[go: up one dir, main page]

CN119728203A - Device access method, communication system, electronic device, storage medium and program product - Google Patents

Device access method, communication system, electronic device, storage medium and program product Download PDF

Info

Publication number
CN119728203A
CN119728203A CN202411830705.6A CN202411830705A CN119728203A CN 119728203 A CN119728203 A CN 119728203A CN 202411830705 A CN202411830705 A CN 202411830705A CN 119728203 A CN119728203 A CN 119728203A
Authority
CN
China
Prior art keywords
cloud
access
verification code
equipment
intranet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411830705.6A
Other languages
Chinese (zh)
Inventor
邢彦龙
肖国颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202411830705.6A priority Critical patent/CN119728203A/en
Publication of CN119728203A publication Critical patent/CN119728203A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a device access method, a communication system, electronic equipment, a storage medium and a program product, and relates to the technical field of communication. According to the scheme, communication between the intranet security equipment and the cloud end is achieved through the relay equipment, cloud on the intranet security equipment can be achieved on the basis of the MQTT protocol, and communication data between the intranet security equipment and the cloud end conform to relevant specifications of the MQTT protocol, so that safety and stability of data communication are guaranteed. And when the intranet safety equipment is accessed into the cloud, the relay equipment can send the access verification code and equipment information of the intranet safety equipment to the cloud for verification, and after the verification is passed, a communication channel between the cloud and the intranet safety equipment can be constructed, so that the intranet safety equipment can be safely verified, and the safety of subsequent communication is ensured.

