CN111865998A - Network security zone login method and device - Google Patents

Network security zone login method and device Download PDF

Info

Publication number
CN111865998A
CN111865998A CN202010725157.6A CN202010725157A CN111865998A CN 111865998 A CN111865998 A CN 111865998A CN 202010725157 A CN202010725157 A CN 202010725157A CN 111865998 A CN111865998 A CN 111865998A
Authority
CN
China
Prior art keywords
module
network security
access channel
conversion module
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010725157.6A
Other languages
Chinese (zh)
Inventor
王欢
彭勇
阳树洪
李厚君
杨凡
刘景贤
黄剑华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangxi University of Science and Technology
Original Assignee
Guangxi University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangxi University of Science and Technology filed Critical Guangxi University of Science and Technology
Priority to CN202010725157.6A priority Critical patent/CN111865998A/en
Publication of CN111865998A publication Critical patent/CN111865998A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security zone login method, which comprises the following steps: s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module; s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module; s3, if the identity authentication is wrong, access is denied; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area; and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution. The invention enables the user to safely and quickly access the network security area through the arrangement of the conversion module.

Description

Network security zone login method and device
Technical Field
The invention relates to the technical field of network security, in particular to a network security area login method and device.
Background
In the field of network security technology, it is a common practice to set a group of user terminals in the same network segment, where the same network segment refers to an Internet Protocol (IP) address and a subnet mask, and obtains the same network address. One or more network segments may also be placed in a network security zone where the network segments are completely isolated from other network segments. Users in the same network security zone are usually assigned the same job content, such as developing the same project, and when the project is completed, the users in the network security zone may schedule different tasks and need to log in other network security zones. It is important how to easily, quickly and safely log in the user to other network security areas.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method and an apparatus for logging in a network security area, which can realize the safe and fast logging in of a user.
In order to achieve the purpose, the invention adopts the technical scheme that:
the network security zone login method comprises the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution.
Further, the identity authentication information adopts biometric information.
Furthermore, different user rights correspond to different access channel building programs.
Further, still include: and the user passing the identity authentication sends a disconnection request through the client module, the disconnection request is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the disconnection of the access channel is realized through the access channel disconnection module.
Further, in step S4, the user who passes the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module and then first transmitted to the conversion module for decryption, and then security audit is performed, and the task request after the security audit is completed is transmitted to the network security area through the access channel for execution.
Furthermore, the client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel updates the key.
The invention also provides a network security area login device which comprises a client module, wherein the client module is connected with a conversion module, the conversion module is internally provided with an access channel construction module and used for constructing an access channel for accessing the network security area, the client module and the conversion module are respectively provided with an encryption module, the conversion module is also provided with an identity verification module, and mutually independent double-channel connection modules are arranged between the client module and the conversion module.
Furthermore, a security auditing module is arranged in the conversion module and used for auditing the security of the access task based on the nearest classifier, during auditing, the nearest classifier is compared with the pre-stored dangerous task request in similarity, and when the obtained similarity falls into a preset threshold, the access task is considered dangerous.
The invention enables the user to safely and quickly access the network security area through the arrangement of the conversion module.
Drawings
Fig. 1 is a flowchart of a network security area login method according to embodiment 1 of the present invention.
Fig. 2 is a flowchart of a network security area login method according to embodiment 2 of the present invention.
Fig. 3 is a block diagram of a network security area login device according to embodiment 3 of the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications can be made by persons skilled in the art without departing from the spirit of the invention. All falling within the scope of the present invention.
Example 1
As shown in fig. 1, the network security zone login method includes the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution. Specifically, a user passing identity verification sends a task request through a client module, the task request is encrypted through an encryption module and then is firstly transmitted to a conversion module for decryption, then security audit is carried out, if the audit result is not secure, the task request is rejected, meanwhile, the reject result is fed back to the client, and if the audit result is secure, the task request after the security audit is completed is transmitted to a network security area through an access channel for execution.
In this embodiment, the identity authentication information adopts biometric information, and different user permissions correspond to different access channel construction programs. The client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel is used for updating the key.
Example 2
As shown in fig. 2, the network security zone login method includes the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution. Specifically, a user passing identity verification sends a task request through a client module, the task request is encrypted through an encryption module and then is firstly transmitted to a conversion module for decryption, then security audit is carried out, if the audit result is not secure, the task request is rejected, meanwhile, the reject result is fed back to the client, and if the audit result is secure, the task request after the security audit is completed is transmitted to a network security area through an access channel for execution.
S5, the user passing the identity authentication sends a disconnection request through the client module, the disconnection request is encrypted through the encryption module and then transmitted to the conversion module for decryption, and the disconnection of the access channel is realized through the access channel disconnection module.
In this embodiment, the identity authentication information adopts biometric information, and different user permissions correspond to different access channel construction programs. The client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel is used for updating the key.
Example 3
As shown in fig. 3, a network security area login device according to an embodiment of the present invention includes a client module, the client module is connected to a conversion module, the conversion module is internally provided with an access channel construction module for constructing an access channel to access a network security area, the client module and the conversion module are respectively provided with an encryption module, the conversion module is further provided with an authentication module, and a mutually independent two-channel connection module is provided between the client module and the conversion module. The conversion module is internally provided with a safety auditing module used for auditing the safety of the access task based on the nearest classifier, during auditing, the nearest classifier is compared with the pre-stored dangerous task request in similarity, and when the obtained similarity falls into a preset threshold, the danger is considered.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.

Claims (8)

1. The network security zone login method is characterized in that: the method comprises the following steps:
s1, storing an access channel construction program for constructing an access channel for accessing a network security zone in the conversion module;
s2, the user inputs the authentication information through the client module, the authentication information is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the authentication information is authenticated through the authentication module;
s3, if the identity verification in the step S2 is wrong, access is refused; if the identity authentication is correct, calling an access channel construction program to construct a corresponding access channel according to the user authority, and establishing connection with a network security area to realize login access of the network security area;
and S4, the user passing the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module, then transmitted to the conversion module for decryption, and transmitted to the network security area through the access channel for execution.
2. The network security zone login method of claim 1, wherein: the identity authentication information adopts biological characteristic information.
3. The network security zone login method of claim 1, wherein: different user rights correspond to different access channel building programs.
4. The network security zone login method of claim 1, wherein: further comprising: and the user passing the identity authentication sends a disconnection request through the client module, the disconnection request is encrypted by the encryption module and then transmitted to the conversion module for decryption, and the disconnection of the access channel is realized through the access channel disconnection module.
5. The network security zone login method of claim 1, wherein: in step S4, the user who passes the identity authentication sends a task request through the client module, the task request is encrypted by the encryption module and then first transmitted to the conversion module for decryption, and then security audit is performed, and the task request after the security audit is completed is transmitted to the network security area through the access channel for execution.
6. The network security zone login method of claim 1, wherein: the client module and the conversion module are communicated by a double-channel connection module, and when any one channel is communicated, the other standby channel is used for updating the key.
7. Network security area login device, its characterized in that: the system comprises a client module, wherein the client module is connected with a conversion module, an access channel construction module is loaded in the conversion module and used for constructing an access channel for accessing a network security area, an encryption module is respectively arranged in the client module and the conversion module, an identity verification module is also arranged in the conversion module, and a double-channel connection module which is mutually independent is arranged between the client module and the conversion module.
8. The network security zone login device of claim 7 wherein: the conversion module is internally provided with a safety auditing module used for auditing the safety of the access task based on the nearest classifier, during auditing, the nearest classifier is compared with the pre-stored dangerous task request in similarity, and when the obtained similarity falls into a preset threshold, the danger is considered.
CN202010725157.6A 2020-07-24 2020-07-24 Network security zone login method and device Pending CN111865998A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010725157.6A CN111865998A (en) 2020-07-24 2020-07-24 Network security zone login method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010725157.6A CN111865998A (en) 2020-07-24 2020-07-24 Network security zone login method and device

Publications (1)

Publication Number Publication Date
CN111865998A true CN111865998A (en) 2020-10-30

Family

ID=72950587

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010725157.6A Pending CN111865998A (en) 2020-07-24 2020-07-24 Network security zone login method and device

Country Status (1)

Country Link
CN (1) CN111865998A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491908A (en) * 2020-12-01 2021-03-12 阿拉拇 Security certification management system based on block chain big data
WO2023240425A1 (en) * 2022-06-14 2023-12-21 广州工商学院 Security authentication management system based on blockchain big data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
CN101471852A (en) * 2007-12-29 2009-07-01 ***股份有限公司 Method, system and client device for accessing high safety resource
CN104573554A (en) * 2014-12-30 2015-04-29 北京奇虎科技有限公司 Method for loading safety key storage hardware and browser client device
CN104660551A (en) * 2013-11-20 2015-05-27 上海海典软件有限公司 Webservice-based database access device and method
CN107665164A (en) * 2016-07-29 2018-02-06 百度在线网络技术(北京)有限公司 Secure data detection method and device
CN108256321A (en) * 2018-01-16 2018-07-06 吉林财经大学 A kind of big data safety precaution supervision and aware platform
CN108881327A (en) * 2018-09-29 2018-11-23 德州职业技术学院(德州市技师学院) A kind of computer internet information safety control system based on cloud computing
CN109743309A (en) * 2018-12-28 2019-05-10 微梦创科网络科技(中国)有限公司 A kind of illegal request recognition methods, device and electronic equipment
US20200202429A1 (en) * 2018-05-06 2020-06-25 Strong Force TX Portfolio 2018, LLC System and method of an automated agent to automatically implement loan activities based on loan status

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1811421A1 (en) * 2005-12-29 2007-07-25 AXSionics AG Security token and method for authentication of a user with the security token
CN101471852A (en) * 2007-12-29 2009-07-01 ***股份有限公司 Method, system and client device for accessing high safety resource
CN104660551A (en) * 2013-11-20 2015-05-27 上海海典软件有限公司 Webservice-based database access device and method
CN104573554A (en) * 2014-12-30 2015-04-29 北京奇虎科技有限公司 Method for loading safety key storage hardware and browser client device
CN107665164A (en) * 2016-07-29 2018-02-06 百度在线网络技术(北京)有限公司 Secure data detection method and device
CN108256321A (en) * 2018-01-16 2018-07-06 吉林财经大学 A kind of big data safety precaution supervision and aware platform
US20200202429A1 (en) * 2018-05-06 2020-06-25 Strong Force TX Portfolio 2018, LLC System and method of an automated agent to automatically implement loan activities based on loan status
CN108881327A (en) * 2018-09-29 2018-11-23 德州职业技术学院(德州市技师学院) A kind of computer internet information safety control system based on cloud computing
CN109743309A (en) * 2018-12-28 2019-05-10 微梦创科网络科技(中国)有限公司 A kind of illegal request recognition methods, device and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112491908A (en) * 2020-12-01 2021-03-12 阿拉拇 Security certification management system based on block chain big data
WO2023240425A1 (en) * 2022-06-14 2023-12-21 广州工商学院 Security authentication management system based on blockchain big data

Similar Documents

Publication Publication Date Title
CN112039909B (en) Authentication method, device, equipment and storage medium based on unified gateway
AU2018287526B2 (en) Systems and methods for dynamic flexible authentication in a cloud service
US11063928B2 (en) System and method for transferring device identifying information
CN101515932B (en) Method and system for accessing Web service safely
US10110585B2 (en) Multi-party authentication in a zero-trust distributed system
US11277398B2 (en) System and methods for performing distributed authentication using a bridge computer system
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
US9781096B2 (en) System and method for out-of-band application authentication
CN112330855B (en) Electronic lock safety management method, equipment and system
JP6337642B2 (en) Method for securely accessing a network from a personal device, personal device, network server, and access point
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN106161348B (en) Single sign-on method, system and terminal
US9081982B2 (en) Authorized data access based on the rights of a user and a location
DE102012106754A1 (en) Method and device for remote authentication
CN104469736B (en) A kind of data processing method, server and terminal
CN111865998A (en) Network security zone login method and device
DE102017121648B3 (en) METHOD FOR REGISTERING A USER AT A TERMINAL DEVICE
CN112464213B (en) Operating system access control method, device, equipment and storage medium
CN103428698A (en) Identity strong authentication method of mobile interconnection participants
US20090327704A1 (en) Strong authentication to a network
CN105915557B (en) Network authentication method, access control method and network access equipment
KR20180039037A (en) Cross authentication method and system between online service server and client
CN107590662B (en) Authentication method for calling online bank system, authentication server and system
EP3439260B1 (en) Client device ticket
CN117879972A (en) Safe conference terminal login authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201030

RJ01 Rejection of invention patent application after publication