business are separated, the router end can be respectively designed by the client, coupling is reduced, the client can integrally entrust third party development, and development cost is greatly reduced.
In the embodiment of the application, the router generates the random character string by taking time as a seed, takes the random character string as an initial verification instruction, and further returns the initial verification instruction to the user side when the user side sends the session request to the router for the first time, and the user side takes the initial verification instruction as a verification instruction used when the user side sends the session request to the router for the second time. The verification instruction generated by the subsequent router updating can be obtained through MD5 iteration based on the initial verification instruction, and the similar router updating verification instruction can be obtained through MD5 iteration based on the last returned verification instruction, for example, the verification instruction returned by the Nth time can be obtained through MD5 iteration based on the N-1 th returned verification instruction, and N is more than 2.
In the embodiment of the application, in order to ensure the security in the user login process, when the user side sends a session request to the router to perform pre-authentication, the session request sent by the user side returns a request to the user side through the pre-authentication verification router; when the user receives the return request of the router, the user sends a session request to the router to authenticate, the user login password is verified, and when the login password is verified successfully, the user successfully logs in the router.
In order to further ensure the security in the user login process, when the user logs in, the interaction between the user side and the router is optional: the user terminal sends a session request for pre-authentication to the router, the router verifies a verification instruction in the session request for pre-authentication, establishes a session between the router and the user terminal after verification is successful, and returns updated verification instructions, password iteration times and a salt value to the user terminal, wherein the password iteration times and the salt value are used for calculating a login password hash value when the user terminal sends the session request for user login to the router in the authentication process.
In the embodiment of the application, when a user logs in, a user side sends a session request for user login to a router, a login password is not directly used in the session request, but a login password hash value obtained after calculation processing according to the password iteration times and the salt value is used. The salt value is randomly generated by the router, and when a user provides a password for the first time (usually at registration), the router automatically sprinkles some 'condiments' into the password, and then hashes the specific content of the password to obtain a login password hash value, wherein the 'condiments' are the salt values. The router returns the salt value to the corresponding user terminal, and the specific salt value is only known by the router and the corresponding user terminal. When a user logs in, the user side sends a login password hash value processed together with the salt value to the router, and compared with a login password hash value obtained by directly using the login password or directly hashing the password, an illegal user can hardly find the user with the login password through the password and the generated hash value. The router usually returns different salt values to different clients, so that even if two users use the same password, the hash values of the login passwords of the two users are different due to the fact that the salt values given to the two users by the router are different, and thus an illegal user can hardly find out the user with the specific login password through the own password and the hash value generated by the illegal user.
The router receives a login request sent by a user side, acquires a login password hash value in the login request, calculates and acquires a target login password hash value according to the login password, the password iteration number and the salt value stored in the router, and compares the login password hash value acquired from the login request with the target login password hash value acquired by the router. If the login password hash value obtained in the login request is consistent with the target login password hash value obtained by the router through calculation, the user side passes the verification, and the user side can login the router; if the login password hash value obtained in the login request is inconsistent with the target login password hash value obtained by the router through calculation, the user side fails to pass verification, and the user side cannot login to the router.
In the embodiment of the application, a user side uses a salt value as a parameter and an HMAC-SHA1 algorithm calculates and obtains a login password hash value according to password iteration times; the router calculates and obtains a target login password hash value based on the HMAC-SHA1 algorithm according to the login password, the password iteration times and the salt value stored in the router.
Assuming that a user logs in a router at a certain moment, a user terminal sends a session request for pre-authentication to the router, the router receives the session request sent by the user terminal, and a message of the session request is as follows:
wherein,
"csrf_param":"dee767f49e1cf1ddd63e3bbe57489542"
"csrf_token":"0291780fc2a3c2e19b477eeac51a4dee"
to validate instructions.
If the router stores the verification instruction which is the same as the verification instruction corresponding to the user side, the verification instruction passes the verification, otherwise, the verification instruction fails the verification. When the verification instruction passes, the router updates the verification instruction and returns the updated verification instruction to the user side.
However, if the session request is a session request sent by the ue to the router for the first time, the verification command will not be verified successfully, so when the router knows that the session request is a session request sent by the ue to the router for the first time, the router returns the verification command to the ue.
The message returned from the router to the user terminal is as follows:
wherein:
"csrf_param":"81145517f4fafde4ade30b01762b7b0b"
"csrf_token":"a64a428fd9be6834454c329fec0177b8"
is the updated verification instruction. When the user side sends a session request for authentication to the router, the authentication instruction in the session request will use the authentication instruction.
"iterations":1000,
"salt":"81145517f4fafde4ade30b01762b7b0b"
The number of password iterations and the salt value are respectively given to the router.
The user terminal sends a session request of user authentication to the router, and the specific message is as follows:
wherein:
"clientproof" 2ebbf5c7f00dd2f1c2b63a6af0fa9dc7588f37e4dacf33cc53b135437246f1da "is a login password hash value obtained after the user side calculates and processes according to the received password iteration times and the salt value.
