[go: up one dir, main page]

CN114257393A - Terminal equipment authentication method and device and computer readable storage medium - Google Patents

Terminal equipment authentication method and device and computer readable storage medium Download PDF

Info

Publication number
CN114257393A
CN114257393A CN202011024819.3A CN202011024819A CN114257393A CN 114257393 A CN114257393 A CN 114257393A CN 202011024819 A CN202011024819 A CN 202011024819A CN 114257393 A CN114257393 A CN 114257393A
Authority
CN
China
Prior art keywords
authentication
cpe
authentication identifier
controller
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011024819.3A
Other languages
Chinese (zh)
Inventor
杨锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202011024819.3A priority Critical patent/CN114257393A/en
Publication of CN114257393A publication Critical patent/CN114257393A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明实施例提供了一种终端设备认证方法、装置和计算机可读存储介质,所述方法包括:控制器接收注册节点发送的认证标识;基于所述认证标识与客户端前置设备(CPE)进行校验;确定校验成功,则执行CPE的注册流程。

Figure 202011024819

Embodiments of the present invention provide a terminal device authentication method, apparatus, and computer-readable storage medium. The method includes: a controller receives an authentication identifier sent by a registration node; Perform verification; if the verification is successful, execute the registration process of the CPE.

Figure 202011024819

Description

一种终端设备认证方法、装置和计算机可读存储介质A terminal device authentication method, apparatus and computer-readable storage medium

技术领域technical field

本发明涉及移动通信技术领域,尤其涉及一种终端设备认证方法、装置和计算机可读存储介质。The present invention relates to the field of mobile communication technologies, and in particular, to a terminal device authentication method, apparatus and computer-readable storage medium.

背景技术Background technique

在大规模软件定义广域网(SD-WAN)中通常部署多个控制器,所有客户端前置设备(CPE)上线请求需要依靠注册节点分发给不同控制器。这样每个控制器负责一部分CPE的管理,CPE和控制器之间的关联关系依靠一个全局的注册器。CPE由客户自行部署,注册节点、CPE、控制器的校验可以通过证书认证的方式解决。In a large-scale software-defined wide area network (SD-WAN), multiple controllers are usually deployed, and all customer premises equipment (CPE) online requests need to be distributed to different controllers by means of registration nodes. In this way, each controller is responsible for the management of a part of the CPE, and the association between the CPE and the controller relies on a global registry. The CPE is deployed by the customer, and the verification of the registered node, CPE, and controller can be solved by certificate authentication.

但是SD-WAN系统不仅需要防止未授权CPE上线,也应防止CPE未经授权的绑定任意控制器,而当前的实现存在安全隐患。However, SD-WAN systems not only need to prevent unauthorized CPE from going online, but also prevent CPE from binding any controller without authorization, and the current implementation has security risks.

发明内容SUMMARY OF THE INVENTION

有鉴于此,本发明实施例期望提供一种终端设备认证方法、装置和计算机可读存储介质。In view of this, embodiments of the present invention are expected to provide a terminal device authentication method, apparatus, and computer-readable storage medium.

为达到上述目的,本发明实施例的技术方案是这样实现的:In order to achieve the above-mentioned purpose, the technical scheme of the embodiment of the present invention is realized as follows:

本发明实施例提供了一种终端设备认证方法,该方法应用于控制器,包括:接收注册节点发送的认证标识;An embodiment of the present invention provides a terminal device authentication method, which is applied to a controller and includes: receiving an authentication identifier sent by a registration node;

基于所述认证标识与客户端前置设备CPE进行校验;Verifying with the client front-end equipment CPE based on the authentication identifier;

确定校验成功,则执行CPE的注册流程。If it is determined that the verification is successful, the registration process of the CPE is executed.

其中,所述接收注册节点发送的认证标识,包括:Wherein, the receiving the authentication identifier sent by the registration node includes:

接收注册节点定期主动发起更新的所述认证标识;或者,Receive the authentication identifier that the registration node actively initiates to update on a regular basis; or,

向注册节点发起更新请求后接收到的所述认证标识。The authentication identifier received after initiating an update request to the registration node.

其中,所述接收注册节点发送的认证标识,包括:Wherein, the receiving the authentication identifier sent by the registration node includes:

通过北向接口接收所述注册节点发送的认证标识。The authentication identifier sent by the registration node is received through the northbound interface.

其中,所述基于所述认证标识与客户端前置设备CPE进行校验,包括:判断所述认证标识与CPE接收的认证标识是否一致;The performing verification with the client front-end equipment CPE based on the authentication identifier includes: judging whether the authentication identifier is consistent with the authentication identifier received by the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

其中,所述判断所述认证标识与CPE接收的认证标识是否一致,包括:Wherein, the judging whether the authentication identifier is consistent with the authentication identifier received by the CPE includes:

在与CPE交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the NetConf Hello handshake message of the network configuration protocol interacted with the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证方法,该方法应用于客户端前置设备CPE,包括:The embodiment of the present invention also provides a terminal equipment authentication method, the method is applied to the client front-end equipment CPE, including:

接收注册节点发送的认证标识;Receive the authentication identifier sent by the registered node;

基于所述认证标识与控制器进行校验;Verifying with the controller based on the authentication identifier;

确定校验成功,则执行CPE的注册流程。If it is determined that the verification is successful, the registration process of the CPE is executed.

其中,所述接收注册节点发送的认证标识,包括:Wherein, the receiving the authentication identifier sent by the registration node includes:

接收注册节点发送的注册响应消息;所述注册响应消息中携带所述认证标识。A registration response message sent by a registration node is received; the registration response message carries the authentication identifier.

可选的,所述接收注册节点发送的认证标识之前,该方法还包括:Optionally, before receiving the authentication identifier sent by the registration node, the method further includes:

向注册节点发送注册请求消息。Send a registration request message to the registration node.

其中,所述基于所述认证标识与控制器进行校验,包括:Wherein, the verification with the controller based on the authentication identifier includes:

判断所述认证标识与控制器接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

其中,所述判断所述认证标识与控制器接收的认证标识是否一致,包括:Wherein, the judging whether the authentication identifier is consistent with the authentication identifier received by the controller includes:

在与控制器交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the network configuration protocol NetConf Hello handshake message interacting with the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证方法,该方法应用于注册节点,包括:The embodiment of the present invention also provides a terminal device authentication method, and the method is applied to a registration node, including:

向控制器和/或客户端前置设备CPE发送认证标识;Send the authentication identifier to the controller and/or the client front-end equipment CPE;

所述认证标识,用于控制器与客户端进行校验并在校验成功后进行CPE的注册流程。The authentication identifier is used for the controller to verify with the client and to perform the registration process of the CPE after the verification is successful.

其中,向控制器发送认证标识,包括:Among them, send the authentication identifier to the controller, including:

定期主动向控制器发送更新的认证标识;或者,Periodically proactively send updated authentication IDs to the controller; or,

收到控制器发起的更新请求后,在反馈的更新响应中携带所述认证标识。After receiving the update request initiated by the controller, the authentication identifier is carried in the feedback update response.

其中,向CPE发送认证标识,包括:Among them, send the certification mark to the CPE, including:

向CPE发送注册响应消息;所述注册响应消息中携带所述认证标识。Send a registration response message to the CPE; the registration response message carries the authentication identifier.

本发明实施例还提供了一种终端设备认证装置,该装置应用于控制器,包括:The embodiment of the present invention also provides a terminal device authentication apparatus, and the apparatus is applied to the controller, including:

第一接收模块,用于接收注册节点发送的认证标识;a first receiving module, configured to receive the authentication identifier sent by the registration node;

第一校验模块,用于基于所述认证标识与客户端前置设备CPE进行校验;确定校验成功,则执行CPE的注册流程。The first verification module is configured to perform verification with the client front-end equipment CPE based on the authentication identifier; if it is determined that the verification is successful, the registration process of the CPE is executed.

本发明实施例还提供了一种终端设备认证装置,该装置应用于客户端前置设备CPE,包括:The embodiment of the present invention also provides a terminal equipment authentication apparatus, the apparatus is applied to the client front-end equipment CPE, including:

第二接收模块,用于接收注册节点发送的认证标识;a second receiving module, configured to receive the authentication identifier sent by the registration node;

第二校验模块,用于基于所述认证标识与控制器进行校验;确定校验成功,则执行CPE的注册流程。The second verification module is configured to perform verification with the controller based on the authentication identifier; if it is determined that the verification is successful, the registration process of the CPE is executed.

本发明实施例还提供了一种终端设备认证装置,该装置应用于注册节点,包括:The embodiment of the present invention also provides a terminal device authentication device, the device is applied to a registration node, including:

发送模块,用于向控制器和/或客户端前置设备CPE发送认证标识;The sending module is used to send the authentication identifier to the controller and/or the client front-end equipment CPE;

所述认证标识,用于控制器与客户端进行校验并在校验成功后进行CPE的注册流程。The authentication identifier is used for the controller to verify with the client and to perform the registration process of the CPE after the verification is successful.

本发明实施例还提供了一种终端设备认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present invention further provides an apparatus for authenticating a terminal device, the apparatus comprising: a processor and a memory for storing a computer program that can be run on the processor,

其中,所述处理器用于运行所述计算机程序时,执行上述方法的步骤。Wherein, the processor is configured to execute the steps of the above method when running the computer program.

本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现上述方法的步骤。Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above method.

本发明实施例提供的终端设备认证方法、装置和计算机可读存储介质,控制器接收注册节点发送的认证标识;基于所述认证标识与客户端前置设备CPE进行校验;确定校验成功,则执行CPE的注册流程。可见,本发明实施例中,如果注册节点是仿冒节点,则仿冒的注册节点不可能给控制器发送认证标识;如果CPE要跳过注册节点直接访问控制器,则CPE不会有正确的认证标识,那么也就无法完成CPE的注册,从而解决了CPE绕过注册节点直接连接控制器的问题。In the terminal device authentication method, device, and computer-readable storage medium provided by the embodiments of the present invention, the controller receives the authentication identifier sent by the registration node; performs verification with the client front-end equipment CPE based on the authentication identifier; determines that the verification is successful, Then the registration process of the CPE is executed. It can be seen that in this embodiment of the present invention, if the registered node is a counterfeit node, the counterfeit registered node cannot send an authentication identifier to the controller; if the CPE skips the registered node and directly accesses the controller, the CPE will not have the correct authentication identifier , then the registration of the CPE cannot be completed, thus solving the problem that the CPE bypasses the registration node and directly connects to the controller.

附图说明Description of drawings

图1为本发明实施例所述终端设备认证方法流程示意图一;FIG. 1 is a schematic flowchart 1 of a terminal device authentication method according to an embodiment of the present invention;

图2为本发明实施例所述终端设备认证方法流程示意图二;FIG. 2 is a second schematic flowchart of a terminal device authentication method according to an embodiment of the present invention;

图3为本发明实施例所述终端设备认证方法流程示意图三;3 is a third schematic flowchart of a terminal device authentication method according to an embodiment of the present invention;

图4为本发明实施例所述终端设备认证装置结构示意图一;FIG. 4 is a schematic structural diagram 1 of a terminal device authentication apparatus according to an embodiment of the present invention;

图5为本发明实施例所述终端设备认证装置结构示意图二;FIG. 5 is a second schematic structural diagram of a terminal device authentication apparatus according to an embodiment of the present invention;

图6为本发明实施例所述终端设备认证装置结构示意图三;FIG. 6 is a third schematic structural diagram of a terminal device authentication apparatus according to an embodiment of the present invention;

图7为本发明实施例所述终端设备认证装置结构示意图四;FIG. 7 is a fourth schematic structural diagram of a terminal device authentication apparatus according to an embodiment of the present invention;

图8为本发明场景实施例所述系统交互示意图。FIG. 8 is a schematic diagram of system interaction according to a scenario embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图和实施例对本发明进行描述。The present invention will be described below with reference to the accompanying drawings and embodiments.

可知,当前的SD-WAN系统实现存在安全隐患:首先,在DNS被攻击时可能会导致伪注册节点给CPE分配控制器;其次,CPE在知道控制器地址的情况下,可以绕过注册节点直接连接控制器。It can be seen that the current SD-WAN system implementation has security risks: first, when the DNS is attacked, it may cause the pseudo-registered node to assign a controller to the CPE; secondly, when the CPE knows the address of the controller, it can bypass the registered node and directly Connect the controller.

基于此,本发明实施例提供了一种终端设备认证方法,如图1所示,该方法应用于控制器,包括:Based on this, an embodiment of the present invention provides a terminal device authentication method. As shown in FIG. 1 , the method is applied to a controller, including:

步骤101:接收注册节点发送的认证标识;Step 101: Receive the authentication identifier sent by the registration node;

步骤102:基于所述认证标识与客户端前置设备CPE进行校验;Step 102: Check with the client front-end equipment CPE based on the authentication identifier;

步骤103:确定校验成功,则执行CPE的注册流程。Step 103: If it is determined that the verification is successful, the registration process of the CPE is executed.

本发明实施例中,所述接收注册节点发送的认证标识,包括:In this embodiment of the present invention, the receiving the authentication identifier sent by the registration node includes:

接收注册节点定期主动发起更新的所述认证标识;或者,Receive the authentication identifier that the registration node actively initiates to update on a regular basis; or,

向注册节点发起更新请求后接收到的所述认证标识。The authentication identifier received after initiating an update request to the registration node.

本发明实施例中,所述接收注册节点发送的认证标识,包括:In this embodiment of the present invention, the receiving the authentication identifier sent by the registration node includes:

通过北向接口接收所述注册节点发送的认证标识。The authentication identifier sent by the registration node is received through the northbound interface.

本发明实施例中,所述基于所述认证标识与客户端前置设备CPE进行校验,包括:In the embodiment of the present invention, the verification with the client front-end equipment CPE based on the authentication identifier includes:

判断所述认证标识与CPE接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例中,所述判断所述认证标识与CPE接收的认证标识是否一致,包括:In this embodiment of the present invention, the judging whether the authentication identifier is consistent with the authentication identifier received by the CPE includes:

在与CPE交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the NetConf Hello handshake message of the network configuration protocol interacted with the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证方法,如图2所示,该方法应用于客户端前置设备CPE,包括:An embodiment of the present invention also provides a terminal device authentication method. As shown in FIG. 2 , the method is applied to the client front-end device CPE, including:

步骤201:接收注册节点发送的认证标识;Step 201: Receive the authentication identifier sent by the registration node;

步骤202:基于所述认证标识与控制器进行校验;Step 202: verifying with the controller based on the authentication identifier;

步骤203:确定校验成功,则执行CPE的注册流程。Step 203: If it is determined that the verification is successful, the registration process of the CPE is executed.

本发明实施例中,所述接收注册节点发送的认证标识,包括:In this embodiment of the present invention, the receiving the authentication identifier sent by the registration node includes:

接收注册节点发送的注册响应消息;所述注册响应消息中携带所述认证标识。A registration response message sent by a registration node is received; the registration response message carries the authentication identifier.

本发明一个实施例中,所述接收注册节点发送的认证标识之前,该方法还包括:In an embodiment of the present invention, before the receiving the authentication identifier sent by the registration node, the method further includes:

向注册节点发送注册请求消息。Send a registration request message to the registration node.

本发明实施例中,所述基于所述认证标识与控制器进行校验,包括:In the embodiment of the present invention, the verification with the controller based on the authentication identifier includes:

判断所述认证标识与控制器接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例中,所述判断所述认证标识与控制器接收的认证标识是否一致,包括:In this embodiment of the present invention, the judging whether the authentication identifier is consistent with the authentication identifier received by the controller includes:

在与控制器交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the network configuration protocol NetConf Hello handshake message interacting with the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证方法,如图3所示,该方法应用于注册节点,包括:An embodiment of the present invention also provides a terminal device authentication method. As shown in FIG. 3 , the method is applied to a registration node, including:

步骤301:向控制器和/或客户端前置设备CPE发送认证标识;Step 301: Send an authentication identifier to the controller and/or the client front-end equipment CPE;

步骤302:所述认证标识,用于控制器与客户端进行校验并在校验成功后进行CPE的注册流程。Step 302: The authentication identifier is used for the controller to verify with the client and to perform the CPE registration process after the verification is successful.

本发明实施例中,向控制器发送认证标识,包括:In this embodiment of the present invention, sending an authentication identifier to the controller includes:

定期主动向控制器发送更新的认证标识;或者,Periodically proactively send updated authentication IDs to the controller; or,

收到控制器发起的更新请求后,在反馈的更新响应中携带所述认证标识。After receiving the update request initiated by the controller, the authentication identifier is carried in the feedback update response.

本发明实施例中,向CPE发送认证标识,包括:In this embodiment of the present invention, sending an authentication identifier to the CPE includes:

向CPE发送注册响应消息;所述注册响应消息中携带所述认证标识。Send a registration response message to the CPE; the registration response message carries the authentication identifier.

为了实现上述方法实施例,本发明实施例还提供了一种终端设备认证装置,如图4所示,该装置应用于控制器,包括:In order to implement the above method embodiments, an embodiment of the present invention further provides an apparatus for authenticating terminal equipment. As shown in FIG. 4 , the apparatus is applied to a controller, including:

第一接收模块401,用于接收注册节点发送的认证标识;The first receiving module 401 is configured to receive the authentication identifier sent by the registration node;

第一校验模块402,用于基于所述认证标识与客户端前置设备CPE进行校验;确定校验成功,则执行CPE的注册流程。The first verification module 402 is configured to perform verification with the client front-end equipment CPE based on the authentication identifier; if it is determined that the verification is successful, the registration process of the CPE is executed.

本发明实施例中,所述第一接收模块401接收注册节点发送的认证标识,包括:In this embodiment of the present invention, the first receiving module 401 receives the authentication identifier sent by the registration node, including:

接收注册节点定期主动发起更新的所述认证标识;或者,Receive the authentication identifier that the registration node actively initiates to update on a regular basis; or,

向注册节点发起更新请求后接收到的所述认证标识。The authentication identifier received after initiating an update request to the registration node.

本发明实施例中,所述第一接收模块401接收注册节点发送的认证标识,包括:In this embodiment of the present invention, the first receiving module 401 receives the authentication identifier sent by the registration node, including:

通过北向接口接收所述注册节点发送的认证标识。The authentication identifier sent by the registration node is received through the northbound interface.

本发明实施例中,所述第一校验模块402基于所述认证标识与客户端前置设备CPE进行校验,包括:In this embodiment of the present invention, the first verification module 402 performs verification with the client front-end equipment CPE based on the authentication identifier, including:

判断所述认证标识与CPE接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例中,所述第一校验模块402判断所述认证标识与CPE接收的认证标识是否一致,包括:In this embodiment of the present invention, the first verification module 402 determines whether the authentication identifier is consistent with the authentication identifier received by the CPE, including:

在与CPE交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the NetConf Hello handshake message of the network configuration protocol interacted with the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证装置,如图5所示,该装置应用于客户端前置设备CPE,包括:An embodiment of the present invention further provides a terminal equipment authentication apparatus. As shown in FIG. 5 , the apparatus is applied to the client front-end equipment CPE, including:

第二接收模块501,用于接收注册节点发送的认证标识;The second receiving module 501 is configured to receive the authentication identifier sent by the registration node;

第二校验模块502,用于基于所述认证标识与控制器进行校验;确定校验成功,则执行CPE的注册流程。The second verification module 502 is configured to perform verification with the controller based on the authentication identifier; if it is determined that the verification is successful, the registration process of the CPE is executed.

本发明实施例中,所述第二接收模块501接收注册节点发送的认证标识,包括:In this embodiment of the present invention, the second receiving module 501 receives the authentication identifier sent by the registration node, including:

接收注册节点发送的注册响应消息;所述注册响应消息中携带所述认证标识。A registration response message sent by a registration node is received; the registration response message carries the authentication identifier.

本发明一个实施例中,如图6所示,该装置还包括:注册模块503;In an embodiment of the present invention, as shown in FIG. 6 , the apparatus further includes: a registration module 503;

所述第二接收模块501接收注册节点发送的认证标识之前,Before the second receiving module 501 receives the authentication identifier sent by the registration node,

所述注册模块503,用于向注册节点发送注册请求消息。The registration module 503 is configured to send a registration request message to the registration node.

本发明实施例中,所述第二校验模块502基于所述认证标识与控制器进行校验,包括:In this embodiment of the present invention, the second verification module 502 performs verification with the controller based on the authentication identifier, including:

判断所述认证标识与控制器接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例中,所述第二校验模块502判断所述认证标识与控制器接收的认证标识是否一致,包括:In this embodiment of the present invention, the second verification module 502 determines whether the authentication identifier is consistent with the authentication identifier received by the controller, including:

在与控制器交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the network configuration protocol NetConf Hello handshake message interacting with the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证装置,如图7所示,该装置应用于注册节点,包括:An embodiment of the present invention also provides a terminal device authentication device, as shown in FIG. 7 , the device is applied to a registration node, including:

发送模块701,用于向控制器和/或客户端前置设备CPE发送认证标识;A sending module 701, configured to send an authentication identifier to the controller and/or the client front-end equipment CPE;

所述认证标识,用于控制器与客户端进行校验并在校验成功后进行CPE的注册流程。The authentication identifier is used for the controller to verify with the client and to perform the registration process of the CPE after the verification is successful.

本发明实施例中,所述发送模块701向控制器发送认证标识,包括:In this embodiment of the present invention, the sending module 701 sends an authentication identifier to the controller, including:

定期主动向控制器发送更新的认证标识;或者,Periodically proactively send updated authentication IDs to the controller; or,

如图7所示,该装置还包括:第三接收模块702,As shown in FIG. 7, the apparatus further includes: a third receiving module 702,

所述第三接收模块702收到控制器发起的更新请求后,所述发送模块701在反馈的更新响应中携带所述认证标识。After the third receiving module 702 receives the update request initiated by the controller, the sending module 701 carries the authentication identifier in the feedback update response.

本发明实施例中,所述发送模块701向CPE发送认证标识,包括:In this embodiment of the present invention, the sending module 701 sends an authentication identifier to the CPE, including:

向CPE发送注册响应消息;所述注册响应消息中携带所述认证标识。Send a registration response message to the CPE; the registration response message carries the authentication identifier.

本发明实施例还提供了一种终端设备认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present invention further provides an apparatus for authenticating a terminal device, the apparatus comprising: a processor and a memory for storing a computer program that can be run on the processor,

其中,所述处理器用于运行所述计算机程序时,执行:Wherein, when the processor is configured to run the computer program, execute:

接收注册节点发送的认证标识;Receive the authentication identifier sent by the registered node;

基于所述认证标识与客户端前置设备CPE进行校验;Verifying with the client front-end equipment CPE based on the authentication identifier;

确定校验成功,则执行CPE的注册流程。If it is determined that the verification is successful, the registration process of the CPE is executed.

所述接收注册节点发送的认证标识时,所述处理器还用于运行所述计算机程序时,执行:When the authentication identifier sent by the registration node is received, the processor is further configured to, when running the computer program, execute:

接收注册节点定期主动发起更新的所述认证标识;或者,Receive the authentication identifier that the registration node actively initiates to update on a regular basis; or,

向注册节点发起更新请求后接收到的所述认证标识。The authentication identifier received after initiating an update request to the registration node.

所述接收注册节点发送的认证标识时,所述处理器还用于运行所述计算机程序时,执行:When the authentication identifier sent by the registration node is received, the processor is further configured to, when running the computer program, execute:

通过北向接口接收所述注册节点发送的认证标识。The authentication identifier sent by the registration node is received through the northbound interface.

所述基于所述认证标识与客户端前置设备CPE进行校验时,所述处理器还用于运行所述计算机程序时,执行:When the verification is performed with the client front-end equipment CPE based on the authentication identifier, the processor is further configured to execute: when running the computer program:

判断所述认证标识与CPE接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

所述判断所述认证标识与CPE接收的认证标识是否一致时,所述处理器还用于运行所述计算机程序时,执行:When judging whether the authentication identifier is consistent with the authentication identifier received by the CPE, the processor is further configured to execute the following when running the computer program:

在与CPE交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the NetConf Hello handshake message of the network configuration protocol interacted with the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present invention further provides an apparatus for authenticating a terminal device, the apparatus comprising: a processor and a memory for storing a computer program that can be run on the processor,

其中,所述处理器用于运行所述计算机程序时,执行:Wherein, when the processor is configured to run the computer program, execute:

接收注册节点发送的认证标识;Receive the authentication identifier sent by the registered node;

基于所述认证标识与控制器进行校验;Verifying with the controller based on the authentication identifier;

确定校验成功,则执行CPE的注册流程。If it is determined that the verification is successful, the registration process of the CPE is executed.

所述接收注册节点发送的认证标识时,所述处理器用于运行所述计算机程序时,执行:When the authentication identifier sent by the registration node is received, when the processor is configured to run the computer program, execute:

接收注册节点发送的注册响应消息;所述注册响应消息中携带所述认证标识。A registration response message sent by a registration node is received; the registration response message carries the authentication identifier.

所述接收注册节点发送的认证标识之前,所述处理器用于运行所述计算机程序时,执行:Before receiving the authentication identifier sent by the registration node, when the processor is configured to run the computer program, execute:

向注册节点发送注册请求消息。Send a registration request message to the registration node.

所述基于所述认证标识与控制器进行校验时,所述处理器用于运行所述计算机程序时,执行:When the verification is performed with the controller based on the authentication identifier, when the processor is configured to run the computer program, execute:

判断所述认证标识与控制器接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the controller;

确定两者的认证标识一致,则校验成功Make sure that the authentication marks of the two are the same, then the verification is successful

所述判断所述认证标识与控制器接收的认证标识是否一致时,所述处理器用于运行所述计算机程序时,执行:When judging whether the authentication identifier is consistent with the authentication identifier received by the controller, when the processor is used to run the computer program, execute:

在与控制器交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the network configuration protocol NetConf Hello handshake message interacting with the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种终端设备认证装置,该装置包括:处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present invention further provides an apparatus for authenticating a terminal device, the apparatus comprising: a processor and a memory for storing a computer program that can be run on the processor,

其中,所述处理器用于运行所述计算机程序时,执行:Wherein, when the processor is configured to run the computer program, execute:

向控制器和/或客户端前置设备CPE发送认证标识;Send the authentication identifier to the controller and/or the client front-end equipment CPE;

所述认证标识,用于控制器与客户端进行校验并在校验成功后进行CPE的注册流程。The authentication identifier is used for the controller to verify with the client and to perform the registration process of the CPE after the verification is successful.

向控制器发送认证标识时,所述处理器用于运行所述计算机程序时,执行:When sending the authentication identifier to the controller, when the processor is configured to run the computer program, execute:

定期主动向控制器发送更新的认证标识;或者,Periodically proactively send updated authentication IDs to the controller; or,

收到控制器发起的更新请求后,在反馈的更新响应中携带所述认证标识。After receiving the update request initiated by the controller, the authentication identifier is carried in the feedback update response.

向CPE发送认证标识时,所述处理器用于运行所述计算机程序时,执行:When sending the authentication identifier to the CPE, when the processor is configured to run the computer program, execute:

向CPE发送注册响应消息;所述注册响应消息中携带所述认证标识。Send a registration response message to the CPE; the registration response message carries the authentication identifier.

需要说明的是:上述实施例提供的装置在进行终端设备认证时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将设备的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的装置与相应方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that when the apparatus provided in the above embodiment performs terminal device authentication, only the division of the above program modules is used as an example. The internal structure of the device is divided into different program modules to complete all or part of the processing described above. In addition, the apparatuses provided in the foregoing embodiments belong to the same concept as the corresponding method embodiments, and the specific implementation process thereof is detailed in the method embodiments, which will not be repeated here.

在示例性实施例中,本发明实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质可以是FRAM、ROM、PROM、EPROM、EEPROM、Flash Memory、磁表面存储器、光盘、或CD-ROM等存储器;也可以是包括上述存储器之一或任意组合的各种设备,如移动电话、计算机、平板设备、个人数字助理等。In an exemplary embodiment, an embodiment of the present invention further provides a computer-readable storage medium, and the computer-readable storage medium may be FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface memory, optical disk, Or memory such as CD-ROM; it can also be various devices including one or any combination of the above memories, such as mobile phones, computers, tablet devices, personal digital assistants, etc.

本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时,执行:Embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, executes:

接收注册节点发送的认证标识;Receive the authentication identifier sent by the registered node;

基于所述认证标识与客户端前置设备CPE进行校验;Verifying with the client front-end equipment CPE based on the authentication identifier;

确定校验成功,则执行CPE的注册流程。If it is determined that the verification is successful, the registration process of the CPE is executed.

所述接收注册节点发送的认证标识时,所述计算机程序被处理器运行时,还执行:When the authentication identifier sent by the registration node is received, when the computer program is run by the processor, the computer program further executes:

接收注册节点定期主动发起更新的所述认证标识;或者,Receive the authentication identifier that the registration node actively initiates to update on a regular basis; or,

向注册节点发起更新请求后接收到的所述认证标识。The authentication identifier received after initiating an update request to the registration node.

所述接收注册节点发送的认证标识时,所述计算机程序被处理器运行时,还执行:When the authentication identifier sent by the registration node is received, when the computer program is run by the processor, the computer program further executes:

通过北向接口接收所述注册节点发送的认证标识。The authentication identifier sent by the registration node is received through the northbound interface.

所述基于所述认证标识与客户端前置设备CPE进行校验时,所述计算机程序被处理器运行时,还执行:When the verification is performed with the client front-end equipment CPE based on the authentication identifier, when the computer program is run by the processor, the computer program also executes:

判断所述认证标识与CPE接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

所述判断所述认证标识与CPE接收的认证标识是否一致时,所述计算机程序被处理器运行时,还执行:When judging whether the authentication identifier is consistent with the authentication identifier received by the CPE, when the computer program is run by the processor, it also executes:

在与CPE交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the NetConf Hello handshake message of the network configuration protocol interacted with the CPE;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时,执行:Embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, executes:

接收注册节点发送的认证标识;Receive the authentication identifier sent by the registered node;

基于所述认证标识与控制器进行校验;Verifying with the controller based on the authentication identifier;

确定校验成功,则执行CPE的注册流程。If it is determined that the verification is successful, the registration process of the CPE is executed.

所述接收注册节点发送的认证标识时,所述处理器用于运行所述计算机程序时,执行:When the authentication identifier sent by the registration node is received, when the processor is configured to run the computer program, execute:

接收注册节点发送的注册响应消息;所述注册响应消息中携带所述认证标识。A registration response message sent by a registration node is received; the registration response message carries the authentication identifier.

所述接收注册节点发送的认证标识之前,所述处理器用于运行所述计算机程序时,执行:Before receiving the authentication identifier sent by the registration node, when the processor is configured to run the computer program, execute:

向注册节点发送注册请求消息。Send a registration request message to the registration node.

所述基于所述认证标识与控制器进行校验时,所述处理器用于运行所述计算机程序时,执行:When the verification is performed with the controller based on the authentication identifier, when the processor is configured to run the computer program, execute:

判断所述认证标识与控制器接收的认证标识是否一致;Determine whether the authentication identifier is consistent with the authentication identifier received by the controller;

确定两者的认证标识一致,则校验成功Make sure that the authentication marks of the two are the same, then the verification is successful

所述判断所述认证标识与控制器接收的认证标识是否一致时,所述处理器用于运行所述计算机程序时,执行:When judging whether the authentication identifier is consistent with the authentication identifier received by the controller, when the processor is used to run the computer program, execute:

在与控制器交互的网络配置协议NetConf Hello握手报文中携带所述认证标识;Carry the authentication identifier in the network configuration protocol NetConf Hello handshake message interacting with the controller;

确定两者的认证标识一致,则校验成功。It is determined that the authentication identifiers of the two are the same, and the verification is successful.

本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时,执行:Embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, executes:

向控制器和/或客户端前置设备CPE发送认证标识;Send the authentication identifier to the controller and/or the client front-end equipment CPE;

所述认证标识,用于控制器与客户端进行校验并在校验成功后进行CPE的注册流程。The authentication identifier is used for the controller to verify with the client and to perform the registration process of the CPE after the verification is successful.

向控制器发送认证标识时,所述处理器用于运行所述计算机程序时,执行:When sending the authentication identifier to the controller, when the processor is configured to run the computer program, execute:

定期主动向控制器发送更新的认证标识;或者,Periodically proactively send updated authentication IDs to the controller; or,

收到控制器发起的更新请求后,在反馈的更新响应中携带所述认证标识。After receiving the update request initiated by the controller, the authentication identifier is carried in the feedback update response.

向CPE发送认证标识时,所述处理器用于运行所述计算机程序时,执行:When sending the authentication identifier to the CPE, when the processor is configured to run the computer program, execute:

向CPE发送注册响应消息;所述注册响应消息中携带所述认证标识。Send a registration response message to the CPE; the registration response message carries the authentication identifier.

下面结合场景实施例对本发明进行描述。The present invention will be described below with reference to scenario embodiments.

本实施例通过引入暗号(即:认证标识)机制消除了安全隐患。如图8所示,可由注册节点告知CPE和控制器一个暗号。This embodiment eliminates potential safety hazards by introducing a cryptogram (ie, an authentication identifier) mechanism. As shown in Figure 8, the CPE and the controller can be informed of a secret signal by the registration node.

在实际应用过程中,注册节点可定期主动给控制器更新暗号;或者,In the actual application process, the registration node can actively update the password to the controller regularly; or,

注册节点收到控制器发起的更新请求后,在反馈的更新响应中携带所述暗号。After receiving the update request initiated by the controller, the registration node carries the secret code in the feedback update response.

在实际应用过程中,当CPE上线后给注册节点发送注册请求时,注册节点给CPE发送最新的暗号。In the actual application process, when the CPE sends a registration request to the registration node after going online, the registration node sends the latest secret code to the CPE.

这样,如果注册节点是仿冒节点,则仿冒的注册节点不可能给控制器发送暗号;如果CPE要跳过注册节点直接访问控制器,则CPE不会有正确的暗号,也就不能完成CPE的注册。因此,可解决CPE绕过注册节点直接连接控制器的问题。In this way, if the registered node is a counterfeit node, the counterfeit registered node cannot send a secret code to the controller; if the CPE wants to skip the registered node and directly access the controller, the CPE will not have the correct secret code, and the registration of the CPE cannot be completed. . Therefore, the problem that the CPE bypasses the registration node and directly connects to the controller can be solved.

其中,所述暗号是一个随机数,可以有不同的粒度,可以是定时刷新的每客户暗号,也可以是定时刷新的每控制器暗号。Wherein, the secret code is a random number, which may have different granularities, and may be the secret code of each client refreshed regularly, or the secret code of each controller refreshed regularly.

关于暗号的发放:暗号发放机制在控制器上可以通过增加一个北向接口来实现,在CPE上可以通过增强注册响应消息来实现,具体如下:About the issuance of ciphers: The cipher issuance mechanism can be implemented by adding a northbound interface on the controller, and can be implemented by enhancing the registration response message on the CPE, as follows:

控制器可以通过多种方式来获取暗号,其中一种是可以在北向接口的Rest API调用中增加一个URI来传入参数给控制器;The controller can obtain the secret code in various ways, one of which is to add a URI to the Rest API call of the northbound interface to pass parameters to the controller;

CPE可以通过注册节点发送的注册响应消息中增加暗号来实现;CPE can be implemented by adding a cipher to the registration response message sent by the registration node;

传输时可采用加密方式来进行,控制器北向接口和CPE可以采用HTTPS来承载信息的分发。Encryption can be used for transmission, and the northbound interface of the controller and the CPE can use HTTPS to distribute information.

对于获取了暗号的控制器和CPE,可以通过增强NetConf协议来进行。For controllers and CPEs that have obtained secret codes, the NetConf protocol can be enhanced.

NetConf是电信网络设备的主流管控协议。目前的终端设备入网第一步(通用)需要连接控制器;然后控制器通过NetConf来对设备进行合法性校验。这里合法性的校验主要通过NetConf的底层传输协议SSH来进行。NetConf is a mainstream control protocol for telecom network equipment. The first step (generally) of the current terminal equipment entering the network needs to be connected to the controller; then the controller verifies the validity of the equipment through NetConf. The validity check here is mainly carried out through the underlying transmission protocol SSH of NetConf.

在本实施例中,通过增强NetConf Hello握手来进行。控制器给CPE发的以及CPE给控制器发送的Hello报文中分别携带暗号,如果对方暗号和自己已知的匹配,则成功通过校验,否则校验失败。In this embodiment, it is done by enhancing the NetConf Hello handshake. The Hello message sent by the controller to the CPE and the Hello message sent by the CPE to the controller respectively carry the secret code. If the secret code of the other party matches the known one, the verification succeeds; otherwise, the verification fails.

现有机制中NetConf控制器和CPE之间建立会话时,必须交换各自支持的能力集,双方收到对方的能力集后才可以进行下一步操作。如下CPE发送的HELLO报文内容所示,在Hello中增加暗号字段(Code)来实现对暗号。In the existing mechanism, when a session is established between the NetConf controller and the CPE, the capability sets supported by each must be exchanged, and the two parties can proceed to the next step after receiving the capability set of the other party. As shown in the content of the HELLO message sent by the CPE below, add a code field (Code) to Hello to implement the code matching.

Figure BDA0002701841510000141
Figure BDA0002701841510000141

上述报文中<capabilities>和</capabilities>之间的内容表示控制器与CPE自身支持的能力集。CPE发送的Hello报文包含<session-id>标签,该XML内容表示CPE为本次会话分配的会话ID,用来唯一标识本次会话。The content between <capabilities> and </capabilities> in the preceding message indicates the capability set supported by the controller and the CPE itself. The Hello packet sent by the CPE contains the <session-id> tag. The XML content indicates the session ID allocated by the CPE for this session, which is used to uniquely identify this session.

本实施例在CPE向注册节点发送注册请求时,注册节点给CPE发送最新暗号,当CPE收到的暗号与控制器收到的暗号一致时,才允许CPE注册。可见,如果注册节点是仿冒节点,则仿冒的注册节点不可能给控制器发送暗号;如果CPE要跳过注册节点直接访问控制器,则CPE不会有正确的暗号,从而解决了CPE绕过注册节点直接连接控制器的问题。In this embodiment, when the CPE sends a registration request to the registration node, the registration node sends the latest cipher to the CPE, and the CPE is allowed to register only when the cipher received by the CPE is consistent with the cipher received by the controller. It can be seen that if the registered node is a counterfeit node, it is impossible for the counterfeit registered node to send a secret code to the controller; if the CPE wants to skip the registered node and directly access the controller, the CPE will not have the correct secret code, thus solving the problem of CPE bypassing the registration A problem with the node connecting directly to the controller.

以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (18)

1. A terminal equipment authentication method is applied to a controller and comprises the following steps:
receiving an authentication identifier sent by a registration node;
verifying the authentication identifier and the Customer Premise Equipment (CPE) based on the authentication identifier;
and if the verification is successful, executing the registration process of the CPE.
2. The method according to claim 1, wherein said receiving the authentication identifier sent by the registration node comprises:
receiving the authentication identification which is periodically and actively updated by the registered node; or,
and sending the received authentication identification to the registered node after the update request is sent.
3. The method according to claim 1, wherein said receiving the authentication identifier sent by the registration node comprises:
and receiving the authentication identification sent by the registration node through a northbound interface.
4. The method according to claim 1, wherein the checking with the CPE based on the authentication identifier comprises:
judging whether the authentication identification is consistent with the authentication identification received by the CPE;
and if the authentication identifications of the two are determined to be consistent, the verification is successful.
5. The method of claim 4, wherein the determining whether the authentication identifier is consistent with an authentication identifier received by the CPE comprises:
the authentication identification is carried in a network configuration protocol NetConf Hello handshake message interacted with the CPE;
and if the authentication identifications of the two are determined to be consistent, the verification is successful.
6. A terminal equipment authentication method is applied to a Customer Premise Equipment (CPE) and comprises the following steps:
receiving an authentication identifier sent by a registration node;
verifying the controller based on the authentication identifier;
and if the verification is successful, executing the registration process of the CPE.
7. The method according to claim 6, wherein said receiving the authentication identifier sent by the registration node comprises:
receiving a registration response message sent by a registration node; and the registration response message carries the authentication identification.
8. The method according to claim 6 or 7, wherein before receiving the authentication identifier sent by the registration node, the method further comprises:
a registration request message is sent to the registration node.
9. The method of claim 6, wherein the verifying with the controller based on the authentication identifier comprises:
judging whether the authentication identification is consistent with the authentication identification received by the controller;
and if the authentication identifications of the two are determined to be consistent, the verification is successful.
10. The method of claim 9, wherein determining whether the authentication identifier is consistent with an authentication identifier received by a controller comprises:
carrying the authentication identification in a network configuration protocol NetConf Hello handshake message interacted with the controller;
and if the authentication identifications of the two are determined to be consistent, the verification is successful.
11. A terminal equipment authentication method is applied to a registration node and comprises the following steps:
sending an authentication identifier to a controller and/or a Customer Premise Equipment (CPE);
and the authentication identifier is used for verifying the controller and the client and performing a registration process of the CPE after the verification is successful.
12. The method of claim 11, wherein sending the authentication identification to the controller comprises:
periodically and actively sending updated authentication identification to the controller; or,
and after receiving an updating request initiated by the controller, carrying the authentication identifier in a feedback updating response.
13. The method of claim 11, wherein sending the authentication identification to the CPE comprises:
sending a registration response message to the CPE; and the registration response message carries the authentication identification.
14. A terminal equipment authentication device is applied to a controller and comprises the following components:
the first receiving module is used for receiving the authentication identifier sent by the registration node;
the first checking module is used for checking with the Customer Premise Equipment (CPE) based on the authentication identification; and if the verification is successful, executing the registration process of the CPE.
15. An authentication device for terminal equipment, which is applied to a Customer Premise Equipment (CPE), comprising:
the second receiving module is used for receiving the authentication identifier sent by the registration node;
the second check module is used for checking with the controller based on the authentication identification; and if the verification is successful, executing the registration process of the CPE.
16. An authentication device for a terminal device, the device being applied to a registration node, comprising:
the sending module is used for sending the authentication identification to the controller and/or the Customer Premise Equipment (CPE);
and the authentication identifier is used for verifying the controller and the client and performing a registration process of the CPE after the verification is successful.
17. A terminal device authentication apparatus, characterized in that the apparatus comprises: a processor and a memory for storing a computer program capable of running on the processor,
wherein the processor is adapted to perform the steps of the method of any one of claims 1 to 5, or to perform the steps of the method of any one of claims 6 to 10, or to perform the steps of the method of any one of claims 11 to 13, when running the computer program.
18. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5, or carries out the steps of the method of any one of claims 6 to 10, or carries out the steps of the method of any one of claims 11 to 13.
CN202011024819.3A 2020-09-25 2020-09-25 Terminal equipment authentication method and device and computer readable storage medium Pending CN114257393A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011024819.3A CN114257393A (en) 2020-09-25 2020-09-25 Terminal equipment authentication method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011024819.3A CN114257393A (en) 2020-09-25 2020-09-25 Terminal equipment authentication method and device and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN114257393A true CN114257393A (en) 2022-03-29

Family

ID=80789120

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011024819.3A Pending CN114257393A (en) 2020-09-25 2020-09-25 Terminal equipment authentication method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN114257393A (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1992590A (en) * 2005-12-29 2007-07-04 盛大计算机(上海)有限公司 Identity authentication system of network user and method
CN101777992A (en) * 2008-12-24 2010-07-14 华为终端有限公司 Method, equipment and system for logging in gateway
CN102572830A (en) * 2012-01-19 2012-07-11 华为技术有限公司 Method and customer premise equipment (CPE) for terminal access authentication
CN103401884A (en) * 2013-08-16 2013-11-20 深信服网络科技(深圳)有限公司 Authentication method and system for public wireless environment Internet access based on micro message
US20140359733A1 (en) * 2011-12-21 2014-12-04 Warwick Valley Networks Authentication System and Method for Authenticating IP Communications Clients at a Central Device
CN104994118A (en) * 2015-08-11 2015-10-21 吴培希 WiFi authentication system and method based on dynamic password
CN105515781A (en) * 2016-01-19 2016-04-20 上海众人网络安全技术有限公司 Login system of application platform and login method thereof
US9363262B1 (en) * 2008-09-15 2016-06-07 Galileo Processing, Inc. Authentication tokens managed for use with multiple sites
WO2017177551A1 (en) * 2016-04-13 2017-10-19 中兴通讯股份有限公司 Binding method, device and system for customer information and equipment
CN107517151A (en) * 2017-09-30 2017-12-26 中国联合网络通信集团有限公司 User access method, CPE, OLT, switch, vBNG, SDN controller and metropolitan area network
CN108347353A (en) * 2018-02-07 2018-07-31 刘昱 Network collocating method, apparatus and system
CN109936515A (en) * 2017-12-18 2019-06-25 华为技术有限公司 Access configuration method, information providing method and device
JP2020068024A (en) * 2018-10-19 2020-04-30 本田技研工業株式会社 Certification registration system
CN111405555A (en) * 2020-03-12 2020-07-10 深圳联想懂的通信有限公司 Network authentication method and device
CN111447245A (en) * 2020-05-27 2020-07-24 杭州海康威视数字技术股份有限公司 Authentication method, authentication device, electronic equipment and server

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1992590A (en) * 2005-12-29 2007-07-04 盛大计算机(上海)有限公司 Identity authentication system of network user and method
US9363262B1 (en) * 2008-09-15 2016-06-07 Galileo Processing, Inc. Authentication tokens managed for use with multiple sites
CN101777992A (en) * 2008-12-24 2010-07-14 华为终端有限公司 Method, equipment and system for logging in gateway
US20140359733A1 (en) * 2011-12-21 2014-12-04 Warwick Valley Networks Authentication System and Method for Authenticating IP Communications Clients at a Central Device
CN102572830A (en) * 2012-01-19 2012-07-11 华为技术有限公司 Method and customer premise equipment (CPE) for terminal access authentication
CN103401884A (en) * 2013-08-16 2013-11-20 深信服网络科技(深圳)有限公司 Authentication method and system for public wireless environment Internet access based on micro message
CN104994118A (en) * 2015-08-11 2015-10-21 吴培希 WiFi authentication system and method based on dynamic password
CN105515781A (en) * 2016-01-19 2016-04-20 上海众人网络安全技术有限公司 Login system of application platform and login method thereof
WO2017177551A1 (en) * 2016-04-13 2017-10-19 中兴通讯股份有限公司 Binding method, device and system for customer information and equipment
CN107517151A (en) * 2017-09-30 2017-12-26 中国联合网络通信集团有限公司 User access method, CPE, OLT, switch, vBNG, SDN controller and metropolitan area network
CN109936515A (en) * 2017-12-18 2019-06-25 华为技术有限公司 Access configuration method, information providing method and device
CN108347353A (en) * 2018-02-07 2018-07-31 刘昱 Network collocating method, apparatus and system
JP2020068024A (en) * 2018-10-19 2020-04-30 本田技研工業株式会社 Certification registration system
CN111405555A (en) * 2020-03-12 2020-07-10 深圳联想懂的通信有限公司 Network authentication method and device
CN111447245A (en) * 2020-05-27 2020-07-24 杭州海康威视数字技术股份有限公司 Authentication method, authentication device, electronic equipment and server

Similar Documents

Publication Publication Date Title
JP6716745B2 (en) Blockchain-based authorization authentication method, terminal and server using this
CN103503408B (en) system and method for providing access credentials
JP5714768B2 (en) Connection of mobile devices, internet connection means and cloud services
CN104767715B (en) Access control method and equipment
US9025769B2 (en) Method of registering smart phone when accessing security authentication device and method of granting access permission to registered smart phone
CN104917727B (en) A kind of method, system and device of account&#39;s authentication
CN104145465B (en) The method and apparatus of bootstrapping based on group in machine type communication
JP2009537893A (en) Wireless transaction authentication method
CN105188055A (en) Wireless network access method, wireless access point and server
KR20160127167A (en) Multi-factor certificate authority
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
CN109388937B (en) Single sign-on method and sign-on system for multi-factor identity authentication
CN108022100B (en) Cross authentication system and method based on block chain technology
WO2019056971A1 (en) Authentication method and device
CN111163063B (en) Edge application management method and related product
CN114157438A (en) Network equipment management method and device and computer readable storage medium
US10057252B1 (en) System for secure communications
CN113079506B (en) Network security authentication method, device and equipment
CN107547466A (en) A kind of simple network protocol authentication method and device
CN114786170B (en) Uplink data security processing entity switching method, terminal, USIM and system
CN114257393A (en) Terminal equipment authentication method and device and computer readable storage medium
JP6714551B2 (en) Authentication key sharing system and inter-terminal key copying method
US10447688B1 (en) System for secure communications
CN108924828B (en) APN adaptive method, server and terminal
WO2005046119A1 (en) A method of setting up the association between the session transaction identification and the network application entity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220329

RJ01 Rejection of invention patent application after publication