Disclosure of Invention
An object of the embodiments of the present application is to provide a network authentication method and an electronic device, which can avoid the problem of data loss or leakage caused by omission of an administrator, and improve the efficiency of accessing the electronic device into a current local area network, thereby saving time and labor.
In a first aspect, an embodiment of the present application provides a network authentication method, which is applied to an electronic device, and includes:
determining whether a first authentication certificate exists in the current local area network or not through a basic input/output system of the electronic equipment, wherein the first authentication certificate is used for authenticating whether the current local area network is trusted or not;
if so, determining whether the first authentication certificate is matched with the second authentication certificate; wherein the second authentication credential is stored in the electronic device;
and under the condition that the first authentication certificate is matched with the second authentication certificate, controlling the electronic equipment to access the current local area network and starting an operating system of the electronic equipment.
In a possible implementation manner, the determining whether the first authentication certificate and the second authentication certificate match includes:
determining whether the second authentication certificate exists on an on-board network card of the electronic equipment;
if so, authenticating the first authentication certificate and the second authentication certificate to determine whether the first authentication certificate and the second authentication certificate are matched.
In one possible implementation manner, the network authentication method further includes:
if the second authentication certificate does not exist on the on-board network card, determining whether the second authentication certificate injected by the administrator is received or not in a preset time period;
and if the second authentication certificate injected by the administrator is received within the preset time period, storing the second authentication certificate into the on-board network card.
In one possible implementation manner, the network authentication method further includes:
and stopping starting the operating system of the electronic equipment if the second authentication certificate injected by the administrator is not received within the preset time period.
In one possible implementation manner, the network authentication method further includes:
and stopping starting the operating system of the electronic equipment if the first authentication certificate does not exist in the current local area network.
In one possible implementation, if the electronic device authenticates for the first time;
before determining whether the first authentication certificate exists in the current local area network, the method further comprises:
in the process of starting in response to the starting instruction, determining whether an administrator password is received;
if the administrator password is received, verifying the administrator password;
and under the condition that the administrator password passes verification, displaying an authentication interface, wherein the administrator executes preset operation on the authentication interface to start authentication.
In one possible implementation manner, the network authentication method further includes:
and stopping starting the operating system of the electronic equipment under the condition that the administrator password is not verified.
In a second aspect, embodiments of the present application further provide an electronic device, including:
the first determining module is configured to determine whether a first authentication certificate exists in the current local area network through a basic input output system of the electronic equipment, wherein the first authentication certificate is used for authenticating whether the current local area network is trusted or not;
a second determination module configured to determine if the first authentication credential and the second authentication credential match if present; wherein the second authentication credential is stored in the electronic device;
and the control module is configured to control the electronic equipment to be accessed to the current local area network and start an operating system of the electronic equipment under the condition that the first authentication certificate is matched with the second authentication certificate.
In one possible implementation manner, the second determining module is specifically configured to:
determining whether the second authentication certificate exists on an on-board network card of the electronic equipment;
if so, authenticating the first authentication certificate and the second authentication certificate to determine whether the first authentication certificate and the second authentication certificate are matched.
In one possible implementation, the second determining module is further configured to:
if the second authentication certificate does not exist on the on-board network card, determining whether the second authentication certificate injected by the administrator is received or not in a preset time period;
and if the second authentication certificate injected by the administrator is received within the preset time period, storing the second authentication certificate into the on-board network card.
According to the network authentication method, the security of the current local area network is automatically determined through the first authentication certificate of the current local area network and the second authentication certificate stored in the electronic equipment, whether the electronic equipment is controlled to be accessed to the current local area network is further determined, manual operation is not needed, the problem that data is lost or leaked due to omission of an administrator is avoided, the administrator is not needed to manage the electronic equipment one by one, the efficiency of accessing the electronic equipment to the current local area network is greatly improved, and time and labor are saved.
Detailed Description
Various aspects and features of the present application are described herein with reference to the accompanying drawings.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of this application will occur to those skilled in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It should also be understood that, although the present application has been described with reference to some specific examples, a person skilled in the art can certainly realize many other equivalent forms of the present application, all of which are within the protective scope as defined in the present application.
The foregoing and other aspects, features, and advantages of the present application will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application with unnecessary or excessive detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely serve as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments as per the application.
The network authentication method provided by the embodiment of the invention can avoid the problem of data loss or leakage caused by the omission of an administrator, and improves the efficiency of accessing the electronic equipment into the current local area network, thereby saving time and labor. For the convenience of understanding the present application, a detailed description of a network authentication method provided in the present application is first provided.
In practical application, the network authentication method in the embodiment of the application is applied to the electronic device, and an execution subject of the network authentication method is a processor of the electronic device. As shown in fig. 1, a flowchart of a processing method provided in an embodiment of the present application is shown, where specific steps include S101 to S103.
S101, determining whether a first authentication certificate exists in the current local area network or not through a basic input and output system of the electronic equipment, wherein the first authentication certificate is used for authenticating whether the current local area network is trusted or not.
In a specific implementation, when an electronic device such as a computer is started, a basic input/output system is started first, and then an operating system is started after the basic input/output system is operated.
Based on the first authentication certificate, when the user starts the electronic equipment and the basic input output system of the electronic equipment operates, whether the first authentication certificate exists in the current local area network or not is determined through the basic input output system of the electronic equipment.
The first authentication certificate is preconfigured by an administrator corresponding to the current local area network, and one or more first authentication certificates may be stored in the current local area network, and of course, the first authentication certificate may not exist in the initially newly-built local area network. Here, the first authentication certificate is used for the electronic device to authenticate whether the current local area network is trusted or not, which is equivalent to whether the current local area network authenticates the electronic device to be trusted or not.
S102, if so, determining whether the first authentication certificate is matched with the second authentication certificate; wherein the second authentication certificate is stored in the electronic device.
In a specific implementation, in case it is determined that the first authentication certificate exists in the current local area network, it is further determined whether the first authentication certificate matches the second authentication certificate. Wherein the second authentication certificate is pre-stored in the electronic device for the administrator.
And, the second authentication certificate can be mutually matched with the first authentication certificate, optionally the first authentication certificate and the second authentication certificate are generated in pairs, such as symmetric keys, asymmetric keys, hash values, etc.
Optionally, referring to the method flow shown in fig. 2, it is determined whether the first authentication certificate and the second authentication certificate match, wherein the specific steps include S201-S205.
S201, determining whether a second authentication certificate exists on an on-board network card of the electronic device.
S202, if a second authentication certificate exists on the on-board network card, authenticating the first authentication certificate and the second authentication certificate to determine whether the first authentication certificate is matched with the second authentication certificate.
And S203, if the second authentication certificate does not exist on the on-board network card, determining whether the second authentication certificate injected by the administrator is received within a preset time period.
S204, if the second authentication certificate injected by the administrator is received within the preset time period, the second authentication certificate is stored in the on-board network card.
S205, if the second authentication certificate injected by the administrator is not received within the preset time period, stopping starting the operating system of the electronic device.
In a specific implementation, the second authentication certificate is stored on an on-board network card of the electronic device, and there may be an electronic device that does not store the second authentication certificate, for example, in a case where the electronic device is used for the first time, or in a case where the electronic device is used as a security device for the first time, or the like, there may be no second authentication certificate stored on the on-board network card thereof. Therefore, when determining whether the first authentication certificate is matched with the second authentication certificate, determining whether the second authentication certificate exists on the on-board network card of the electronic device.
Under the condition that a second authentication certificate exists on the on-board network card, authenticating the first authentication certificate and the second authentication certificate to determine whether the first authentication certificate is matched with the second authentication certificate, for example, calculating the first authentication certificate and the second authentication certificate according to a first preset encryption algorithm, and determining whether a preset result is obtained; or, calculating the second authentication certificate according to a second preset encryption algorithm, and determining whether the calculated result is identical to the first authentication certificate or not.
In the case that the second authentication certificate does not exist on the on-board network card, that is, the electronic device is not a current electronic device with a trusted local area network. At this time, it may be further determined whether the second authentication certificate injected by the administrator is received within a preset period of time, that is, whether the procedure of configuring the second authentication certificate for the electronic device for the administrator is currently determined.
Optionally, a prompt may be generated and presented to make the administrator aware that the second authentication credential is not present on the electronic device, thereby making the administrator determine whether to inject the second authentication credential. Further, whether the second authentication certificate injected by the administrator is received or not is monitored in real time, if the second authentication certificate injected by the administrator is received within a preset time period, that is, the current process is a process that the administrator configures the second authentication certificate for the electronic device, and at this time, the second authentication certificate is stored in the on-board network card, so that the electronic device is used as a trusted device of the current local area network.
If the second authentication certificate injected by the administrator is not received within the preset time period, the electronic equipment is indicated not to belong to the trusted equipment of the current local area network, so that the starting of the operating system of the electronic equipment is stopped, namely the electronic equipment is not accessed into the current local area network.
It should be noted that, in the case that the first authentication certificate does not exist in the current lan, the current lan is not trusted in the electronic device, and therefore, the starting of the operating system of the electronic device is stopped.
And S103, controlling the electronic equipment to access the current local area network and starting an operating system of the electronic equipment under the condition that the first authentication certificate is matched with the second authentication certificate.
Further, in the case that the first authentication certificate is matched with the second authentication certificate, that is, the electronic device belongs to a trusted device of the current local area network, and the current local area network is trusted to the electronic device, the current local area network controls the electronic device to access the current local area network and starts an operating system of the electronic device.
If the electronic device performs authentication for the first time, before determining whether the first authentication certificate exists in the current local area network, the local area network authentication option can be displayed and the administrator is prompted to input the administrator password in the process of responding to the startup instruction, that is, in the process of starting the basic input/output system, in response to the preset operation performed by the administrator, such as clicking a target key.
And in the target time period, determining whether an administrator password is received, and if the administrator password is received, verifying the administrator password, wherein the administrator password is preset by an administrator, and the basic input output system determines whether the received administrator password is consistent with the administrator password stored by the basic input output system.
In the case that the administrator password is verified, an authentication interface is displayed, and the authentication interface can comprise the first authentication certificate and/or the second authentication certificate, so that the administrator can confirm, update and the like the first authentication certificate and/or the second authentication certificate. The administrator executes preset operation on the authentication interface to start authentication; in the case where the administrator password is not authenticated, it means that the current operation is not an operation of the administrator, that is, the stop starts the operating system of the electronic device.
Under the condition that the first authentication certificate is not matched with the second authentication certificate, detection prompt information can be generated and transmitted to an administrator, so that the administrator can confirm whether update exists in the first authentication certificate and/or the second authentication certificate, the situation that authentication is not passed due to update non-synchronization is avoided, and the user experience is greatly improved.
According to the network authentication method, the security of the current local area network is automatically determined through the first authentication certificate of the current local area network and the second authentication certificate stored in the electronic equipment, whether the electronic equipment is controlled to be accessed to the current local area network is further determined, manual operation is not needed, the problem that data is lost or leaked due to omission of an administrator is avoided, the administrator is not needed to manage the electronic equipment one by one, the efficiency of accessing the electronic equipment to the current local area network is greatly improved, and time and labor are saved.
Based on the same inventive concept, the second aspect of the present application further provides an electronic device corresponding to the network authentication method, and since the principle of solving the problem by the device in the present application is similar to that of the network authentication method described in the present application, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
Fig. 3 shows a schematic diagram of an electronic device provided in an embodiment of the present application, specifically including:
a first determining module 301, configured to determine, by using a basic input output system of the electronic device, whether a first authentication certificate exists in the current local area network, where the first authentication certificate is used to authenticate whether the current local area network is trusted;
a second determination module 302 configured to determine if the first authentication credential and the second authentication credential, if present, match; wherein the second authentication credential is stored in the electronic device;
and the control module 303 is configured to control the electronic device to access the current local area network and start an operating system of the electronic device if the first authentication certificate is matched with the second authentication certificate.
In yet another embodiment, the second determining module 302 is specifically configured to:
determining whether the second authentication certificate exists on an on-board network card of the electronic equipment;
if so, authenticating the first authentication certificate and the second authentication certificate to determine whether the first authentication certificate and the second authentication certificate are matched.
In yet another embodiment, the second determination module 302 is further configured to:
if the second authentication certificate does not exist on the on-board network card, determining whether the second authentication certificate injected by the administrator is received or not in a preset time period;
and if the second authentication certificate injected by the administrator is received within the preset time period, storing the second authentication certificate into the on-board network card.
In yet another embodiment, the electronic device further includes a first stopping module 304 configured to:
and stopping starting the operating system of the electronic equipment if the second authentication certificate injected by the administrator is not received within the preset time period.
In yet another embodiment, the electronic device further comprises a second stopping module 305 configured to:
and stopping starting the operating system of the electronic equipment if the first authentication certificate does not exist in the current local area network.
In yet another embodiment, the electronic device further comprises a presentation module 306 configured to:
in the process of starting in response to the starting instruction, determining whether an administrator password is received;
if the administrator password is received, verifying the administrator password;
and under the condition that the administrator password passes verification, displaying an authentication interface, wherein the administrator executes preset operation on the authentication interface to start authentication.
In yet another embodiment, the electronic device further comprises a third stopping module 307 configured to:
and stopping starting the operating system of the electronic equipment under the condition that the administrator password is not verified.
According to the method and the device for controlling the access of the electronic equipment, the security of the current local area network is automatically determined through the first authentication certificate of the current local area network and the second authentication certificate stored in the electronic equipment, whether the electronic equipment is controlled to be accessed to the current local area network is further determined, manual operation is not needed, the problem that data are lost or leaked due to omission of an administrator is avoided, the administrator is not needed to manage the electronic equipment one by one, the efficiency of accessing the electronic equipment to the current local area network is greatly improved, and time and labor are saved.
The embodiment of the application also provides a storage medium, which is a computer readable medium and stores a computer program, and when the computer program is executed by a processor, the method provided by any embodiment of the application is implemented, including the following steps S11-S13:
s11, determining whether a first authentication certificate exists in the current local area network or not through a basic input output system of the electronic equipment, wherein the first authentication certificate is used for authenticating whether the current local area network is trusted or not;
s12, if so, determining whether the first authentication certificate is matched with the second authentication certificate; wherein the second authentication credential is stored in the electronic device;
and S13, controlling the electronic equipment to be accessed into the current local area network and starting an operating system of the electronic equipment under the condition that the first authentication certificate is matched with the second authentication certificate.
The embodiment of the present application further provides another electronic device, where the schematic structural diagram of the electronic device may at least include a memory 401 and a processor 402, where the memory 401 stores a computer program, and the processor 402 implements the method provided in any embodiment of the present application when executing the computer program on the memory 401 as shown in fig. 4. Exemplary, electronic device computer program steps are as follows S21-S23:
s21, determining whether a first authentication certificate exists in the current local area network or not through a basic input output system of the electronic equipment, wherein the first authentication certificate is used for authenticating whether the current local area network is trusted or not;
s22, if so, determining whether the first authentication certificate is matched with the second authentication certificate; wherein the second authentication credential is stored in the electronic device;
s23, controlling the electronic equipment to be accessed into the current local area network and starting an operating system of the electronic equipment under the condition that the first authentication certificate is matched with the second authentication certificate.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes. Optionally, in this embodiment, the processor performs the method steps described in the above embodiment according to the program code stored in the storage medium. Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments and optional implementations, and this embodiment is not described herein. It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be centralized on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices and, in some cases, the steps shown or described may be performed in a different order than what is shown or described, or they may be implemented as individual integrated circuit modules, or as individual integrated circuit modules. Thus, the present application is not limited to any specific combination of hardware and software.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description is only of the preferred embodiments of the present application and is presented as a description of the principles of the technology being utilized. It will be appreciated by those skilled in the art that the scope of the disclosure referred to in this application is not limited to the specific combination of features described above, but encompasses other embodiments in which features described above or their equivalents may be combined in any way without departing from the spirit of the disclosure. Such as the above-described features and technical features having similar functions (but not limited to) disclosed in the present application are replaced with each other.
Moreover, although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the present application. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are example forms of implementing the claims.
The above embodiments are only exemplary embodiments of the present application and are not intended to limit the present application, the scope of which is defined by the claims. Various modifications and equivalent arrangements may be made to the present application by those skilled in the art, which modifications and equivalents are also considered to be within the scope of the present application.