When the router receives the session request for authentication, the router calculates and obtains a target login password hash value according to the login password stored in the router, the password iteration times and the salt value, and the router compares and calculates and obtains the target login password hash value with the login password hash value obtained from the session request. When the comparison calculation obtains that the target login password hash value is consistent with the login password hash value obtained from the session request, the verification of the session request for authentication sent by the user terminal is passed.
If the verification of the session request for authentication at the user side passes, the user side successfully logs in, if the user operates the user side to carry out login password resetting, the user side sends the session request for login password resetting to the router, the router receives the session request for login password resetting and returns an encrypted public key, a signature and a signature verification to the user side according to the session request, and the encrypted public key, signature and signature verification are used for sending a message for changing the login password to the user side and are used for ensuring the session security between the user side and the router when the password is changed.
For example, the message returned by the router to the client is as follows:
wherein: public keys are "rsae" and "rsan", signature is "rsapukeysignatus", and verification signature is "serversignature".
Optionally, in the embodiment of the present application, the router uses an RSA encryption algorithm to encrypt and calculate the public key, the signature, and the signature verification. The RSA encryption algorithm is used for increasing the decoding difficulty in the password setting process, and further guaranteeing the session security in the login password setting process. In addition, in the session process between the user end and the router, if a certain segment of message needs to be encrypted as a whole, a field enc and the like can be added in the Content-Type header of the message.
Based on the router access method provided by the embodiment of the application, the embodiment of the application also provides a router. The router provided by the embodiment of the application comprises a controller, wherein the controller is in communication connection with a user side; the controller is configured to:
receiving a session request sent by the user side, wherein the session request comprises a verification instruction;
determining whether the verification instruction is identical to the verification instruction stored in the router;
if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request and returning an updated verification instruction to the user terminal, wherein the updated verification instruction is used for the user terminal to send the session request to the router next time.
The specific implementation and effect of the router provided by the embodiment of the application can be seen from the router access method provided by the embodiment of the application.
Finally, it should be noted that: in the embodiment, the progressive description is adopted, and different parts can be mutually referred; in addition, the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (8)
1. A router access method for a router, the method comprising:
receiving a session request sent by a user terminal, wherein the session request comprises a verification instruction, and the session request is used for establishing a session between the user terminal and the router;
determining whether the verification instruction is identical to the verification instruction stored in the router;
if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request;
returning updated verification instructions, password iteration times and salt values to the user side based on the session; the updated verification instruction is obtained through iteratively updating the verification instruction in the session request, the updated verification instruction is used for the user side to send the session request to the router next time, and the returned password iteration times and the salt value are used for the user side to calculate a login password hash value when logging in the router;
if a login request sent by the user side is received, the login request comprises a login password hash value;
calculating to obtain a target login password hash value according to the login password stored in the router, the password iteration times and the salt value;
comparing whether the login password hash value is consistent with the target login password hash value;
and if the login password hash value is consistent with the target login password hash value, enabling the user side to log in the router.
2. The method of claim 1, wherein prior to determining whether the validation instruction is the same as the validation instruction stored within the router, the method further comprises:
determining whether a verification instruction corresponding to the user side is stored in the router, wherein the user side randomly generates the verification instruction when the user side requests a router session for the first time;
if the router does not have the verification instruction corresponding to the user side, generating a verification instruction and returning the verification instruction to the user side, wherein the verification instruction is used for the user side to send a session request to the router next time.
3. The method of claim 1, wherein after determining whether the validation instruction is the same as the validation instruction stored within the router, the method further comprises:
if the verification instruction is different from the verification instruction stored in the router, determining whether the session request sent by the user terminal is a first session request sent by the user terminal to the router, wherein the verification instruction in the first session request is a verification instruction randomly generated by the user terminal;
generating a verification instruction and returning the verification instruction to the user side, wherein the verification instruction is used for the user side to send a session request to the router next time.
4. The method according to claim 1, wherein the method further comprises:
if a request for changing the login password sent by the user terminal is received;
and returning the encrypted public key, signature and verification signature to the user side so that the user side sends a message for changing the login password according to the public key, signature and verification signature.
5. The method of claim 1, wherein the validation instruction includes a first password and a second password to determine whether the validation instruction is the same as the validation instruction stored within the router, comprising:
correspondingly determining whether the first password and the second password of the verification instruction are the same as the first password and the second password of the verification instruction stored in the router;
the method further comprises the step of iteratively obtaining updated verification instructions according to the verification instructions stored in the router before updating, wherein the verification instructions comprise a first password and a second password.
6. The method of claim 2, wherein generating a validation instruction and returning the validation instruction to the client comprises:
generating a verification instruction by taking the time of receiving the session request sent by the user side as a seed, and returning the verification instruction to the user side.
