CN111865998A - Network security zone login method and device - Google Patents
Network security zone login method and device Download PDFInfo
- Publication number
- CN111865998A CN111865998A CN202010725157.6A CN202010725157A CN111865998A CN 111865998 A CN111865998 A CN 111865998A CN 202010725157 A CN202010725157 A CN 202010725157A CN 111865998 A CN111865998 A CN 111865998A
- Authority
- CN
- China
- Prior art keywords
- module
- network security
- access channel
- conversion module
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security zone login method, which comprises the following steps: s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module; s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module; s3, if the identity authentication is wrong, access is denied; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area; and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution. The invention enables the user to safely and quickly access the network security area through the arrangement of the conversion module.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security area login method and device.
Background
In the field of network security technology, it is a common practice to set a group of user terminals in the same network segment, where the same network segment refers to an Internet Protocol (IP) address and a subnet mask, and obtains the same network address. One or more network segments may also be placed in a network security zone where the network segments are completely isolated from other network segments. Users in the same network security zone are usually assigned the same job content, such as developing the same project, and when the project is completed, the users in the network security zone may schedule different tasks and need to log in other network security zones. It is important how to easily, quickly and safely log in the user to other network security areas.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method and an apparatus for logging in a network security area, which can realize the safe and fast logging in of a user.
In order to achieve the purpose, the invention adopts the technical scheme that:
the network security zone login method comprises the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution.
Further, the identity authentication information adopts biometric information.
Furthermore, different user rights correspond to different access channel building programs.
Further, still include: and the user passing the identity authentication sends a disconnection request through the client module, the disconnection request is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the disconnection of the access channel is realized through the access channel disconnection module.
Further, in step S4, the user who passes the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module and then first transmitted to the conversion module for decryption, and then security audit is performed, and the task request after the security audit is completed is transmitted to the network security area through the access channel for execution.
Furthermore, the client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel updates the key.
The invention also provides a network security area login device which comprises a client module, wherein the client module is connected with a conversion module, the conversion module is internally provided with an access channel construction module and used for constructing an access channel for accessing the network security area, the client module and the conversion module are respectively provided with an encryption module, the conversion module is also provided with an identity verification module, and mutually independent double-channel connection modules are arranged between the client module and the conversion module.
Furthermore, a security auditing module is arranged in the conversion module and used for auditing the security of the access task based on the nearest classifier, during auditing, the nearest classifier is compared with the pre-stored dangerous task request in similarity, and when the obtained similarity falls into a preset threshold, the access task is considered dangerous.
The invention enables the user to safely and quickly access the network security area through the arrangement of the conversion module.
Drawings
Fig. 1 is a flowchart of a network security area login method according to embodiment 1 of the present invention.
Fig. 2 is a flowchart of a network security area login method according to embodiment 2 of the present invention.
Fig. 3 is a block diagram of a network security area login device according to embodiment 3 of the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications can be made by persons skilled in the art without departing from the spirit of the invention. All falling within the scope of the present invention.
Example 1
As shown in fig. 1, the network security zone login method includes the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution. Specifically, a user passing identity verification sends a task request through a client module, the task request is encrypted through an encryption module and then is firstly transmitted to a conversion module for decryption, then security audit is carried out, if the audit result is not secure, the task request is rejected, meanwhile, the reject result is fed back to the client, and if the audit result is secure, the task request after the security audit is completed is transmitted to a network security area through an access channel for execution.
In this embodiment, the identity authentication information adopts biometric information, and different user permissions correspond to different access channel construction programs. The client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel is used for updating the key.
Example 2
As shown in fig. 2, the network security zone login method includes the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution. Specifically, a user passing identity verification sends a task request through a client module, the task request is encrypted through an encryption module and then is firstly transmitted to a conversion module for decryption, then security audit is carried out, if the audit result is not secure, the task request is rejected, meanwhile, the reject result is fed back to the client, and if the audit result is secure, the task request after the security audit is completed is transmitted to a network security area through an access channel for execution.
S5, the user passing the identity authentication sends a disconnection request through the client module, the disconnection request is encrypted through the encryption module and then transmitted to the conversion module for decryption, and the disconnection of the access channel is realized through the access channel disconnection module.
In this embodiment, the identity authentication information adopts biometric information, and different user permissions correspond to different access channel construction programs. The client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel is used for updating the key.
Example 3
As shown in fig. 3, a network security area login device according to an embodiment of the present invention includes a client module, the client module is connected to a conversion module, the conversion module is internally provided with an access channel construction module for constructing an access channel to access a network security area, the client module and the conversion module are respectively provided with an encryption module, the conversion module is further provided with an authentication module, and a mutually independent two-channel connection module is provided between the client module and the conversion module. The conversion module is internally provided with a safety auditing module used for auditing the safety of the access task based on the nearest classifier, during auditing, the nearest classifier is compared with the pre-stored dangerous task request in similarity, and when the obtained similarity falls into a preset threshold, the danger is considered.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (8)
1. The network security zone login method is characterized in that: the method comprises the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution.
2. The network security zone login method of claim 1, wherein: the identity authentication information adopts biological characteristic information.
3. The network security zone login method of claim 1, wherein: different user rights correspond to different access channel building programs.
4. The network security zone login method of claim 1, wherein: further comprising: and the user passing the identity authentication sends a disconnection request through the client module, the disconnection request is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the disconnection of the access channel is realized through the access channel disconnection module.
5. The network security zone login method of claim 1, wherein: in step S4, the user who passes the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module and then first transmitted to the conversion module for decryption, and then security audit is performed, and the task request after the security audit is completed is transmitted to the network security area through the access channel for execution.
6. The network security zone login method of claim 1, wherein: the client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel is used for updating the key.
7. Network security area login device, its characterized in that: the system comprises a client module, wherein the client module is connected with a conversion module, an access channel construction module is loaded in the conversion module and used for constructing an access channel for accessing a network security area, an encryption module is respectively arranged in the client module and the conversion module, an identity verification module is also arranged in the conversion module, and a double-channel connection module which is mutually independent is arranged between the client module and the conversion module.
8. The network security zone login device of claim 7 wherein: the conversion module is internally provided with a safety auditing module used for auditing the safety of the access task based on the nearest classifier, during auditing, the nearest classifier is compared with the pre-stored dangerous task request in similarity, and when the obtained similarity falls into a preset threshold, the danger is considered.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010725157.6A CN111865998A (en) | 2020-07-24 | 2020-07-24 | Network security zone login method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010725157.6A CN111865998A (en) | 2020-07-24 | 2020-07-24 | Network security zone login method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111865998A true CN111865998A (en) | 2020-10-30 |
Family
ID=72950587
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010725157.6A Pending CN111865998A (en) | 2020-07-24 | 2020-07-24 | Network security zone login method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111865998A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112491908A (en) * | 2020-12-01 | 2021-03-12 | 阿拉拇 | Security certification management system based on block chain big data |
WO2023240425A1 (en) * | 2022-06-14 | 2023-12-21 | 广州工商学院 | Security authentication management system based on blockchain big data |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1811421A1 (en) * | 2005-12-29 | 2007-07-25 | AXSionics AG | Security token and method for authentication of a user with the security token |
CN101471852A (en) * | 2007-12-29 | 2009-07-01 | ***股份有限公司 | Method, system and client device for accessing high safety resource |
CN104573554A (en) * | 2014-12-30 | 2015-04-29 | 北京奇虎科技有限公司 | Method for loading safety key storage hardware and browser client device |
CN104660551A (en) * | 2013-11-20 | 2015-05-27 | 上海海典软件有限公司 | Webservice-based database access device and method |
CN107665164A (en) * | 2016-07-29 | 2018-02-06 | 百度在线网络技术(北京)有限公司 | Secure data detection method and device |
CN108256321A (en) * | 2018-01-16 | 2018-07-06 | 吉林财经大学 | A kind of big data safety precaution supervision and aware platform |
CN108881327A (en) * | 2018-09-29 | 2018-11-23 | 德州职业技术学院(德州市技师学院) | A kind of computer internet information safety control system based on cloud computing |
CN109743309A (en) * | 2018-12-28 | 2019-05-10 | 微梦创科网络科技(中国)有限公司 | A kind of illegal request recognition methods, device and electronic equipment |
US20200202429A1 (en) * | 2018-05-06 | 2020-06-25 | Strong Force TX Portfolio 2018, LLC | System and method of an automated agent to automatically implement loan activities based on loan status |
-
2020
- 2020-07-24 CN CN202010725157.6A patent/CN111865998A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1811421A1 (en) * | 2005-12-29 | 2007-07-25 | AXSionics AG | Security token and method for authentication of a user with the security token |
CN101471852A (en) * | 2007-12-29 | 2009-07-01 | ***股份有限公司 | Method, system and client device for accessing high safety resource |
CN104660551A (en) * | 2013-11-20 | 2015-05-27 | 上海海典软件有限公司 | Webservice-based database access device and method |
CN104573554A (en) * | 2014-12-30 | 2015-04-29 | 北京奇虎科技有限公司 | Method for loading safety key storage hardware and browser client device |
CN107665164A (en) * | 2016-07-29 | 2018-02-06 | 百度在线网络技术(北京)有限公司 | Secure data detection method and device |
CN108256321A (en) * | 2018-01-16 | 2018-07-06 | 吉林财经大学 | A kind of big data safety precaution supervision and aware platform |
US20200202429A1 (en) * | 2018-05-06 | 2020-06-25 | Strong Force TX Portfolio 2018, LLC | System and method of an automated agent to automatically implement loan activities based on loan status |
CN108881327A (en) * | 2018-09-29 | 2018-11-23 | 德州职业技术学院(德州市技师学院) | A kind of computer internet information safety control system based on cloud computing |
CN109743309A (en) * | 2018-12-28 | 2019-05-10 | 微梦创科网络科技(中国)有限公司 | A kind of illegal request recognition methods, device and electronic equipment |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112491908A (en) * | 2020-12-01 | 2021-03-12 | 阿拉拇 | Security certification management system based on block chain big data |
WO2023240425A1 (en) * | 2022-06-14 | 2023-12-21 | 广州工商学院 | Security authentication management system based on blockchain big data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112039909B (en) | Authentication method, device, equipment and storage medium based on unified gateway | |
AU2018287526B2 (en) | Systems and methods for dynamic flexible authentication in a cloud service | |
US11063928B2 (en) | System and method for transferring device identifying information | |
CN101515932B (en) | Method and system for accessing Web service safely | |
US10110585B2 (en) | Multi-party authentication in a zero-trust distributed system | |
US11277398B2 (en) | System and methods for performing distributed authentication using a bridge computer system | |
CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
US9781096B2 (en) | System and method for out-of-band application authentication | |
CN112330855B (en) | Electronic lock safety management method, equipment and system | |
JP6337642B2 (en) | Method for securely accessing a network from a personal device, personal device, network server, and access point | |
CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
CN106161348B (en) | Single sign-on method, system and terminal | |
US9081982B2 (en) | Authorized data access based on the rights of a user and a location | |
DE102012106754A1 (en) | Method and device for remote authentication | |
CN104469736B (en) | A kind of data processing method, server and terminal | |
CN111865998A (en) | Network security zone login method and device | |
DE102017121648B3 (en) | METHOD FOR REGISTERING A USER AT A TERMINAL DEVICE | |
CN112464213B (en) | Operating system access control method, device, equipment and storage medium | |
CN103428698A (en) | Identity strong authentication method of mobile interconnection participants | |
US20090327704A1 (en) | Strong authentication to a network | |
CN105915557B (en) | Network authentication method, access control method and network access equipment | |
KR20180039037A (en) | Cross authentication method and system between online service server and client | |
CN107590662B (en) | Authentication method for calling online bank system, authentication server and system | |
EP3439260B1 (en) | Client device ticket | |
CN117879972A (en) | Safe conference terminal login authentication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201030 |
|
RJ01 | Rejection of invention patent application after publication |