Description

Device access method, communication system, electronic device, storage medium, and program product
Technical Field
The present application relates to the field of communications technologies, and in particular, to a device access method, a communications system, an electronic device, a storage medium, and a program product.
Background
Along with the increasing demands of enterprises for digital transformation, cloud services meet the demands of the enterprises for efficient and convenient services with the advantages of flexibility, expandability, cost effectiveness and the like.
However, due to the specificity of the security industry, an intranet isolation environment often exists, a service area cannot directly communicate with an extranet cloud service end, and a pure cloud scheme is limited by a network environment, so that the adoption of a relay method becomes a key for solving cloud on an intranet. However, in this manner, the intranet security device may be directly connected to the cloud through the relay, so that the intranet security device cannot be guaranteed to enjoy the security of the cloud service.
Disclosure of Invention
An embodiment of the application aims to provide a device access method, a communication system, electronic devices, a storage medium and a program product, which are used for solving the problem that the existing mode cannot ensure the safety of enjoying cloud service by intranet safety devices.
In a first aspect, an embodiment of the present application provides a device access method, applied to a relay device, where the method includes:
acquiring a first access request of an intranet security device, wherein the access request comprises a first access verification code and first device information of the intranet security device;
And under the condition that the relay equipment is in a cloud service mode, sending the first access request to a cloud end to request the cloud end to verify the first access verification code and the first equipment information, and after verification is passed, establishing a communication channel between the intranet security equipment and the cloud end.
In the implementation process, when the intranet security equipment is accessed to the cloud, the relay equipment can send the access verification code and equipment information of the intranet security equipment to the cloud for verification, and after the verification is passed, a communication channel between the cloud and the intranet security equipment can be constructed, so that the intranet security equipment can be safely verified, and the safety of subsequent communication is ensured.
Optionally, before the sending the access request to the cloud end, the method further includes:
Judging whether the relay equipment is connected to the cloud end or not;
If not, a second access request is sent to the cloud, wherein the second access request comprises a second access verification code and second equipment information of the relay equipment, so that the cloud is requested to verify the second access verification code and the second equipment information, and after verification is passed, a communication channel between the relay equipment and the cloud is created.
In the implementation process, the security verification is also performed when the relay device is accessed to the cloud, so that the security of communication between the relay device and the cloud can be ensured.
Optionally, after the sending the first access request to the cloud end, the method further includes:
And receiving a target verification code sent by the cloud, wherein the target verification code is generated at least based on the first equipment information, and the target verification code is used as an access verification code when the intranet security equipment is accessed to the cloud subsequently.
In the implementation process, after the intranet security equipment is accessed to the cloud, the cloud can resend a new target verification code to the intranet security equipment for use when the subsequent intranet security equipment is accessed to the cloud, so that the security problem caused by leakage of the initial access verification code can be avoided.
Optionally, the first access verification code and the second access verification code are generated by the cloud, the first access verification code and the second access verification code are configured with effective time, the first access verification code and the second access verification code are effective within the effective time, and the cloud is used for verifying the validity of the first access verification code and the second access verification code.
In the implementation process, the corresponding effective time length is configured for the access verification code, so that the access verification code is effective in the effective time length and fails after the effective time length is over, the access safety of the intranet safety equipment can be ensured, and the problem that the access verification code is illegally used due to leakage is avoided.
Optionally, the communication channel is constructed based on an MQTT protocol, and data transmission between the intranet security device and the cloud end follows the MQTT protocol. Because the MQTT protocol supports TLS/SSL encryption, the safety of communication data between the cloud and the intranet safety equipment can be ensured, and the data is prevented from being tampered or stolen.
Optionally, after the obtaining the first access request of the intranet security device, the method further includes:
under the condition that the relay equipment is in an off-network mode, verifying the first access verification code and the first equipment information;
And after the verification is passed, a communication channel between the intranet security equipment and the relay equipment is created.
In the implementation process, when the relay device is in the off-network mode, the relay device verifies the access of the intranet, so that the safety of intranet communication can be ensured.
In a second aspect, an embodiment of the present application provides a communication system, where the communication system includes an intranet security device, a relay device, and a cloud end, where a communication channel between the intranet security device and the relay device, and between the relay device and the cloud end conform to relevant specifications of an MQTT protocol, and the communication channel between the intranet security device and the cloud end is constructed after being accessed by the above device access method;
The relay device, the intranet security device and the cloud end are used for verifying the normalization of the received communication data.
In the implementation process, communication between the intranet security equipment and the cloud end is realized through the relay equipment, cloud end of the intranet security equipment can be realized on the basis of the MQTT protocol, and communication data between the intranet security equipment and the cloud end follow relevant specifications of the MQTT protocol so as to ensure safety and stability of data communication.
Optionally, the related specification includes at least one of a device access specification, a device file transmission specification, a log file transmission specification, a custom data transmission specification, an instruction issue specification, a device basic information reporting specification, a device authorization information specification, a rule base upgrading specification, and an inter-device communication specification. Communication among intranet security equipment, relay equipment and cloud is restricted by defining the specifications, so that the safety of communication is improved.
Optionally, the number of the relay devices is multiple, and the multiple relay devices form a cascade mode to realize communication between the intranet security device and the cloud. Thus, the cloud situation of the intranet equipment in a more complex network environment can be dealt with.
In a third aspect, an embodiment of the application provides an electronic device comprising a processor and a memory storing computer readable instructions which, when executed by the processor, perform the steps of the method as provided in the first or second aspects above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method as provided in the first or second aspects above.
In a fifth aspect, embodiments of the present application provide a computer program product comprising computer program instructions which, when read and executed by a processor, perform the steps of the method as provided in the first or second aspects above.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;
fig. 2 is a flowchart of a device access method according to an embodiment of the present application;
Fig. 3 is a flowchart of an intranet relay sub-process provided in an embodiment of the present application;
fig. 4 is a flowchart of cloud access according to an embodiment of the present application;
fig. 5 is a schematic diagram of a cascading mode of a relay device according to an embodiment of the present application;
fig. 6 is a flowchart of a device communication method according to an embodiment of the present application;
fig. 7 is a block diagram of a device access apparatus according to an embodiment of the present application;
fig. 8 is a block diagram of a device communication apparatus according to an embodiment of the present application;
Fig. 9 is a schematic structural diagram of an electronic device for executing a device access method or a device communication method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be noted that the terms "system" and "network" in embodiments of the present invention may be used interchangeably. "plurality" means two or more, and "plurality" may also be understood as "at least two" in this embodiment of the present invention. "and/or" describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate that there are three cases of a alone, a and B together, and B alone. The character "/", unless otherwise specified, generally indicates that the associated object is an "or" relationship.
It should be further noted that, in the present application, all actions of acquiring signals, information or data are performed under the condition of conforming to the corresponding data protection rule policy of the country of the location and obtaining the authorization given by the owner of the corresponding device.
The embodiment of the application provides a device access method, which is applied to relay devices, and is characterized in that an access request of an intranet security device is obtained, and then the access request is sent to a cloud end in a cloud service mode, so that the cloud end can verify the access request and device information of the intranet security device, and a communication channel between the cloud end and the intranet security device can be constructed after verification is passed, so that the intranet security device can be safely verified, and the safety of subsequent communication is ensured.
The device access method may be described below with reference to fig. 1, fig. 1 is a schematic structural diagram of a communication system 10 provided by an embodiment of the present application, where the communication system 10 includes an intranet security device 11, a relay device 12, and a cloud 13, a communication channel between the intranet security device 11 and the relay device 12, and a communication channel between the relay device 12 and the cloud 13 follow relevant specifications of a message queue telemetry transport (Message Queuing Telemetry Transport, MQTT) protocol, and the communication channel between the intranet security device 11 and the cloud 13 is constructed after being accessed by the device access method of the present application;
the relay device 12, the intranet security device 11 and the cloud 13 are used for verifying the normalization of the received communication data.
The MQTT protocol is a "lightweight" message protocol based on the publish/subscribe paradigm, which builds on the TCP/IP protocol. The MQTT protocol can be based on the specification of the access of the security device, describing the transmission data format, MQTT Topic (the Topic of MQTT subscription/release) specification and the like.
The MQTT protocol adopts TLS/SSL security protocol encryption, and network communication is protected from eavesdropping and tampering by using an encryption algorithm, so that the security of data transmission is ensured, and the data interaction of the intranet security device 11 and the cloud 13 conforms to the standard security of the MQTT protocol.
In addition, in the MQTT protocol, the intranet security device 11 and the cloud 13 may perform bidirectional authentication by using certificates, so as to ensure the credibility of the intranet security device 11, and both parties have a pair of public key and private key.
The data transmission service quality in the MQTT protocol is Qos2, so that the reliability of data transmission is ensured.
The data transmitted by the communication channel based on the MQTT protocol can be transmitted by adopting Protocol Buffers (v 3) data format, so that the transmission quantity is effectively reduced (90% compared with json and binary space after serialization), and the structural platform independence is applicable.
It can be appreciated that the communication channel between the relay device 12 and the cloud 13 can be constructed by adopting the MQTT protocol, and the communication specifications are kept consistent.
The related specifications of the MQTT protocol comprise at least one of equipment access specifications, equipment file transmission specifications, log file transmission specifications, custom data transmission specifications, instruction issuing specifications, equipment basic information reporting specifications, equipment authorization information specifications, rule base upgrading specifications and inter-equipment communication specifications. Communication among intranet security equipment, relay equipment and cloud is restricted by defining the specifications, so that the safety of communication is improved.
(1) The device access specification relates to MQTT Topic naming, and the device registers the sent structural data and the structural data of success or failure of admission.
(2) Device file transfer specifications, relating to MQTT Topic naming, file fragmentation specifications, file initiation upload or download specifications, and so forth.
(3) The log file transfer specification relates to MQTT Topic naming, log compression upload specification, log single specification, log structure compliance Syslog, and the like.
(4) The custom data transmission specification relates to MQTT Topic naming, and is divided into an asynchronous data transmission structure specification and a synchronous request and response data structure specification.
(5) Instruction issue specification relates to MQTT Topic naming, instruction data structure specification, data structure of instruction execution response.
(6) The device basic information reporting specification relates to MQTT Topic naming, basic information data structure specification, heartbeat data structure specification and the like.
(7) The device authorization information specification relates to MQTT Topic naming, authorization basic information reporting specification and authorization file downloading specification.
(8) Rule base upgrading specification relates to MQTT Topic naming, checking whether the rule base has upgrading, rule base file downloading and other specifications.
(9) Inter-device communication specifications relate to MQTT Topic naming, inter-device request structures (including synchronous and asynchronous transfer modes), device discovery, and other specifications.
The specific implementation of the above various specifications can be flexibly set according to actual conditions, and after the relevant specifications are prepared, the MQTT protocol can be deployed for data communication, so that the additional setting for the relevant requirements of the data communication is not required, and the data communication can be realized only according to the relevant specifications of the MQTT protocol.
The intranet security device 11, the relay device 12 and the cloud 13 can verify the normalization of the received communication data, and the verification mode is to detect whether the received data meets the above-mentioned requirement, if yes, the received data is considered accurate, the subsequent response can be continued, if not, the received data is considered to be wrong, and corresponding error prompt information can be returned, so that the security of data transmission can be ensured.
In the implementation process, communication between the intranet security equipment and the cloud end is realized through the relay equipment, cloud end of the intranet security equipment can be realized on the basis of the MQTT protocol, and communication data between the intranet security equipment and the cloud end follow relevant specifications of the MQTT protocol so as to ensure safety and stability of data communication.
In some embodiments, in order to cope with a complex network environment, the number of relay devices may be multiple, and the multiple relay devices may form a cascade mode, so as to realize communication between an intranet security device and a cloud, for example, a security device in a certain intranet needs to span multiple relay devices to communicate with the cloud, and cascade devices in a multi-layer network environment, so that interconnection and cloud up of devices in different levels can be realized.
Referring to fig. 2, fig. 2 is a flowchart of a device access method according to an embodiment of the present application, where the method includes the following steps:
step S110, a first access request of the intranet security equipment is obtained.
The intranet security device is a security device which cannot be directly connected to the internet to realize cloud service linkage, but has urgent demands for network security energization. The intranet security equipment is deployed in an isolated intranet environment, and can be any equipment needing to realize cloud service linkage, and can perform functions of internet surfing behavior management, missing scanning, log audit, database audit, fort, and the like.
In order to ensure the safety of the internal network, the cloud service is bridged by the relay equipment in the scheme, so that the relay equipment not only ensures the safety of the internal network, but also can realize seamless linkage with the cloud.
When the intranet security equipment needs to be accessed to the cloud, an access request, namely a first access request, is initiated, the first access request firstly reaches the relay equipment, and the first access request comprises a first access verification code and first equipment information of the intranet security equipment.
The first access verification code is used for access verification, the first access verification code can be applied by a user to the cloud end, when the user applies for the verification code, the cloud end can generate an access verification code for the user, and when the intranet security equipment needs cloud access, the user can upload the access verification code obtained from the cloud end to the intranet security equipment, so that the intranet security equipment can use the access verification code for access.
It can be understood that the access verification code applied by the user can be used for a plurality of intranet security devices, or can be used for only one content device, for example, when the user applies for the access verification code at the cloud end, the device information of the intranet security device which needs to be accessed to the cloud end is input, so that the cloud end can generate the access verification code according to the device information of the intranet security device, and the access verification code can be a random code or a hash value generated according to the device information, and the like.
The device information of the intranet security device may include information such as an IP address, a MAC address, a device identifier, and the like of the intranet security device.
Step S120, under the condition that the relay equipment is in a cloud service mode, a first access request is sent to the cloud end to request the cloud end to verify the first access verification code and the first equipment information, and after verification is passed, a communication channel between the intranet security equipment and the cloud end is created.
The relay equipment can have multiple service modes, including a cloud service mode, an off-network mode and a cascading mode, wherein the cloud service mode is to adopt the relay equipment to rapidly open a network channel between cloud service and an intranet, a business system can only perform network communication with the relay equipment in an external network isolation area, the relay equipment can realize data forwarding to a cloud end, the safety in a business area is ensured, the intranet safety equipment accessed to the relay equipment can be independently managed in the off-network mode to realize interconnection of the cross-network equipment, but service provided by the cloud end cannot be used, and in the cascading mode, cascading of multiple relay equipment can be realized, the business system can be applied to complex intranet environments, and equipment can be cascaded in the multi-layer network environment to realize interconnection and cloud-up of equipment at different levels.
In the cascade mode, a plurality of relay devices are formed in cascade, so that the relay devices can be in an off-network mode or a cloud service mode, and the configuration of each relay device can be seen.
In some embodiments, the mode of the relay device may be manually configured according to the requirement, or the relay device selects the mode by itself, for example, the first access request of the intranet security device further carries a destination address, if the destination address is a cloud address, the relay device may know that the intranet security device wants to access the cloud after receiving the first access request, then may switch the mode to a cloud service mode, and then implement cloud access, and if the first access request carries the addresses of other intranet security devices in the intranet or the addresses of the relay device, the relay device may determine that the relay device does not access the cloud, may switch the mode to an off-network mode, and then implement intranet access.
In some embodiments, when the cloud end verifies the first access verification code and the first device information, the cloud end can verify the accuracy of the first access verification code, for example, the first access verification code is applied from the cloud end by the user, so that the cloud end can verify whether the first access verification code is wrong or not, and if the first access verification code is wrong, the verification is passed. The cloud end can verify the accuracy of the first device information, for example, whether the information such as the IP address and the MAC address is effective address information or not can be verified, and if the information is effective, the verification is passed. Or if the first access verification code is applied by the user at the cloud end and the cloud end is generated according to the equipment information of the intranet security equipment, at the moment, when the cloud end is verifying, the first access verification code can be generated according to the first equipment information, then the first access verification code is compared with the first access verification code, and if the comparison is consistent, the verification is considered to be passed, so that the problem that the access verification code is leaked and illegally used by other equipment can be avoided.
After the cloud passes the first access verification code and the first device information verification, a communication channel between the intranet security device and the cloud can be established, wherein the communication channel is essentially a communication channel between the cloud and the relay device, and between the relay device and the intranet security device, and only the intranet security device does not sense the relay device, but senses to directly communicate with the cloud. The integrated cloud service mode not only enhances the safety of the intranet safety equipment, but also improves the operation efficiency and reliability of the intranet safety equipment.
Thus, the intranet safety equipment can communicate with the cloud through the constructed communication channel, and the cloud can perform safety enabling and other operations on the intranet safety equipment.
For example, the cloud can provide real-time security update and maintenance for the intranet security equipment, including rule base (information base, virus base, etc.) update, security business hosting service (security situation analysis and risk blocking are realized by utilizing the advantages of the cloud), expert service (expert research, judgment and analysis capability are provided by the cloud), and customized security policy and optimization measures can be provided according to the specific requirements of the intranet security equipment, so that different cloud service experiences can be brought on the premise of ensuring the intranet security of a client.
In the implementation process, when the intranet security equipment is accessed to the cloud, the relay equipment can send the access verification code and equipment information of the intranet security equipment to the cloud for verification, and after the verification is passed, a communication channel between the cloud and the intranet security equipment can be constructed, so that the intranet security equipment can be safely verified, and the safety of subsequent communication is ensured. By the method, even if the intranet safety equipment cannot directly access the external network, the intranet safety equipment can safely communicate and exchange data with the cloud.
Based on the above embodiment, before the relay device sends the access request to the cloud, the relay device may further determine whether to access the cloud, if not, send a second access request to the cloud, where the second access request includes a second access verification code and second device information of the relay device, so as to request the cloud to verify the second access verification code and the second device information, and create a communication channel between the relay device and the cloud after verification is passed.
In the method, after receiving the first access request, the relay device can firstly judge whether communication with the cloud end is established, if not, the relay device still needs to be accessed to the cloud end, and if so, the relay device does not need to be accessed to the cloud end, and can directly send the first access request to the cloud end.
The second access verification code is obtained in a similar manner to the first access verification code, the second access verification code is applied by a user at the cloud end and uploaded to the relay device, and if the second access verification code is a verification code generated randomly at the cloud end, the accuracy of the second access verification code and the second device information can be verified during verification, and the verification manner is similar to that of the first access verification code and the first device information. If the second access verification code is generated by the cloud according to the second device information of the relay device, the cloud may acquire the second device information from the second access request, then generate a verification code according to the second device information, and compare the verification code with the second access verification code to perform verification, where the verification mode is similar to that of the first access verification code, and detailed description thereof is omitted.
After the cloud end passes the second access verification code and the second equipment information verification, a communication channel between the cloud end and the relay equipment is established, and after the communication channel is established between the relay equipment and the cloud end, the relay equipment can send a first access request sent by the intranet security equipment to the cloud end for verification.
In the implementation process, the security verification is also performed when the relay device is accessed to the cloud, so that the security of communication between the relay device and the cloud can be ensured.
On the basis of the above embodiment, because the user is difficult to obtain the device information of the intranet security device or the relay device when applying the first access verification code and the second access verification code at the cloud end, and the device information is uploaded to the cloud end to enable the cloud end to generate the access verification code according to the device information, the first access verification code and the second access verification code are generated randomly at the cloud end generally for realizing access, and under the condition, the security of the two access verification codes is not high. Therefore, after the intranet security device or the relay device is accessed to the cloud, the cloud can regenerate an access verification code, specifically, after the relay device sends a first access request to the cloud, the relay device can receive a target verification code sent by the cloud, the target verification code is generated at least based on the first device information, and the target verification code is used as the access verification code when the subsequent intranet security device is accessed to the cloud.
After the intranet security equipment is accessed to the cloud, the target verification code is sent to the intranet security equipment, and similarly, after the relay equipment is accessed to the cloud, the cloud can also generate the target verification code according to at least the equipment information of the relay equipment and send the target verification code to the relay equipment. The target verification code is generated at least based on the first device information, that is, the target verification code is the access verification code aiming at the single intranet security device, so that the subsequent intranet security device needs to be accessed to the network again after the intranet security device is disconnected, a user does not need to apply for the access verification code again, and the target verification code is used for accessing.
In some embodiments, the target authentication code may also be generated based on the first device information and the first access authentication code, which may be distinguishable from the first access authentication code, as the first access authentication code is also generated based on the first device information in some ways, which may employ different authentication codes to distinguish between authentication of a first access and subsequent accesses.
In the implementation process, after the intranet security equipment is accessed to the cloud, the cloud can resend a new target verification code to the intranet security equipment for use when the subsequent intranet security equipment is accessed to the cloud, so that the security problem caused by leakage of the initial access verification code can be avoided.
On the basis of the embodiment, in order to ensure security, the first access verification code and the second access verification code are generated by a cloud, the first access verification code and the second access verification code are configured with effective time, the first access verification code and the second access verification code are effective within the effective time, and the cloud is used for verifying the effectiveness of the first access verification code and the second access verification code.
It can be appreciated that the cloud end can verify the validity of the first access verification code and the second access verification code in addition to verifying the accuracy of the first access verification code and the second access verification code in the above embodiments.
For example, after the cloud obtains the first access verification code from the first access request or obtains the second access verification code from the second access request, the cloud can verify the accuracy of the first access verification code and the second access verification code a priori, and if the verification is passed, the validity is verified again. When a user applies for a first access verification code and a second access verification code from the cloud, the cloud can record the effective time length of the two verification codes after the first access verification code and the second access verification code are generated, the effective time length can be specific time length, such as 24 hours, or expiration time, such as specific time stamp, then the cloud compares the time of the access verification code obtained from the two access requests with the effective time length when accessing, and whether the time of the access verification code is still within the effective time length or not is judged, if not, the verification is not passed, and if so, the verification is passed.
Under the condition, if the first access verification code fails after the effective duration, if the cloud end fails to pass the validity verification, corresponding prompt information can be returned to the relay equipment, the relay equipment forwards the prompt information to the intranet safety equipment, at the moment, after the intranet safety equipment receives the prompt information, the intranet safety equipment knows that the access verification code fails, a user needs to apply for a new access verification code from the cloud end again, and the intranet safety equipment can access by using the new access verification code again. Similarly, when the relay device accesses, if the second access verification code fails, the cloud returns prompt information, after the relay device receives the prompt information, the user can apply for a new access verification code again by the cloud, and the relay device initiates an access request again by using the new access verification code.
In addition, since the access verification code is limited in time length, after the intranet security device is accessed, the cloud end can generate a new target verification code for the intranet security device, as in the above embodiment, the target verification code can be generated at least based on the device information of the intranet security device, and the target verification code can be a verification code effective in a long time length or the effective time length of the target verification code is longer than that of the first access verification code. Similarly, for the second access verification code, after the relay device is accessed to the cloud, the cloud can also regenerate a new target verification code for the relay device, wherein the target verification code is generated based on the device information of the relay device.
In some other embodiments, the cloud end may further configure corresponding valid times for the first access authentication code and the second access authentication code, that is, each time an access is performed, the valid times are reduced by 1, and when the valid times are 0, the access authentication code fails.
In the implementation process, the corresponding effective time length is configured for the access verification code, so that the access verification code is effective in the effective time length and fails after the effective time length is over, the access safety of the intranet safety equipment can be ensured, and the problem that the access verification code is illegally used due to leakage is avoided.
Based on the above embodiments, the communication channel is constructed for the MQTT protocol, and data transmission between the intranet security device and the cloud end follows the MQTT protocol, and relevant requirements of the MQTT protocol may be referred to the relevant description of the above embodiments, which is not repeated herein.
On the basis of the embodiment, after the relay device obtains the first access request of the intranet security device, the first access verification code and the first device information are verified under the condition that the relay device is in the off-network mode, and after the verification is passed, a communication channel between the intranet security device and the relay device is created.
It can be understood that, under the off-line mode, the intranet safety equipment cannot be connected to the cloud end, so that the intranet safety equipment can only communicate between the intranets at this time, and the intranet safety equipment communicates with each other through the relay equipment.
In this case, the first access verification code may be applied by the user for the intranet security device on the relay device, so that the relay device may verify the first access verification code and the first device information, and the verification manner is similar to the cloud verification scheme, which is not repeated herein.
The communication channel between the relay device and the intranet security device can also be a secure data channel, which is constructed based on the MQTT protocol, and the data transmission specification is also the specification requirement of the MQTT protocol. The cloud service communication specification is defined based on the MQTT protocol, corresponding specifications such as equipment access, data transmission and file transmission are related, the access specification of the intranet security equipment to the relay equipment and the access of the relay equipment to the cloud service must be strictly followed, the access specification of the relay equipment is consistent with the cloud access specification, and the intranet security equipment which can access the relay equipment can also be directly accessed to the cloud.
The communication channel based on the MQTT protocol ensures that the communication between the lightweight access terminal and the cloud terminal is safe by using encryption mechanisms such as TLS/SSL and the like. The encryption protection in the data transmission process can prevent threats such as data leakage, tampering, man-in-the-middle attack and the like.
In the implementation process, when the relay device is in the off-network mode, the relay device verifies the access of the intranet, so that the safety of intranet communication can be ensured.
As shown in fig. 3, fig. 3 is a flowchart of an intranet relay sub-process provided in an embodiment of the present application, which details a processing procedure of a relay device when an intranet security device is connected to a cloud.
When the intranet security equipment initiates an access request, the cloud end and the relay equipment adopt the same protocol planning, so that a destination address for initiating the access request can be the cloud end or the relay equipment, if the access request is directly initiated to the cloud end, the intranet security equipment is indicated to be directly connected with the cloud end, the relay equipment does not participate in the processing in the process, and if the access request is initiated to the relay equipment, the relay equipment is divided into three modes for processing.
The cloud service mode is that firstly, the relay equipment needs to be accessed into the cloud end, the relay equipment is ensured to be trusted, after the relay equipment is accessed successfully, all requests (including access of the intranet security equipment, file transmission, log reporting, custom data transmission, appointed equipment communication and the like) to the relay equipment are forwarded, after the access authentication of the cloud end to the intranet security equipment is successful, channels of file transmission, log reporting, custom data transmission, inter-equipment communication and the like are opened, bidirectional communication between the intranet security equipment and the cloud end and between the intranet security equipment and the intranet security equipment is realized through the relay equipment, and security service energization is realized.
One is an off-network mode, in which the relay device does not interact with the cloud, and access verification is performed on the intranet security device mainly through local authentication, for example, by adopting the above access verification code mode, or by using a white list mechanism, so that multiple intranet security devices can be allowed to access the relay device. The mode is more multifunctional, local cross-network intranet safety equipment is linked, the cross-network intranet safety equipment discovers other intranet safety equipment through the relay equipment and performs two-way communication, and in the mode, the relay equipment lightens a part of cloud functions to the local, such as authentication, equipment management and the like, and the mode is more applicable to realizing the cross-intranet communication of the safety equipment in an area completely isolated by the Internet.
In addition, the other mode is a cascading mode, because the cloud end is consistent with the network protocol and the specification of the relay, the relay equipment can be connected to the cloud end and also can be connected to other relay equipment, so that a plurality of relay equipment can be connected in series, and finally, the terminal relay equipment selects an off-network mode or a cloud service mode, and more modes are used for coping with complex network environments, for example, an intranet can communicate with an extranet cloud end through multi-layer jump.
The cloud service mode is adopted to access the security equipment, so that the network channels (MQTT channels) of the cloud and the intranet security equipment are opened, and the cloud security equipment can be energized by utilizing the computing power of the cloud, such as rule base updating (information base and virus base), security service hosting (security situation analysis and risk blocking are realized by utilizing the advantages of the cloud), expert service (expert research, judgment and analysis capability are provided by the cloud), and different cloud service experiences are brought on the premise of ensuring the safety of the intranet of a client.
The three modes (cloud service mode, off-network mode and cascading mode) of the relay equipment are different in coping scene and complexity, the cloud service mode mainly solves the problem of cloud on the intranet isolation equipment, cloud enabling is achieved, the off-network mode is mainly a solution of local equipment cross intranet communication, and the cascading mode is the most complex of the three modes and mainly solves the problem of cloud on the equipment in a more complex network environment.
The specific flow of cloud access can be shown in fig. 4, and the access code or the access information in fig. 4 is the access verification code in the above embodiment. The cloud access (only aiming at the cloud service mode) mainly follows the MQTT protocol specification, the device carries an access verification code applied by the cloud to complete the safety access of the intranet safety device or the relay device, the cloud opens the relevant Topic subscription and release permission of the MQTT channel, and the bidirectional communication between the device and the cloud is realized on the premise of ensuring the safety of the channel. Aiming at relay equipment in an off-network and cascading mode, the relay equipment is kept consistent with the cloud end according to the MQTT protocol specification, and functions of cloud end access authentication, equipment management and the like are lightened, so that the relay equipment has independent operation capability.
After the intranet security equipment and the relay equipment are successfully connected into the cloud, heartbeat signals can be sent to the cloud regularly, so that whether the equipment is online or not is ensured, if the equipment which cannot receive the heartbeat signals for a long time (such as a certain period of time) in the cloud is judged to be offline, a continuous online equipment list is maintained, equipment discovery is facilitated, inter-equipment communication is achieved, and meanwhile online equipment monitoring is achieved.
In some embodiments, the validity durations of the first access verification code and the second access verification code may be associated with an online duration of the device, for example, when the cloud applies for the first access verification code and the second access verification code, a fixed validity duration is not required to be allocated to the two access verification codes, and whether the two access verification codes are valid is determined according to whether the device is online or not. For example, when the first access is performed, the first access is considered to be effective when the validity is verified, but if the cloud detects that the relay device or the intranet security device is disconnected, the corresponding first access verification code and second access verification code can be changed into a failure state at the cloud, so that the previous access verification code cannot be reused for access (the validity verification is not passed), and a new access verification code needs to be applied for access again.
The following description will be given with a specific example, as shown in fig. 5.
The relay equipment AB ' is connected to the cloud end in a cloud service mode, the relay equipment C ' and the relay equipment D ' are connected to the relay equipment AB ' in a cascading mode, and the relay equipment AB ', the relay equipment C ' and the relay equipment D ' are exposed to the outside to serve the same as the cloud MQTT and have the same communication specification.
The device C is accessed to the relay device C ' based on a communication standard (MQTT admission standard), the device D is accessed to the relay device D ', the devices A and B are accessed to the relay device AB ', after the access is successful, a user can check corresponding access devices at the cloud, only the relay devices among the intranet A, the intranet B and the intranet C can communicate, and the intranet safety devices cannot be directly interconnected.
Where the rights allow, mutual discovery between devices a-D may be achieved based on 3 relay devices, e.g., to achieve cross-network communication before device B to device D (which may be required to follow MQTT inter-device communication specifications).
Because all the devices A-D are accessed to the cloud service, the cloud service can enjoy corresponding services of the cloud, such as rule base upgrading, expert service, hosting service and the like, and enable the security devices of the user intranet.
Referring to fig. 6, fig. 6 is a flowchart of a device communication method according to an embodiment of the present application, where the method is also applied to a relay device, and includes the following steps:
step S210, receiving security business data issued by a cloud.
The security service data may refer to some data that enables security of the intranet security device, so that the intranet security device can enjoy cloud services, such as rule base upgrade, security service hosting, expert services, and other information. The security service data issued by the cloud can be forwarded to the relay device first, and then forwarded to the corresponding intranet security device by the relay device.
And step S220, forwarding the safety service data to the corresponding intranet safety equipment.
The intranet security device is accessed to the cloud through the access method in the above embodiment, and the specific implementation process may refer to the related description of the above embodiment, so that for simplicity of description, a detailed description is not repeated here.
Referring to fig. 7, fig. 7 is a block diagram illustrating a device access apparatus 300 according to an embodiment of the present application, where the apparatus 300 may be a module, a program segment, or a code on an electronic device (such as a relay device). It should be understood that the apparatus 300 corresponds to the above embodiment of the method of fig. 2, and is capable of performing the steps involved in the embodiment of the method of fig. 2, and specific functions of the apparatus 300 may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy.
Optionally, the apparatus 300 includes:
A request obtaining module 310, configured to obtain a first access request of an intranet security device, where the access request includes a first access verification code and first device information of the intranet security device;
The request sending module 320 is configured to send the first access request to a cloud end when the relay device is in a cloud service mode, so as to request the cloud end to verify the first access verification code and the first device information, and create a communication channel between the intranet security device and the cloud end after verification is passed.
Optionally, the request sending module is further configured to determine whether the relay device accesses the cloud, if not, send a second access request to the cloud, where the second access request includes a second access verification code and second device information of the relay device, so as to request the cloud to verify the second access verification code and the second device information, and create a communication channel between the relay device and the cloud after verification is passed.
Optionally, the first access verification code and the second access verification code are generated by the cloud, the first access verification code and the second access verification code are configured with effective time, the first access verification code and the second access verification code are effective within the effective time, and the cloud is used for verifying the validity of the first access verification code and the second access verification code.
Optionally, the apparatus 300 further includes:
the information receiving module is used for receiving a target verification code sent by the cloud end, the target verification code is generated at least based on the first equipment information, and the target verification code is used as an access verification code when the intranet security equipment is accessed to the cloud end subsequently.
Optionally, the communication channel is constructed based on an MQTT protocol, and data transmission between the intranet security device and the cloud end follows the MQTT protocol.
Optionally, the apparatus 300 further includes:
And the verification module is used for verifying the first access verification code and the first equipment information under the condition that the relay equipment is in an off-network mode, and creating a communication channel between the intranet security equipment and the relay equipment after the verification is passed.
Referring to fig. 8, fig. 8 is a block diagram illustrating a device communication apparatus 400 according to an embodiment of the present application, where the apparatus 400 may be a module, a program segment, or a code on an electronic device (e.g., a relay device). It should be understood that the apparatus 400 corresponds to the above embodiment of the method of fig. 6, and is capable of executing the steps involved in the embodiment of the method of fig. 6, and specific functions of the apparatus 400 may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy.
Optionally, the apparatus 400 includes:
the data receiving module 410 is configured to receive security service data issued by the cloud;
and the data forwarding module 420 is configured to forward the security service data to a corresponding intranet security device, where the intranet security device accesses the cloud through the device access method.
It should be noted that, for convenience and brevity, a person skilled in the art will clearly understand that, for the specific working procedure of the apparatus described above, reference may be made to the corresponding procedure in the foregoing method embodiment, and the description will not be repeated here.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an electronic device for performing a device access method or a device communication method according to an embodiment of the present application, where the electronic device may include at least one processor 510, such as a CPU, at least one communication interface 520, at least one memory 530, and at least one communication bus 540. Wherein the communication bus 540 is used to enable connected communications between these components. The communication interface 520 of the device in the embodiment of the present application is used for performing signaling or data communication with other node devices. The memory 530 may be a high-speed RAM memory or a nonvolatile memory (non-volatile memory), such as at least one disk memory. Memory 530 may also optionally be at least one storage device located remotely from the aforementioned processor. The memory 530 has stored therein computer readable instructions which, when executed by the processor 510, perform the method processes described above with respect to fig. 2 or 6.
It will be appreciated that the configuration shown in fig. 9 is merely illustrative, and that the electronic device may also include more or fewer components than shown in fig. 9, or have a different configuration than shown in fig. 9. The components shown in fig. 9 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method process performed by an electronic device in an embodiment of a method as shown in fig. 2 or fig. 6.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example, comprising:
acquiring a first access request of an intranet security device, wherein the access request comprises a first access verification code and first device information of the intranet security device;
And under the condition that the relay equipment is in a cloud service mode, sending the first access request to a cloud end to request the cloud end to verify the first access verification code and the first equipment information, and after verification is passed, establishing a communication channel between the intranet security equipment and the cloud end.
In summary, the embodiment of the application provides a device access method, a communication system, an electronic device, a storage medium and a program product, when an intranet security device is accessed to a cloud, a relay device can send an access verification code and device information of the intranet security device to the cloud for verification, and after the verification is passed, a communication channel between the cloud and the intranet security device is constructed, so that the intranet security device can be safely verified, and the security of subsequent communication is ensured.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (12)

1.一种设备接入方法,其特征在于,应用于中继设备,所述方法包括:1. A device access method, characterized in that it is applied to a relay device, the method comprising: 获取内网安全设备的第一接入请求,所述接入请求包括第一接入验证码以及所述内网安全设备的第一设备信息;Obtaining a first access request from an intranet security device, the access request including a first access verification code and first device information of the intranet security device; 在所述中继设备为云服务模式的情况下,向云端发送所述第一接入请求,以请求所述云端对所述第一接入验证码以及所述第一设备信息进行验证,并在验证通过后,创建所述内网安全设备与所述云端之间的通信通道。When the relay device is in cloud service mode, the first access request is sent to the cloud to request the cloud to verify the first access verification code and the first device information, and after the verification is passed, a communication channel is created between the intranet security device and the cloud. 2.根据权利要求1所述的方法,其特征在于,所述向云端发送所述接入请求之前,还包括:2. The method according to claim 1, characterized in that before sending the access request to the cloud, it also includes: 判断所述中继设备是否接入所述云端;Determining whether the relay device is connected to the cloud; 若否,则向所述云端发送第二接入请求,所述第二接入请求包括第二接入验证码以及所述中继设备的第二设备信息,以请求所述云端对所述第二接入验证码以及所述第二设备信息进行验证,并在验证通过后,创建所述中继设备与所述云端之间的通信通道。If not, a second access request is sent to the cloud, wherein the second access request includes a second access verification code and second device information of the relay device, so as to request the cloud to verify the second access verification code and the second device information, and after the verification is passed, a communication channel is created between the relay device and the cloud. 3.根据权利要求2所述的方法,其特征在于,所述第一接入验证码和所述第二接入验证码为所述云端生成的,所述第一接入验证码和所述第二接入验证码配置有有效时长,在所述有效时长内所述第一接入验证码和所述第二接入验证码有效,所述云端用于对所述第一接入验证码和所述第二接入验证码的有效性进行验证。3. The method according to claim 2 is characterized in that the first access verification code and the second access verification code are generated by the cloud, and the first access verification code and the second access verification code are configured with a valid period, and the first access verification code and the second access verification code are valid within the valid period, and the cloud is used to verify the validity of the first access verification code and the second access verification code. 4.根据权利要求1所述的方法,其特征在于,所述向云端发送所述第一接入请求之后,还包括:4. The method according to claim 1, characterized in that after sending the first access request to the cloud, it also includes: 接收所述云端发送的目标验证码,所述目标验证码为至少基于所述第一设备信息生成的,所述目标验证码用于作为后续所述内网安全设备接入所述云端时的接入验证码。Receive a target verification code sent by the cloud, where the target verification code is generated based on at least the first device information, and the target verification code is used as an access verification code when the intranet security device subsequently accesses the cloud. 5.根据权利要求1所述的方法,其特征在于,所述通信通道为基于MQTT协议构建的,所述内网安全设备与所述云端之间的数据传输遵循所述MQTT协议。5. The method according to claim 1 is characterized in that the communication channel is constructed based on the MQTT protocol, and the data transmission between the intranet security device and the cloud follows the MQTT protocol. 6.根据权利要求1所述的方法,其特征在于,所述获取内网安全设备的第一接入请求后,还包括:6. The method according to claim 1, characterized in that after obtaining the first access request of the intranet security device, it also includes: 在所述中继设备为脱网模式的情况下,对所述第一接入验证码以及所述第一设备信息进行验证;When the relay device is in an offline mode, verifying the first access verification code and the first device information; 在验证通过后,创建所述内网安全设备与所述中继设备之间的通信通道。After the verification is passed, a communication channel between the intranet security device and the relay device is created. 7.一种通信系统,其特征在于,所述通信系统包括内网安全设备、中继设备以及云端,所述内网安全设备与所述中继设备、所述中继设备与所述云端之间的通信通道遵循MQTT协议的相关规范,所述内网安全设备与所述云端之间的通信通道是通过权利要求1-6任一所述的设备接入方法接入后构建的;7. A communication system, characterized in that the communication system comprises an intranet security device, a relay device and a cloud, the communication channels between the intranet security device and the relay device, and between the relay device and the cloud comply with relevant specifications of the MQTT protocol, and the communication channel between the intranet security device and the cloud is constructed after access through the device access method described in any one of claims 1 to 6; 所述中继设备、所述内网安全设备和所述云端,用于对接收到的通信数据的规范性进行验证。The relay device, the intranet security device and the cloud are used to verify the standardization of the received communication data. 8.根据权利要求7所述的通信系统,其特征在于,所述相关规范包括设备接入规范、设备文件传输规范、日志文件传输规范、自定义数据传输规范、指令下发规范、设备基础信息上报规范、设备授权信息规范、规则库升级规范以及设备间通信规范中的至少一种。8. The communication system according to claim 7 is characterized in that the relevant specifications include at least one of device access specifications, device file transfer specifications, log file transfer specifications, custom data transmission specifications, instruction issuance specifications, device basic information reporting specifications, device authorization information specifications, rule base upgrade specifications and inter-device communication specifications. 9.根据权利要求7所述的通信系统,其特征在于,所述中继设备的数量为多个,多个中继设备形成级联模式,以实现所述内网安全设备与所述云端之间的通信。9. The communication system according to claim 7 is characterized in that there are multiple relay devices, and multiple relay devices form a cascade mode to achieve communication between the intranet security device and the cloud. 10.一种电子设备,其特征在于,包括处理器以及存储器,所述存储器存储有计算机可读取指令,当所述计算机可读取指令由所述处理器执行时,运行如权利要求1-6任一所述的方法。10. An electronic device, comprising a processor and a memory, wherein the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the method according to any one of claims 1 to 6 is executed. 11.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时运行如权利要求1-6任一所述的方法。11. A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the method according to any one of claims 1 to 6 is executed. 12.一种计算机程序产品,其特征在于,包括计算机程序指令,所述计算机程序指令被处理器读取并运行时,执行如权利要求1-6任一所述的方法。12. A computer program product, characterized in that it comprises computer program instructions, and when the computer program instructions are read and executed by a processor, the method according to any one of claims 1 to 6 is executed.
CN202411830705.6A 2024-12-12 2024-12-12 Device access method, communication system, electronic device, storage medium and program product Pending CN119728203A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411830705.6A CN119728203A (en) 2024-12-12 2024-12-12 Device access method, communication system, electronic device, storage medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411830705.6A CN119728203A (en) 2024-12-12 2024-12-12 Device access method, communication system, electronic device, storage medium and program product

Publications (1)

Publication Number Publication Date
CN119728203A true CN119728203A (en) 2025-03-28

Family

ID=95079861

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411830705.6A Pending CN119728203A (en) 2024-12-12 2024-12-12 Device access method, communication system, electronic device, storage medium and program product

Country Status (1)

Country Link
CN (1) CN119728203A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150828A (en) * 2018-07-10 2019-01-04 珠海腾飞科技有限公司 A kind of verifying register method and system
CN114205112A (en) * 2021-11-10 2022-03-18 深圳天地宽视信息科技有限公司 Cloud MQTT access authority control method
CN115314302A (en) * 2022-08-10 2022-11-08 重庆电子工程职业学院 Communication method and device based on network security grid
CN118054983A (en) * 2022-11-15 2024-05-17 腾讯科技(深圳)有限公司 Network access equipment control method and device, electronic equipment and storage medium
CN118611931A (en) * 2024-06-06 2024-09-06 中国建设银行股份有限公司 Login verification method, device, computer equipment, and readable storage medium
WO2024247124A1 (en) * 2023-05-30 2024-12-05 三菱電機株式会社 Equipment management system, equipment management apparatus, relay apparatus, equipment management method, and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150828A (en) * 2018-07-10 2019-01-04 珠海腾飞科技有限公司 A kind of verifying register method and system
CN114205112A (en) * 2021-11-10 2022-03-18 深圳天地宽视信息科技有限公司 Cloud MQTT access authority control method
CN115314302A (en) * 2022-08-10 2022-11-08 重庆电子工程职业学院 Communication method and device based on network security grid
CN118054983A (en) * 2022-11-15 2024-05-17 腾讯科技(深圳)有限公司 Network access equipment control method and device, electronic equipment and storage medium
WO2024247124A1 (en) * 2023-05-30 2024-12-05 三菱電機株式会社 Equipment management system, equipment management apparatus, relay apparatus, equipment management method, and program
CN118611931A (en) * 2024-06-06 2024-09-06 中国建设银行股份有限公司 Login verification method, device, computer equipment, and readable storage medium

Similar Documents

Publication Publication Date Title
EP3323232B1 (en) Enabling setting up a secure peer-to-peer connection
US11240246B2 (en) Secure confirmation exchange for offline industrial machine
JPH08331168A (en) Access control system for computer devices connected in a private network
CN110798471A (en) Air conditioner management method and related device
US7496949B2 (en) Network system, proxy server, session management method, and program
CN113904847B (en) Cloud platform binding method, system, equipment and medium of Internet of things card
CN102195930B (en) Security access method among equipment and communication equipment
CN112333214B (en) A security user authentication method and system for IoT device management
CN114389890A (en) User request proxy method, server and storage medium
US10326599B2 (en) Recovery agents and recovery plans over networks
US8112629B2 (en) Stateless challenge-response protocol
US20170220391A1 (en) Method of distributing tasks between computer systems, computer network infrastructure and computer program product
CN119728203A (en) Device access method, communication system, electronic device, storage medium and program product
JP7018255B2 (en) Authentication management device and program
CN113162922B (en) Client data acquisition method and device, storage medium and electronic equipment
KR102150484B1 (en) An access authentication system using onetime password for enhancing security
CN113660283A (en) A legality authentication method and device
KR20100063886A (en) Remote access system and method for controlling terminal between different networks
CN119172074B (en) A cross-chain business processing method, device, equipment and storage medium
CN114745138B (en) Equipment authentication method, device, control platform and storage medium
CN115865522B (en) Information transmission control method and device, electronic equipment and storage medium
US20230123159A1 (en) Multi-factor authentication of cloud-managed services
EP3965390B1 (en) Certificate management system and certificate management method
US20230319530A1 (en) Communication control method and communication device
JP5347263B2 (en) Client device and communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination