[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112866202B - Device authorization management method, system thereof, communication device and storage medium - Google Patents

Device authorization management method, system thereof, communication device and storage medium Download PDF

Info

Publication number
CN112866202B
CN112866202B CN202011634296.4A CN202011634296A CN112866202B CN 112866202 B CN112866202 B CN 112866202B CN 202011634296 A CN202011634296 A CN 202011634296A CN 112866202 B CN112866202 B CN 112866202B
Authority
CN
China
Prior art keywords
authorization
information
authorized
pool
controller
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011634296.4A
Other languages
Chinese (zh)
Other versions
CN112866202A (en
Inventor
王梓霖
骆小华
宗均然
张鑫
金迪
陈建伟
范宇星
施平
何晓萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Hangzhou Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202011634296.4A priority Critical patent/CN112866202B/en
Publication of CN112866202A publication Critical patent/CN112866202A/en
Application granted granted Critical
Publication of CN112866202B publication Critical patent/CN112866202B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a device authorization management method and a system thereof, a communication device and a storage medium, wherein the method comprises the following steps: a generation step of acquiring a controller authorization identification code generated by the SD-WAN controller, decoding the controller authorization identification code to obtain an encryption key, and encrypting authorization information by using the encryption key to generate a plurality of authorization codes; an authorization step, namely forming an authorization pool by utilizing a plurality of authorization codes, respectively authorizing different functions requested by different devices through the authorization pool, and storing authorization state information of each function corresponding to the authorized devices to a memory and a file system of the SD-WAN controller; and a monitoring step, namely starting a timing thread task to monitor the authorization state of each function corresponding to the authorized equipment in the memory and the file system of the SD-WAN controller. The invention manages the authorization resources uniformly by using the authorization pool, has stronger flexibility, and can realize multi-angle control by monitoring the authorization state in a time limit manner.

Description

Device authorization management method, system thereof, communication device and storage medium
Technical Field
The present invention relates to the field of communications, and in particular, to a device authorization management method and system, a communication device, and a storage medium.
Background
At present, devices under a Software-Defined Wide Area Network (SD-WAN) architecture are managed by an SD-WAN controller layer, and the following methods are generally adopted for device authorization management for SD-WAN device authorization, which is relatively common:
the SD-WAN authentication method includes the steps that a Secure Shell (SSH) connection is carried out between an SD-WAN controller and the SD-WAN device, the SD-WAN device carries out SSH secret key exchange with the SD-WAN controller according to a device authentication identifier in an authentication configuration file set in advance, the SD-WAN controller obtains the SD-WAN device authentication identifier, user authentication information is obtained through the authentication identifier, and finally authentication authorization is carried out on the SD-WAN device according to the user authentication information.
However, this authorization scheme only gives an authentication procedure of the device, only performs an overall authorization on the device that can be successfully authenticated, does not perform an authorization of each function on the device, and lacks flexibility, and this authorization scheme cannot monitor an authorization status, and lacks security.
Disclosure of Invention
In view of this, the present invention provides a device authorization management method and system, a communication device, and a storage medium, which can authorize each function of a device, monitor an authorization status of the device, and have high security and flexibility.
The invention provides a device authorization management method, which is applied to a software-defined wide area network controller, wherein the method comprises the following steps:
a generating step of acquiring a controller authorization identification code generated by the software-defined wide area network controller, decoding the controller authorization identification code to obtain an encryption key, and encrypting authorization information by using the encryption key to generate a plurality of authorization codes;
an authorization step, forming an authorization pool by using the authorization codes, authorizing different functions requested by different devices respectively through the authorization pool, and storing authorization state information of each function corresponding to the authorized device to a memory and a file system of the software-defined wide area network controller;
and a monitoring step, in which a timing thread task is started to monitor the authorization state of each function corresponding to the memory of the software-defined wide area network controller and the authorized equipment in the file system.
Preferably, verification information is added to the authorization information in the generating step, and the forming an authorization pool by using the plurality of authorization codes in the authorizing step specifically includes:
and decrypting the authorization codes to obtain the authorization information, verifying and checking the verification information in the authorization information, reconstructing the authorization information after passing the verification and checking to form reconstructed authorization information, and encrypting and writing the reconstructed authorization information into the memory and the file system for storage to form the authorization pool.
Preferably, the authorization pool includes the number of functional points and the remaining authorized time limit, and the authorization step further includes:
judging whether the point number and the residual authorized time limit in the authorization pool are simultaneously greater than 1;
if not, not authorizing the requested equipment;
if yes, respectively authorizing different functions requested by the equipment, and storing the authorization state information of each function corresponding to the authorized equipment in the memory and the file system.
Preferably, the monitoring step specifically includes:
starting a timing thread task to monitor and update the residual authorized time limit in the authorization pool;
and enabling a timed thread task to monitor and update the authorization time limit of authorized equipment in the memory and the file system of the software-defined wide area network controller.
In another aspect, the present invention further provides a device authorization management system, where the system includes a memory, an authorization code generation module, a software-defined wan controller authorization management module, and a software-defined wan controller authorization status monitoring module, where,
the software-defined wide area network controller authorization management module is used for generating a controller authorization identification code;
the authorization code generation module is used for acquiring the controller authorization identification code, decoding the controller authorization identification code to obtain an encryption key, and encrypting authorization information by using the encryption key to generate a plurality of authorization codes;
the software-defined wan controller authorization management module is further configured to form an authorization pool by using the authorization codes, authorize different functions requested by different devices through the authorization pool, and store authorization status information of each function corresponding to an authorized device in the memory;
and the software-defined wide area network controller authorization state monitoring module is used for starting a timing thread task to monitor the authorization state of each function corresponding to the authorized device in the memory.
Preferably, verification information is added to the authorization information, and the software-defined wide area network controller authorization management module is further specifically configured to:
and decrypting the authorization codes to obtain the authorization information, verifying and checking the verification information in the authorization information, reconstructing the authorization information after passing the verification and checking to form reconstructed authorization information, and encrypting and writing the reconstructed authorization information into the memory to be stored to form the authorization pool.
Preferably, the authorization pool includes a number of functional points and a remaining authorized time limit, and the software-defined wide area network controller authorization management module is further specifically configured to:
judging whether the point number and the residual authorized time limit in the authorization pool are simultaneously greater than 1;
if not, the requested equipment is not authorized;
if yes, respectively authorizing different functions requested by the equipment, and encrypting and storing the authorization state information of each function corresponding to the authorized equipment in the memory.
Preferably, the software-defined wide area network controller authorization status monitoring module is specifically configured to:
enabling a timed thread task to monitor and update the residual authorized time limit in the authorization pool;
and starting a timed thread task to monitor and update the authorization time limit of the authorized equipment in the memory.
In still another aspect, the present invention further provides a communication device, wherein the communication device includes a memory and a processor, the memory stores computer processing instructions, and the processor executes the aforementioned device authorization management method by calling the computer processing instructions.
In still another aspect, the present invention further provides a computer-readable storage medium, wherein the computer-readable storage medium stores thereon a computer program, and the computer program, when executed by a processor, implements the steps of the aforementioned device authorization management method.
The technical scheme provided by the invention has the following advantages: by generating the authorization pool and using the authorization pool to uniformly manage the authorization resources, the authorization of each function of the equipment can be performed, the authorization flexibility is greatly improved, and meanwhile, the authorization state of each function corresponding to the authorized equipment is monitored by utilizing the timing thread task, so that the safety is high.
Drawings
Fig. 1 is a flowchart illustrating a device authorization management method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a device authorization management system 1 according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The following describes a device authorization management method and a system thereof according to the present invention in detail.
Fig. 1 is a flowchart illustrating a device authorization management method according to an embodiment of the present invention.
In this embodiment, the device authorization management method is applied to a Software-Defined Wide Area Network (SD-WAN), and is specifically applied to an SD-WAN controller, where the SD-WAN controller includes three modules: the device authorization control function of the SD-WAN controller for authorizing different functions, encrypting authorization states, monitoring authorization states and the like of the device is realized. The authorization code generation module firstly encrypts and generates an authorization code according to the authorization identification code, the authorization information and the verification information of the SD-WAN controller; inputting the authorization code into an SD-WAN controller authorization management module to decrypt to form an authorization pool, and when the equipment requests authorization of different function points, marking out resources from the authorization pool to authorize the equipment to perform different functions; and finally, the SD-WAN controller authorization state monitoring module starts a timing thread task to monitor the encrypted authorization pool state and the encrypted equipment authorization state, so that the SD-WAN controller can control the whole process of monitoring the equipment from authorization to authorization state, the requirements of SD-WAN unified control equipment are met, and the authorization security is improved by encrypting the authorization pool information and the equipment authorization information. Meanwhile, when the device is authorized, different functions can be authorized for different devices, and the device has high flexibility, safety and monitoring performance.
In step S1, a generation step of acquiring the controller authorized identification code generated by the SD-WAN controller, decoding the controller authorized identification code to obtain an encryption key, and encrypting the authorization information using the encryption key to generate a plurality of authorization codes.
In this embodiment, the SD-WAN controller includes three modules, namely, an authorization code generation module, an SD-WAN controller authorization management module, and an SD-WAN controller authorization status monitoring module, the SD-WAN controller generates a controller authorization identification code, that is, the SD-WAN controller authorization management module generates a controller authorization identification code, specifically, the SD-WAN controller authorization management module splices the universal unique identification code of the server where the SD-WAN controller is located and the number of the existing authorization pools of the current SD-WAN controller into a new character string, encrypts the new character string to serve as the controller authorization identification code, and sends the generated controller authorization identification code to the authorization code generation module.
In this embodiment, the SD-WAN controller authorization management module first sends a controller authorization identification code to the authorization code generation module, after obtaining the controller authorization identification code, decodes the controller authorization identification code to obtain an encryption key, where the encryption key is used to encrypt authorization information, the authorization code generation module encrypts the authorization information added with verification information using the encryption key to obtain a plurality of authorization codes, and finally sends the plurality of authorization codes to the SD-WAN controller authorization management module, where the authorization information includes a total number (S ≧ 1) of authorized devices corresponding to each authorization function (N ≧ 1) and a total time limit (T ≧ 1) of authorization of the function, where adding the verification information in the authorization information is also intended to improve security.
In step S2, in the authorization step, an authorization pool is formed by using a plurality of authorization codes, different functions requested by different devices are authorized through the authorization pool, and authorization state information of each function corresponding to an authorized device is stored in a memory and a file system of the SD-WAN controller.
In this embodiment, the memory and the file system of the SD-WAN controller are used as storage devices for storing authorization pool information and authorization status information of the device, where the authorization step specifically further includes:
the authorization codes are decrypted to obtain authorization information, verification check is conducted on verification information in the authorization information, the authorization information is reconstructed after the verification check is passed to form reconstruction authorization information, the reconstruction authorization information is encrypted and written into a memory and a file system to be stored to form an authorization pool, the authorization pool information serving as encrypted ciphertext is not easy to recognize and crack even if the authorization pool information is obtained, and safety can be improved.
In this embodiment, a character string decrypted by the controller authorization identification code is used as a secret key, the multiple authorization codes sent by the authorization code generation module are decrypted to obtain authorization information, the verification information in the authorization information is verified and checked, and the authorization information is reconstructed to form reconstructed authorization information after the verification and check pass, where the reconstructed authorization information is added with the number M of function points authorized for the device, M is greater than or equal to 0, and the total authorization time limit is updated to the remaining authorized time limit t greater than or equal to 1, so that the reconstructed authorization information includes the number M of the authorized device and the remaining authorized time limit t, and then the reconstructed authorization information is encrypted and written into the memory and the file system to form an authorization pool, and thus, the authorization pool information is stored into the memory and the file system, and is also stored as a ciphertext, and the security is improved.
In this embodiment, the authorization pool includes a number M of function points authorized for the device and a remaining authorized time limit t, where the authorization step specifically further includes:
judging whether the number of points in the authorization pool and the remaining authorized time limit are simultaneously greater than 1;
if not, the requested equipment is not authorized;
if yes, respectively authorizing different functions requested by the equipment, and encrypting and storing authorization state information of each function corresponding to the authorized equipment in the memory and the file system.
In the embodiment, firstly, the function points which request authorization by different devices are received, the function points which request authorization by the devices are selected, and then whether the function points which request authorization by the devices have related resources in an authorization pool or not is judged, wherein the point number M and the residual authorization time limit t of the function points which request authorization by the devices are used as the resources of the authorization pool, and when the devices request authorization by different function points, the resources are divided from the authorization pool to carry out authorization of different functions on the devices.
In this embodiment, the SD-WAN controller authorization management module selects a function point authorizing a device according to a device condition, then the SD-WAN controller authorization management module divides resources from an authorization pool to authorize the device for different functions, before dividing the resources, first determines whether the number of points of the function points authorized in the authorization pool and the remaining authorized time limit are sufficient, where the sufficient number indicates that the number of points of the function points authorized for the device must be greater than 1 and the remaining authorized time limit must also be greater than 1, otherwise, the remaining authorized time limit indicates that the device is insufficient, if the remaining authorized time limit is insufficient, the requested device is not authorized, if the sufficient number indicates that the function points are sufficient, the different functions requested by the device are respectively authorized, and the authorization information is sent to the device side, and finally, the SD-WAN controller authorization management module updates authorization pool information in a memory and a file system, that is to add one to the authorized number of the function points authorized for the device in the authorization pool, and opens up authorization status information (that is, including the authorized function points and the corresponding authorized time limit) of each function point in the authorized in the authorization pool and the file system.
In step S3, a monitoring step, which starts a timed thread task to monitor the authorization status of each function corresponding to the authorized device in the memory and file system of the SD-WAN controller.
In this embodiment, the monitoring is performed from two aspects, on one hand, the remaining authorized time limit is monitored, and on the other hand, the authorized time limit of the authorized device is monitored, and therefore, the monitoring step specifically includes:
starting a timing thread task to monitor and update the residual authorized time limit in the authorization pool, and encrypting and writing the updated data into a memory and a file system;
and starting a timing thread task to monitor and update the authorization time limit of authorized equipment in the memory and the file system of the SD-WAN controller, and encrypting and writing the updated data into the memory and the file system.
Fig. 2 is a schematic structural diagram of a device authorization management system according to an embodiment of the present invention.
In this embodiment, the device authorization management system 1 includes an authorization code generation module 2, an SD-WAN controller authorization management module 3, an SD-WAN controller authorization status monitoring module 4, and a memory 5.
And the SD-WAN controller authorization management module 3 is used for generating a controller authorization identification code. Specifically, the SD-WAN controller authorization management module 3 splices the universal unique identification code of the server where the SD-WAN controller is located and the existing authorization pool number of the current SD-WAN controller into a new character string, encrypts the new character string to be used as the controller authorization identification code, and sends the generated controller authorization identification code to the authorization code generation module 2, so that obviously, the new character string is encrypted to generate the controller authorization identification code, the security can be improved, and the controller authorization identification code is not easy to recognize as a ciphertext and is not easy to crack even if being obtained.
And the authorization code generation module 2 is configured to acquire the controller authorization identification code, decode the controller authorization identification code to obtain an encryption key, and encrypt authorization information using the encryption key to generate a plurality of authorization codes.
In this embodiment, the SD-WAN controller authorization management module 3 first sends a controller authorization identification code to the authorization code generation module 2, after obtaining the controller authorization identification code, the authorization code generation module 2 decodes the controller authorization identification code to obtain an encryption key, where the encryption key is used to encrypt authorization information, the authorization code generation module 2 encrypts authorization information to which verification information is added by using the encryption key to obtain a plurality of authorization codes, and finally sends the plurality of authorization codes to the SD-WAN controller authorization management module 3, where the authorization information includes a total number (S is greater than or equal to 1) of authorized devices corresponding to each authorization function (N is greater than or equal to 1) and a total time limit (T is greater than or equal to 1) of the function authorization, where adding the verification information to the authorization information is also for improving security.
The SD-WAN controller authorization management module 3 is further configured to form an authorization pool by using the plurality of authorization codes, authorize different functions requested by different devices through the authorization pool, and store authorization state information of each function corresponding to an authorized device in the memory 5.
In this embodiment, the memory 5 is used as a storage device for storing authorization pool information and authorization status information of the device.
In this embodiment, the SD-WAN controller authorization management module 3 is specifically configured to:
the authorization codes are decrypted to obtain authorization information, verification check is conducted on verification information in the authorization information, the authorization information is reconstructed after the verification check is passed to form reconstruction authorization information, the reconstruction authorization information is encrypted and written into the memory 5 to be stored to form an authorization pool, the authorization pool information serving as encrypted ciphertext is not easy to recognize and crack even if the authorization pool information is obtained, and safety can be improved.
In this embodiment, a character string decrypted by the controller authorization identification code is used as a secret key, the multiple authorization codes sent by the authorization code generation module 2 are decrypted to obtain authorization information, the verification information in the authorization information is verified and checked, and the authorization information is reconstructed to form reconstructed authorization information after the verification and check pass, where the reconstructed authorization information is added with the number M of function points authorized for the device, M is greater than or equal to 0, and the total authorization time limit is updated to the remaining authorized time limit t greater than or equal to 1, so that the reconstructed authorization information includes the number M of authorized device points and the remaining authorized time limit t, and then the reconstructed authorization information is encrypted and written into the memory 5 to form an authorization pool, and thus, the authorization pool information is stored into the memory 5 and also stored as a ciphertext, and the security is improved.
In this embodiment, the authorization pool includes a number M of functional points authorizing the device and a remaining authorized time limit t, where the SD-WAN controller authorization management module 3 is further specifically configured to:
judging whether the point number and the residual authorized time limit in the authorization pool are simultaneously larger than 1;
if not, the requested equipment is not authorized;
if yes, respectively authorizing different functions requested by the equipment, and encrypting and storing authorization state information of each function corresponding to the authorized equipment in the memory 5.
In the embodiment, firstly, function points which request authorization by different devices are received, the function points which request authorization by the devices are selected, and then whether related resources exist in an authorization pool or not is judged, wherein the point number M and the remaining authorization time limit t of the function points which request authorization by the devices are used as the resources of the authorization pool, and when the devices request authorization by different function points, the resources are divided from the authorization pool to authorize the devices with different functions.
In this embodiment, the SD-WAN controller authorization management module 3 selects a function point authorizing a device according to a device condition, then the SD-WAN controller authorization management module 3 divides resources from an authorization pool to authorize the device for different functions, before dividing the resources, first determines whether the number of functional points authorized in the authorization pool and the remaining authorized time limit are sufficient, where the sufficiency indicates that the number of functional points authorized for the device must be greater than 1 and the remaining authorized time limit must also be greater than 1, otherwise indicates that the remainder does not suffice, and if the sufficiency does not authorize the requested device, if the sufficiency authorizes different functions requested by the device, respectively authorizes the different functions requested by the device, and sends authorization information to the device side, and finally the SD-WAN controller authorization management module 3 updates authorization pool information in the memory 5, that is, that the number of authorized devices of the functional points authorized for the device in the authorization pool is increased by one, and opens up another time limit for storing the authorization state information of each function corresponding to the authorized device (that is, including the authorized functional points and the corresponding authorized time limits in the memory 5).
And the SD-WAN controller authorization state monitoring module 4 is used for starting a timing thread task to monitor the authorization state of each function corresponding to the authorized equipment in the memory 5 of the SD-WAN controller.
In this embodiment, the monitoring is performed from two aspects, on one hand, the remaining authorized time limit is monitored, and on the other hand, the authorized time limit of the authorized device is monitored, so the SD-WAN controller authorization status monitoring module 4 is specifically configured to:
starting a timing thread task to monitor and update the residual authorized time limit in the authorization pool, and encrypting and writing the updated data into the memory 5;
and starting a timed thread task to monitor and update the authorization time limit of the authorized equipment, and encrypting and writing the updated data into the memory 5.
In addition, the invention also provides a communication device, wherein the communication device comprises a memory and a processor, the memory stores computer processing instructions, and the processor executes the aforementioned device authorization management method by calling the computer processing instructions.
In addition, the present invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the foregoing device authorization management method.
The technical scheme provided by the invention has the following advantages: by generating the authorization pool and using the authorization pool to manage authorization resources in a unified way, authorization of each function of the equipment can be performed, the authorization flexibility is greatly improved, meanwhile, the timed thread task is used for monitoring authorization information of the equipment and monitoring the authorization state of the equipment in a time-limited way, and the safety is high.
It should be noted that, in the above embodiments, the included units are only divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
In addition, it can be understood by those skilled in the art that all or part of the steps in the method for implementing the embodiments described above can be implemented by instructing the relevant hardware through a program, and the corresponding program can be stored in a computer-readable storage medium, such as a ROM/RAM, a magnetic disk, or an optical disk.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (9)

1. A device authorization management method applied to a software-defined wide area network controller, the method comprising:
a generating step of acquiring a controller authorization identification code generated by the software-defined wide area network controller, decoding the controller authorization identification code to obtain an encryption key, and encrypting authorization information by using the encryption key to generate a plurality of authorization codes;
an authorization step, forming an authorization pool by using the authorization codes, authorizing different functions requested by different devices respectively through the authorization pool, and storing authorization state information of each function corresponding to the authorized device to a memory and a file system of the software-defined wide area network controller;
a monitoring step, in which a timing thread task is started to monitor the authorization state of each function corresponding to the memory of the software-defined wide area network controller and the authorized equipment in the file system;
wherein, verification information is added in the authorization information in the generating step, and the forming an authorization pool by using the plurality of authorization codes in the authorization step specifically includes:
and decrypting the authorization codes to obtain the authorization information, verifying and checking the verification information in the authorization information, reconstructing the authorization information after passing the verification and checking to form reconstructed authorization information, and encrypting and writing the reconstructed authorization information into the memory and the file system for storage to form the authorization pool.
2. The device authorization management method according to claim 1, wherein the authorization pool includes the number of functional points and a remaining authorized time limit, and the authorization step specifically includes:
judging whether the point number and the residual authorized time limit in the authorization pool are simultaneously greater than 1;
if not, the requested equipment is not authorized;
if yes, respectively authorizing different functions requested by the equipment, and storing the authorization state information of each function corresponding to the authorized equipment in the memory and the file system.
3. The device authorization management method according to claim 2, wherein the monitoring step specifically includes:
enabling a timed thread task to monitor and update the residual authorized time limit in the authorization pool;
and enabling a timed thread task to monitor and update the authorization time limit of authorized equipment in the memory and the file system of the software-defined wide area network controller.
4. A device authorization management system is characterized in that the system comprises a memory, an authorization code generation module, a software-defined wide area network controller authorization management module and a software-defined wide area network controller authorization status monitoring module, wherein,
the software-defined wide area network controller authorization management module is used for generating a controller authorization identification code;
the authorization code generation module is used for acquiring the controller authorization identification code, decoding the controller authorization identification code to obtain an encryption key, and encrypting authorization information by using the encryption key to generate a plurality of authorization codes;
the software-defined wan controller authorization management module is further configured to form an authorization pool by using the authorization codes, authorize different functions requested by different devices through the authorization pool, and store authorization status information of each function corresponding to an authorized device in the memory;
the software-defined wide area network controller authorization state monitoring module is used for starting a timing thread task to monitor the authorization state of each function corresponding to the authorized device in the memory;
wherein, verification information is added in the authorization information in the generating step, and the software-defined wan controller authorization management module is further configured to decrypt the authorization codes to obtain the authorization information, perform verification check on the verification information in the authorization information, reconstruct the authorization information after passing the verification check to form reconstructed authorization information, and encrypt and write the reconstructed authorization information into the memory and the file system to store the reconstructed authorization information to form the authorization pool.
5. The device authorization management system according to claim 4, wherein verification information is added to the authorization information, and the software-defined wide area network controller authorization management module is further specifically configured to:
and decrypting the authorization codes to obtain the authorization information, verifying and checking the verification information in the authorization information, reconstructing the authorization information after passing the verification and checking to form reconstructed authorization information, and encrypting and writing the reconstructed authorization information into the memory to be stored to form the authorization pool.
6. The device entitlement management system according to claim 5, wherein the authorization pool includes a number of points of a function point and a remaining authorizeable time limit, the software-defined wide area network controller entitlement management module further specifically configured to:
judging whether the point number and the residual authorized time limit in the authorization pool are simultaneously larger than 1;
if not, the requested equipment is not authorized;
and if so, respectively authorizing different functions requested by the equipment, and storing the authorized state information of each function corresponding to the authorized equipment in the memory.
7. The device authorization management system according to claim 6, wherein the software-defined wide area network controller authorization status monitoring module is specifically configured to:
enabling a timed thread task to monitor and update the residual authorized time limit in the authorization pool;
and starting a timed thread task to monitor and update the authorization time limit of the authorized equipment in the memory.
8. A communication device, characterized in that the communication device comprises a memory storing computer processing instructions and a processor executing the device authorization management method according to any of the preceding claims 1-3 by invoking the computer processing instructions.
9. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the device authorization management method according to any one of claims 1-3.
CN202011634296.4A 2020-12-31 2020-12-31 Device authorization management method, system thereof, communication device and storage medium Active CN112866202B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011634296.4A CN112866202B (en) 2020-12-31 2020-12-31 Device authorization management method, system thereof, communication device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011634296.4A CN112866202B (en) 2020-12-31 2020-12-31 Device authorization management method, system thereof, communication device and storage medium

Publications (2)

Publication Number Publication Date
CN112866202A CN112866202A (en) 2021-05-28
CN112866202B true CN112866202B (en) 2022-10-18

Family

ID=76000098

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011634296.4A Active CN112866202B (en) 2020-12-31 2020-12-31 Device authorization management method, system thereof, communication device and storage medium

Country Status (1)

Country Link
CN (1) CN112866202B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376079A (en) * 2014-08-21 2016-03-02 西安慧泽知识产权运营管理有限公司 Novel method based on PE format for authorized code management of real-time monitoring system
EP3508386A1 (en) * 2016-08-31 2019-07-10 Great Wall Motor Company Limited Authorization method for virtual key, server, and authorization system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938627B (en) * 2009-06-30 2014-03-19 中兴通讯股份有限公司 System and method for realizing authentication monitoring
CN103906054B (en) * 2012-12-28 2017-04-12 上海农业信息有限公司 Method and system for authorization of software function modules of internet of things
CN106650328A (en) * 2016-12-15 2017-05-10 广州视源电子科技股份有限公司 Function authorization method and device of terminal
CN109995744B (en) * 2018-01-03 2021-08-31 腾讯科技(深圳)有限公司 Authorization management method, device and storage medium
CN109067809B (en) * 2018-10-18 2021-08-13 深信服科技股份有限公司 Authority configuration method, device, equipment and storage medium of security component
CN111125677A (en) * 2019-12-24 2020-05-08 苏州思必驰信息科技有限公司 Equipment authorization method and system
CN111881423B (en) * 2020-07-28 2023-09-19 杭州海康威视数字技术股份有限公司 Method, device and system for authorizing restricted function use

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376079A (en) * 2014-08-21 2016-03-02 西安慧泽知识产权运营管理有限公司 Novel method based on PE format for authorized code management of real-time monitoring system
EP3508386A1 (en) * 2016-08-31 2019-07-10 Great Wall Motor Company Limited Authorization method for virtual key, server, and authorization system

Also Published As

Publication number Publication date
CN112866202A (en) 2021-05-28

Similar Documents

Publication Publication Date Title
CN110519260B (en) Information processing method and information processing device
CN106161032B (en) A kind of identity authentication method and device
US10601801B2 (en) Identity authentication method and apparatus
CN105915338B (en) Generate the method and system of key
CN103246842A (en) Methods and devices for authentication and data encryption
CN105653986B (en) A kind of data guard method and device based on microSD card
CN107920052B (en) Encryption method and intelligent device
CN108809633B (en) Identity authentication method, device and system
CN103780609A (en) Cloud data processing method and device and cloud data security gateway
CN113472793A (en) Personal data protection system based on hardware password equipment
CN107368737A (en) A kind of processing method for preventing copy-attack, server and client
CN105187369B (en) A kind of data access method and device
CN103577769A (en) File content safety management method and management system
CN104767766A (en) Web Service interface verification method, Web Service server and client
CN108377184B (en) Distributed authentication encryption method for internal network of intelligent automobile
CN106792669A (en) Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm
CN111131160B (en) User, service and data authentication system
CN111291398B (en) Block chain-based authentication method and device, computer equipment and storage medium
CN110287725B (en) Equipment, authority control method thereof and computer readable storage medium
CN112866202B (en) Device authorization management method, system thereof, communication device and storage medium
CN116112234B (en) Electronic signing security verification method, system, medium and equipment
CN108629192B (en) Authorization data processing method and device
CN102404363A (en) Access method and device
CN112818329B (en) Authentication method and device, user side, equipment side and storage medium
CN112184960B (en) Intelligent lock control method and device, intelligent lock system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant