CN108696540A - A kind of authorizing secure system and its authorization method - Google Patents
A kind of authorizing secure system and its authorization method Download PDFInfo
- Publication number
- CN108696540A CN108696540A CN201810788056.6A CN201810788056A CN108696540A CN 108696540 A CN108696540 A CN 108696540A CN 201810788056 A CN201810788056 A CN 201810788056A CN 108696540 A CN108696540 A CN 108696540A
- Authority
- CN
- China
- Prior art keywords
- user
- level
- address
- user name
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of authorizing secure systems, it is related to network safety filed, including authorizing protection center, the mandate protection center includes command reception end, protect database and certification terminal, described instruction receiving terminal receives the instruction sended over, the protection database is used for storing accessive IP lists and visitor's user name, the certification terminal includes IP verifying ends and identity end, this kind of authorizing secure system can inquire the IP address of visitor, and according to the user name of the list of the IP address of preservation and visitor to determine whether its entrance can be authorized, it effectively prevents extraneous device from entering in database and checks change data.It ensure that the safety of database.
Description
Technical field
The present invention relates to network safety fileds, and in particular to a kind of authorizing secure system and its authorization method.
Background technology:
Network makes the problem of many things become portable, were ignorant of before many be in the world able to know that as long as online is looked into,
Be also convenient for people link up, but network bring people it is portable while there is also many security risks, be stored in computer
Vital document be accidentally possible to be stolen, distort, it is heavy then be likely to cause huge property loss, in order to reduce this
The generation of kind thing, many enterprises are all provided with security firewall, prevent stranger from arbitrarily entering database.
Such as discloses one kind application No. is CN200680015644.1 and in digital content distribution system protect digital content
With the authoring system and method for user's integrality.At least one Subscriber Management System is configured as keeping user identification data.With
Family authoring system is configured as discretely keeping user authorization data with user identification data.The Subscriber Management System is configured as
Identify the user in the request for the extraction digital content for receiving user, and generate an order to SAS Subscriber Authorization System with
Authorized user accesses requested digital content.The SAS Subscriber Authorization System is configured as examining when receiving such order and use
Family accesses the mandate of requested digital content, if be examined, sends to and the relevant system users of the user
One, end is authorized to access requested digital content, but this method does not limit IP address, and there are certain leakages
Hole.
Such as application No. is CN201610095765.7 to disclose a kind of office block visitor dynamic authorization system, including integrated
Control centre's module, database module, single current gate;It is at least one dynamic with the office block visitor for outer visitor
The information exchange medium of state authoring system, the access terminal device of access information, authorization message;It is at least one to be used for another
The access of outer visitor and the information exchange medium, access information, authorization message of the office block visitor dynamic authorization system
Mobile terminal;At least one interactive interface for portion room personnel, realize the presentation of information of outer visitor, Authorized operation it is interviewed
Mobile terminal.The present invention has the characteristics that intelligent reliable, simple operation, is moved in real time by the outer visitor to office block
State empowerment management realizes that outer visitor passes in and out stringent monitoring and the related data record of office block, ensure that office block work
Normal office work, personal safety, the property safety of personnel, but this method does not limit IP address, there are certain leakages
Hole.
Invention content
The purpose of the present invention is to provide a kind of authorizing secure system and its authorization methods, to solve to cause in the prior art
The above-mentioned defects.
A kind of authorizing secure system, including protection center is authorized, the mandate protection center includes command reception end, protection
Database and certification terminal, described instruction receiving terminal receive the instruction sended over, and the protection database is for storing and can visit
Ask IP lists and visitor's user name, the certification terminal includes IP verifying ends and identity end,
S1:Command reception termination receives instruction, and whether decision instruction is effective, is then rejected if illegal command, if
Command information is then sent to certification terminal by effective instruction;
S2:The IP address and user name of certification terminal extraction instruction transmitting terminal;
S3:Certification terminal matches IP address with the IP address in protection database, can be visited if IP address is present in
It asks in IP lists, then carries out in next step, otherwise the request is rejected;
S4:Certification terminal-pair by IP address carry out user name matching, if there are the user name in visitor's user name,
Then be certification by enter in next step, otherwise send " user name mistake please be re-entered " display interface;
S5:Certification is that the user provides identity after passing through, and enters corresponding interface according to identity grade, and to note
Lower access record.
Preferably, the addressable IP lists include that level-one access name mono-, di- grade accesses list, three-level accesses list, institute
It includes that level-one accesses user, second-level access user, three-level access user to state visitor's user name.
Preferably, the level-one access list is corresponding with level-one access user, second-level access list and second-level access user
Corresponding, it is corresponding with three-level access user that three-level accesses list.
Preferably, the level-one access user, second-level access user, three-level access user and possess different identity.
Preferably, the level-one access user, second-level access user, three-level access user and possess different access rights.
Preferably, the user name and IP address can be drawn in visit when user name is continuously wrong three times in the step S4
It asks in blacklist.
Preferably, upper identity can be just added when IP address and access username are in the same rank in the step S5
Mark, is otherwise considered as unauthorized access.
The advantage of the invention is that:This kind of authorizing secure system can inquire the IP address of visitor, and root
According to the list of the IP address of preservation and the user name of visitor to determine whether its entrance can be authorized, external set effectively is prevented
Change data are checked for entering in database, ensure that the safety of database.
Description of the drawings
Fig. 1 is flow chart of the method for the present invention.
Specific implementation mode
To make the technical means, the creative features, the aims and the efficiencies achieved by the present invention be easy to understand, with reference to
Specific implementation mode, the present invention is further explained.
Embodiment 1
As shown in Figure 1, a kind of authorizing secure system, including protection center is authorized, the mandate protection center includes instruction
Receiving terminal, protection database and certification terminal, described instruction receiving terminal receive the instruction sended over, and the protection database is used
In storing accessive IP lists and visitor's user name, the certification terminal includes IP verifying ends and identity end,
S1:Command reception termination receives instruction, and whether decision instruction is effective, is then rejected if illegal command, if
Command information is then sent to certification terminal by effective instruction;
S2:The IP address and user name of certification terminal extraction instruction transmitting terminal;
S3:Certification terminal matches IP address with the IP address in protection database, can be visited if IP address is present in
It asks in IP lists, then carries out in next step, otherwise the request is rejected;
S4:Certification terminal-pair by IP address carry out user name matching, if there are the user name in visitor's user name,
Then be certification by enter in next step, otherwise send " user name mistake please be re-entered " display interface;
S5:Certification is that the user provides identity after passing through, and enters corresponding interface according to identity grade, and to note
Lower access record.
It is worth noting that, visitor's user list includes special user's list and ordinary user's list.
In the present embodiment, special user's list can skip matching and enter directly into database, and obtain
The highest permission that database uses.
In the present embodiment, ordinary user's list is through overmatching, and can just enter database after sticking identity
In, and obtain corresponding permission according to the identity grade of distribution.
It in the present embodiment, can be by the user name and IP address in the step S4 when user name is continuously wrong three times
It draws in and accesses in blacklist.
In addition, upper identity mark can be just added in the step S5 when IP address and access username are in the same rank
Know, is otherwise considered as unauthorized access.
Embodiment 2
As shown in Figure 1, a kind of authorizing secure system, including protection center is authorized, the mandate protection center includes instruction
Receiving terminal, protection database and certification terminal, described instruction receiving terminal receive the instruction sended over, and the protection database is used
In storing accessive IP lists and visitor's user name, the certification terminal includes IP verifying ends and identity end,
S1:Command reception termination receives instruction, and whether decision instruction is effective, is then rejected if illegal command, if
Command information is then sent to certification terminal by effective instruction;
S2:The IP address and user name of certification terminal extraction instruction transmitting terminal;
S3:Certification terminal matches IP address with the IP address in protection database, can be visited if IP address is present in
It asks in IP lists, then carries out in next step, otherwise the request is rejected;
S4:Certification terminal-pair by IP address carry out user name matching, if there are the user name in visitor's user name,
Then be certification by enter in next step, otherwise send " user name mistake please be re-entered " display interface;
S5:Certification is that the user provides identity after passing through, and enters corresponding interface according to identity grade, and to note
Lower access record.
It is worth noting that, the addressable IP lists, which include level-one access name mono-, di- grade, accesses list, three-level access name
Single, visitor's user name includes that level-one accesses user, second-level access user, three-level access user.
In the present embodiment, the level-one access list is corresponding with level-one access user, and second-level access list is visited with two level
Ask that user corresponds to, it is corresponding with three-level access user that three-level accesses list.
In the present embodiment, the level-one access user, second-level access user, three-level access user and possess different identity
Mark.
In the present embodiment, the level-one access user, second-level access user, three-level access user and possess different access
Permission.
It in the present embodiment, can be by the user name and IP address in the step S4 when user name is continuously wrong three times
It draws in and accesses in blacklist.
In addition, upper identity mark can be just added in the step S5 when IP address and access username are in the same rank
Know, is otherwise considered as unauthorized access.
Based on above-mentioned, this kind of authorizing secure system can inquire the IP address of visitor, and according to preservation
The list of IP address and the user name of visitor effectively prevent extraneous device from entering number to determine whether its entrance can be authorized
According to change data are checked in library, the safety of database ensure that.
As known by the technical knowledge, the present invention can pass through the embodiment party of other essence without departing from its spirit or essential feature
Case is realized.Therefore, embodiment disclosed above, all things considered are all merely illustrative, not the only.Institute
Have within the scope of the present invention or is included in the invention in the change being equal in the scope of the present invention.
Claims (7)
1. a kind of authorizing secure system, including protection center is authorized, the mandate protection center includes command reception end, protection number
According to library and certification terminal, which is characterized in that described instruction receiving terminal receives the instruction sended over, and the protection database is used for
Storing accessive IP lists and visitor's user name, the certification terminal include IP verifying ends and identity end, the mandate
The authorization method of security system includes the following steps:
S1:Command reception termination receives instruction, and whether decision instruction is effective, is then rejected if illegal command, if effective
Command information is then sent to certification terminal by instruction;
S2:The IP address and user name of certification terminal extraction instruction transmitting terminal;
S3:Certification terminal matches IP address with the IP address in protection database, if IP address is present in addressable IP
In list, then carries out in next step, otherwise the request is rejected;
S4:Certification terminal-pair by IP address carry out user name matching, if there are the user name in visitor's user name, for
Certification sends the display interface of " user name mistake please be re-entered " by entering in next step;
S5:Certification is that the user provides identity after passing through, and enters corresponding interface according to identity grade, and visit writing down
Ask record.
2. a kind of authorizing secure system according to claim 1, it is characterised in that:The addressable IP lists include level-one
Access name mono-, di- grade accesses list, three-level accesses list, and visitor's user name includes that level-one accesses user, second-level access
User, three-level access user.
3. a kind of authorizing secure system according to claim 2, it is characterised in that:The level-one accesses list and is visited with level-one
Ask that user corresponds to, second-level access list is corresponding with second-level access user, and it is corresponding with three-level access user that three-level accesses list.
4. a kind of authorizing secure system according to claim 3, it is characterised in that:The level-one accesses user, two level is visited
Ask that user, three-level access user and possess different identity.
5. a kind of authorizing secure system according to claim 3, it is characterised in that:The level-one accesses user, two level is visited
Ask that user, three-level access user and possess different access rights.
6. a kind of authorizing secure system according to claim 1, it is characterised in that:When user name is continuous in the step S4
When wrong three times, the user name and IP address can be drawn in and be accessed in blacklist.
7. a kind of authorizing secure system according to claim 1, it is characterised in that:When IP address and visit in the step S5
It asks that user name can just be added upper identity in the same rank, is otherwise considered as unauthorized access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810788056.6A CN108696540A (en) | 2018-07-18 | 2018-07-18 | A kind of authorizing secure system and its authorization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810788056.6A CN108696540A (en) | 2018-07-18 | 2018-07-18 | A kind of authorizing secure system and its authorization method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108696540A true CN108696540A (en) | 2018-10-23 |
Family
ID=63850724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810788056.6A Pending CN108696540A (en) | 2018-07-18 | 2018-07-18 | A kind of authorizing secure system and its authorization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108696540A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861982A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | A kind of implementation method and device of authentication |
| CN111079110A (en) * | 2019-11-27 | 2020-04-28 | 国网辽宁省电力有限公司电力科学研究院 | Power system network security protection method, system and device based on identity recognition |
| CN112364318A (en) * | 2020-11-24 | 2021-02-12 | 北京海联捷讯科技股份有限公司 | Operation and maintenance big data security management method, system, terminal and storage medium |
| CN114640485A (en) * | 2020-12-01 | 2022-06-17 | 中移(苏州)软件技术有限公司 | Centralized access method, device, equipment and storage medium for service data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267339A (en) * | 2008-02-28 | 2008-09-17 | 华为技术有限公司 | User management method and device |
| US20120167180A1 (en) * | 2010-12-22 | 2012-06-28 | Hon Hai Precision Industry Co., Ltd. | Cloud server and access management method |
| CN105512569A (en) * | 2015-12-17 | 2016-04-20 | 浪潮电子信息产业股份有限公司 | Database security reinforcing method and device |
| CN107360150A (en) * | 2017-07-06 | 2017-11-17 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of intelligent logging-on |
| CN108289098A (en) * | 2018-01-12 | 2018-07-17 | 百度在线网络技术(北京)有限公司 | Right management method and device, server, the medium of distributed file system |
-
2018
- 2018-07-18 CN CN201810788056.6A patent/CN108696540A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267339A (en) * | 2008-02-28 | 2008-09-17 | 华为技术有限公司 | User management method and device |
| US20120167180A1 (en) * | 2010-12-22 | 2012-06-28 | Hon Hai Precision Industry Co., Ltd. | Cloud server and access management method |
| CN105512569A (en) * | 2015-12-17 | 2016-04-20 | 浪潮电子信息产业股份有限公司 | Database security reinforcing method and device |
| CN107360150A (en) * | 2017-07-06 | 2017-11-17 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of intelligent logging-on |
| CN108289098A (en) * | 2018-01-12 | 2018-07-17 | 百度在线网络技术(北京)有限公司 | Right management method and device, server, the medium of distributed file system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109861982A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | A kind of implementation method and device of authentication |
| CN111079110A (en) * | 2019-11-27 | 2020-04-28 | 国网辽宁省电力有限公司电力科学研究院 | Power system network security protection method, system and device based on identity recognition |
| CN112364318A (en) * | 2020-11-24 | 2021-02-12 | 北京海联捷讯科技股份有限公司 | Operation and maintenance big data security management method, system, terminal and storage medium |
| CN114640485A (en) * | 2020-12-01 | 2022-06-17 | 中移(苏州)软件技术有限公司 | Centralized access method, device, equipment and storage medium for service data |
| CN114640485B (en) * | 2020-12-01 | 2024-04-09 | 中移(苏州)软件技术有限公司 | Centralized access method, device, equipment and storage medium for service data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104158824B (en) | Genuine cyber identification authentication method and system | |
| CN104364790B (en) | system and method for implementing multi-factor authentication | |
| CN104184705B (en) | Verification method, device, server, subscriber data center and system | |
| CN108696540A (en) | A kind of authorizing secure system and its authorization method | |
| US20160182565A1 (en) | Location-based network security | |
| CN103731413B (en) | A kind of method for handling abnormal login | |
| CN104660562A (en) | Method, related device and system for information viewing | |
| CN109005161A (en) | A kind of data safety monitoring system and its access monitoring method | |
| CN107026825A (en) | A kind of method and system for accessing big data system | |
| US9635017B2 (en) | Computer network security management system and method | |
| CN111797418B (en) | Online service control method and device, service terminal, server and storage medium | |
| CN107770192A (en) | Identity authentication method and computer-readable recording medium in multisystem | |
| CN106778138A (en) | The control method and device of software license limit | |
| CN107454064A (en) | A kind of visitor's authentication method and system based on public number | |
| US20120021721A1 (en) | Session-controlled-access of client data by support personnel | |
| CN113542201A (en) | Access control method and device for Internet service | |
| CN112581103A (en) | Safety online conference management method | |
| CN105162763A (en) | Method and device for processing communication data | |
| CN113221180A (en) | Database security access system and method | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| CN105847287A (en) | Resource access control method based on community local area network and system based on community local area network | |
| CN106941504A (en) | A kind of cloud management authority control method and system | |
| CN108270798B (en) | Mobile terminal equipment safety management system | |
| CN114363069A (en) | Data management system for guaranteeing information network security of colleges and universities | |
| KR20000063739A (en) | System and method for monitoring fraudulent use of id and media for storing program source thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181023 |