7. The method according to claim 1, wherein the user side uses the salt value as a parameter and calculates to obtain the login password hash value according to the password iteration number based on HMAC-SHA1 algorithm; the router calculates and obtains a target login password hash value based on an HMAC-SHA1 algorithm according to the login password, the password iteration times and the salt value stored in the router.
8. The router is characterized by comprising a controller, wherein the controller is in communication connection with a user side;
the router is configured to:
receiving a session request sent by the user side, wherein the session request comprises a verification instruction, and the session request is used for establishing a session between the user side and the router;
determining whether the verification instruction is identical to the verification instruction stored in the router;
if the verification instruction is the same as the verification instruction stored in the router, establishing a session with the user terminal according to the session request;
returning updated verification instructions, password iteration times and salt values to the user side based on the session; the updated verification instruction is obtained through iteratively updating the verification instruction in the session request, the updated verification instruction is used for the user side to send the session request to the router next time, and the returned password iteration times and the salt value are used for the user side to calculate a login password hash value when logging in the router;
if a login request sent by the user side is received, the login request comprises a login password hash value;
calculating to obtain a target login password hash value according to the login password stored in the router, the password iteration times and the salt value;
comparing whether the login password hash value is consistent with the target login password hash value;
and if the login password hash value is consistent with the target login password hash value, enabling the user side to log in the router.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010812342.9A CN114079573B (en) | 2020-08-13 | 2020-08-13 | Router access method and router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010812342.9A CN114079573B (en) | 2020-08-13 | 2020-08-13 | Router access method and router |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114079573A CN114079573A (en) | 2022-02-22 |
| CN114079573B true CN114079573B (en) | 2024-03-29 |
Family
ID=80280634
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010812342.9A Active CN114079573B (en) | 2020-08-13 | 2020-08-13 | Router access method and router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114079573B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512784A (en) * | 2018-06-21 | 2018-09-07 | 珠海宏桥高科技有限公司 | Authentication method based on gateway routing forwarding |
| CN110933078A (en) * | 2019-11-29 | 2020-03-27 | 交通银行股份有限公司 | H5 unregistered user session tracking method |
| CN110969727A (en) * | 2018-09-30 | 2020-04-07 | 奇酷互联网络科技(深圳)有限公司 | Method for controlling intelligent door lock, mobile terminal and computer readable storage medium |
| CN111431844A (en) * | 2019-04-23 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | Authority authentication method and device |
-
2020
- 2020-08-13 CN CN202010812342.9A patent/CN114079573B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512784A (en) * | 2018-06-21 | 2018-09-07 | 珠海宏桥高科技有限公司 | Authentication method based on gateway routing forwarding |
| CN110969727A (en) * | 2018-09-30 | 2020-04-07 | 奇酷互联网络科技(深圳)有限公司 | Method for controlling intelligent door lock, mobile terminal and computer readable storage medium |
| CN111431844A (en) * | 2019-04-23 | 2020-07-17 | 杭州海康威视数字技术股份有限公司 | Authority authentication method and device |
| CN110933078A (en) * | 2019-11-29 | 2020-03-27 | 交通银行股份有限公司 | H5 unregistered user session tracking method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114079573A (en) | 2022-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2022262078A1 (en) | Access control method based on zero-trust security, and device and storage medium | |
| JP6625211B2 (en) | Key exchange through partially trusted third parties | |
| US10637855B2 (en) | Enhanced authentication for secure communications | |
| RU2307391C2 (en) | Method for remote changing of communication password | |
| KR102549272B1 (en) | Method and Apparatus for Authenticated Key Exchange Using Password and Identity-based Signature | |
| US8812838B2 (en) | Configuring a valid duration period for a digital certificate | |
| KR101486782B1 (en) | One-time password authentication with infinite nested hash chains | |
| US20180181756A1 (en) | Host attestation | |
| WO2019085531A1 (en) | Method and device for network connection authentication | |
| JP6896940B2 (en) | Symmetrical mutual authentication method between the first application and the second application | |
| US20120284506A1 (en) | Methods and apparatus for preventing crimeware attacks | |
| US20100100950A1 (en) | Context-based adaptive authentication for data and services access in a network | |
| US11463431B2 (en) | System and method for public API authentication | |
| WO2015007231A1 (en) | Method and device for identification of malicious url | |
| JP2004173285A (en) | Secure processing of client credentials used for web-based access to resource | |
| Kaur et al. | A Secure Two‐Factor Authentication Framework in Cloud Computing | |
| TW200810488A (en) | Policy driven, credential delegation for single sign on and secure access to network resources | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| US10348701B2 (en) | Protecting clients from open redirect security vulnerabilities in web applications | |
| US20150058980A1 (en) | Methods and Apparatuses for Avoiding Damage in Network Attacks | |
| Huang et al. | A token-based user authentication mechanism for data exchange in RESTful API | |
| CN112468442A (en) | Double-factor authentication method and device, computer equipment and storage medium | |
| US10791119B1 (en) | Methods for temporal password injection and devices thereof | |
| WO2023279782A1 (en) | Access control method, access control system and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |