CN102244663B - User identification method and system based on transmission control protocol (TCP) data packet construction technology - Google Patents
User identification method and system based on transmission control protocol (TCP) data packet construction technology Download PDFInfo
- Publication number
- CN102244663B CN102244663B CN 201110234098 CN201110234098A CN102244663B CN 102244663 B CN102244663 B CN 102244663B CN 201110234098 CN201110234098 CN 201110234098 CN 201110234098 A CN201110234098 A CN 201110234098A CN 102244663 B CN102244663 B CN 102244663B
- Authority
- CN
- China
- Prior art keywords
- terminal computer
- authentication information
- authentication
- packet
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a user identification method and a user identification system based on a transmission control protocol (TCP) data packet construction technology. A data packet for prompting identity verification information input is constructed for a terminal computer, and a reset the connection (RST) blocking packet is transmitted to block communication between two parties to force users to provide identity verification information, identify the users using the same terminal computer in different time periods and normalize the Internet surfing behaviors of the users; and simultaneously, requests of surfing the Internet by using the terminal computer from unauthorized users are denied to prevent the terminal computer from being used for illegal criminal activities.
Description
Technical field
The present invention relates to Internet user's identity identification technical field, specifically a kind of method for identifying ID and system based on structure tcp data packet technology.
Background technology
The TCP(full name: Transmission Control Protocol transmission control protocol) agreement: communicating pair receives that flag bit is the RST(full name: Reset the connection, cause the incorrect link of appearance because of certain reason for resetting, also be used for refusing invalid data and request) packet the time, current communication meeting automatic disconnection.Therefore, in prior art, the third party issues respectively communicating pair by constructing the packet that a flag bit is RST, causes communicating pair to misread and disconnects communication.
The packet that in this patent by flag bit, is RST is called for short the RST packet; The RST packet produces based on TCP agreement, a kind of for the tcp data bag.
Chinese patent literature CN101582771 discloses under a kind of mode of multi-stage routers the personal identification method of surfing the Net, realize the computer internet under mode of multi-stage routers identification by the monitoring host computer and the monitoring modular on terminal computer that are connected with level-1 router are installed, finally determine the computer of concrete internet behavior.But in reality, it is public that a considerable amount of computers are arranged, the public terminal computer for these, the different time is to be used by different user, which station terminal computer existing personal identification method only can recognize in online, different user on the None-identified common computer, and then can't determine the user identity that can use the public terminals computer at special time period.
In reality, for guaranteeing the normal use of public terminals computer, usually give the different online corresponding account numbers of main body and password, the refusal unauthorized user is used this terminal computer.
Summary of the invention
For this reason, to be solved by this invention is the technical problem of different user identity on the same terminal computer of existing online auth method None-identified, and a kind of method for identifying ID and system based on structure tcp data packet technology is provided.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows:
A kind of method for identifying ID based on structure tcp data packet technology, is characterized in that: comprise the steps:
(1) server is monitored LAN;
(2) when listening to the request of terminal computer connection outer net, examine and whether need described terminal computer is carried out to authentication;
(3), when the needs authentication, the Packet Generation of a prompting input authentication information of server constructs is given described terminal computer;
(4) server is constructed the described outer net that a RST blocking-up bag sends to described terminal computer and its request to be connected again, disconnects the subsequent communications between described terminal computer and its described outer net of asking to connect;
(5) described terminal computer receives the packet of described prompting input authentication information, shows the authentication page;
(6) user inputs authentication information and submits to, and described terminal computer sends a packet of the post with described authentication information;
(7) described server is monitored and is received the described post packet with authentication information that described terminal computer sends, and obtains described authentication information;
(8) identify described authentication information;
(9) identify successfully, determine user's identity, authentication finishes;
(10) identify unsuccessfully, proceed to described step (1).
In described step (2), by the time of examining authentication last time of the described terminal computer of distance, whether surpass and within T minute, determine whether to carry out authentication.
Described authentication information is account number and password.
Described server is monitored described LAN by Winpcap.
In described step (9), also comprise after identifying successfully and send packet that a prompting the is verified step to described terminal computer.
In described step (10), identify unsuccessfully, proceeding to described step (1) before, also comprise and send the step of a unsanctioned packet of prompting checking to described terminal computer.
Simultaneously, provide a kind of user identity identification system based on structure tcp data packet technology, comprising:
LAN is monitored module, monitors LAN;
Validating module, when listening to the request of terminal computer connection outer net, examine and whether carry out authentication;
Authentication module, comprise structure authentication information submodule and structure RST blocking-up steamed stuffed bun module, and wherein, described structure authentication information submodule sends to the packet of the prompting input authentication information of described terminal computer for structure; The RST that described structure RST blocking-up steamed stuffed bun module issues for structure the outer net that described terminal computer and its request be connected blocks and wraps;
The authentication information input module for inputting authentication information, sends a packet of the post with described authentication information after the authentication information input;
The authentication information acquisition module, obtain the authentication information in described post packet;
The identity information identification module, the described authentication information that identification is obtained, identify successfully, and authentication finishes; Identify unsuccessfully, proceed to LAN and monitor module and continue to monitor LAN.
Technique scheme of the present invention has the following advantages compared to existing technology:
The present invention points out the packet of input authentication information to terminal computer by structure, and by sending RST blocking-up bag blocking-up intercommunication, force users provides authentication information, and the identification different time sections is used the user identity of same terminal computer, standard user's internet behavior; Simultaneously, use the request of this terminal computer online by the refusal unauthorized user, prevent that this terminal computer is used to be engaged in some delinquent things.
The accompanying drawing explanation
For content of the present invention is more likely to be clearly understood, below according to a particular embodiment of the invention and by reference to the accompanying drawings, the present invention is further detailed explanation, wherein
The flow chart that Fig. 1 is one embodiment of the invention.
Embodiment
Shown in Figure 1, the method for identifying ID based on structure tcp data packet technology of one embodiment of the invention, comprise the steps:
S01 step: start;
The S02 step: server is monitored LAN by Winpcap (windows packet capture);
The S03 step: server judges when whether terminal computer has the request that connects outer net;
The S04 step: when listening to terminal computer the request that connects outer net is arranged, whether need carry out authentication, when distance proving time last time, surpass the T timesharing if examining described terminal computer, proceed to next step and carry out authentication; Otherwise, get back to the S02 step, continue to monitor LAN;
The S05 step: prompting user of server constructs inputs the post Packet Generation of account number and two authentication information of password to described terminal computer;
The S06 step: server is constructed the described outer net that a RST blocking-up bag sends to described terminal computer and its request to be connected again, disconnects the subsequent communications between described terminal computer and its described outer net of asking to connect;
The S07 step: described terminal computer receives the packet of described prompting input account number and password, shows the authentication page;
The S08 step: the user inputs account number and password and submits to, and described terminal computer sends a packet of the post with user account number and password, in the post mode, submits account number and encrypted message to;
The S09 step: the described post packet with user account number and password that described terminal computer sends is monitored and received to described server; Obtain described terminal computer user's described account number and described password;
The S10 step: server is identified described account number and password;
The S11 step: identify successfully, determine user identity, send packet that a prompting is verified to described terminal computer, and will carry out the relevant informations such as the time storage of this authentication, subscriber authentication finishes;
S12 step: identify unsuccessfully, send a unsanctioned packet of prompting checking to described terminal computer, proceed to the S02 step simultaneously;
S13 step: finish.
The present invention points out the packet of input authentication information to terminal computer by structure, and by sending RST blocking-up bag blocking-up intercommunication, force users provides authentication information, and the identification different time sections is used the user identity of same terminal computer, standard user's internet behavior; Simultaneously, use the request of this terminal computer online by the refusal unauthorized user, prevent that this terminal computer is used to be engaged in some delinquent things.
The distortion as above-described embodiment; in described S02 step; server is monitored LAN by other means; as long as energy monitoring terminal computer connects the request of outer net; such as: raw socket (raw socket); can realize purpose of the present invention equally, belong to protection scope of the present invention.
As another distortion of above-described embodiment, described authentication information can be other information such as user's face-image, fingerprint, and these information are pre-stored, facilitates the identification checking in subsequent step.Can realize purpose of the present invention equally, belong to protection scope of the present invention.
The present invention correspondingly provides a kind of user identity identification system based on structure tcp data packet technology, and comprising: LAN is monitored module, monitors LAN; Validating module, when listening to the request of terminal computer connection outer net, examine and whether carry out authentication; Authentication module, comprise structure authentication information submodule and structure RST blocking-up steamed stuffed bun module, and wherein, described structure authentication information submodule sends to the packet of the prompting input authentication information of described terminal computer for structure; The RST that described structure RST blocking-up steamed stuffed bun module issues for structure the outer net that described terminal computer and its request be connected blocks and wraps; The authentication information input module for inputting authentication information, sends a packet of the post with described authentication information after the authentication information input; The authentication information acquisition module, obtain the authentication information in described post packet; The identity information identification module, the described authentication information that identification is obtained, identify successfully, and authentication finishes; Identify unsuccessfully, proceed to LAN and monitor module and continue to monitor LAN.
Obviously, above-described embodiment is only for example clearly is described, and is not the restriction to execution mode.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here exhaustive without also giving all execution modes.And the apparent variation of being extended out thus or change are still among the protection range in the invention.
Claims (6)
1. the method for identifying ID based on structure tcp data packet technology, is characterized in that: comprise the steps:
(1) server is monitored LAN;
(2), when listening to terminal computer and connect the request of outer net, by examining time apart from terminal computer authentication last time, whether surpass to examine in T minute and whether need described terminal computer is carried out to authentication;
(3), when the needs authentication, the Packet Generation of a prompting input authentication information of server constructs is given described terminal computer;
(4) server is constructed the described outer net that a RST blocking-up bag sends to described terminal computer and its request to be connected again, disconnects the subsequent communications between described terminal computer and its described outer net of asking to connect;
(5) described terminal computer receives the packet of described prompting input authentication information, shows the authentication page;
(6) user inputs authentication information and submits to, and described terminal computer sends a packet of the post with described authentication information;
(7) described server is monitored and is received the described post packet with authentication information that described terminal computer sends, and obtains described authentication information;
(8) identify described authentication information;
(9) identify successfully, determine user's identity, authentication finishes;
(10) identify unsuccessfully, proceed to described step (1).
2. the method for identifying ID based on structure tcp data packet technology according to claim 1, it is characterized in that: described authentication information is account number and password.
3. the method for identifying ID based on structure tcp data packet technology according to claim 2, it is characterized in that: described server is monitored described LAN by Winpcap.
4. according to the arbitrary described method for identifying ID based on structure tcp data packet technology of claim 1-3, it is characterized in that: in described step (9), also comprise after identifying successfully and send packet that a prompting the is verified step to described terminal computer.
5. the method for identifying ID based on structure tcp data packet technology according to claim 4, it is characterized in that: in described step (10), identify unsuccessful, proceeding to described step (1) before, also comprising and send the step of a unsanctioned packet of prompting checking to described terminal computer.
6. the user identity identification system based on structure tcp data packet technology is characterized in that: comprising:
LAN is monitored module, monitors LAN;
Whether validating module, when listening to terminal computer and connect the request of outer net, surpass within T minute, to examine whether carry out authentication by the time of examining apart from terminal computer authentication last time;
Authentication module, comprise structure authentication information submodule and structure RST blocking-up steamed stuffed bun module, wherein, described structure authentication information submodule sends to the packet of the prompting input authentication information of described terminal computer for structure when needing authentication; The RST that described structure RST blocking-up steamed stuffed bun module issues for structure when needing authentication the outer net that described terminal computer and its request be connected blocks and wraps;
The authentication information input module for inputting authentication information, sends a packet of the post with described authentication information after the authentication information input;
The authentication information acquisition module, obtain the authentication information in described post packet;
The identity information identification module, the described authentication information that identification is obtained, identify successfully, and authentication finishes; Identify unsuccessfully, proceed to LAN and monitor module and continue to monitor LAN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110234098 CN102244663B (en) | 2011-08-16 | 2011-08-16 | User identification method and system based on transmission control protocol (TCP) data packet construction technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110234098 CN102244663B (en) | 2011-08-16 | 2011-08-16 | User identification method and system based on transmission control protocol (TCP) data packet construction technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102244663A CN102244663A (en) | 2011-11-16 |
| CN102244663B true CN102244663B (en) | 2013-12-18 |
Family
ID=44962498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110234098 Expired - Fee Related CN102244663B (en) | 2011-08-16 | 2011-08-16 | User identification method and system based on transmission control protocol (TCP) data packet construction technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102244663B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426847A (en) * | 2013-08-22 | 2015-03-18 | 腾讯科技(深圳)有限公司 | Method, system and server for securely accessing and verifying an Internet service |
| CN110417679B (en) * | 2018-04-26 | 2022-06-14 | 阿里巴巴集团控股有限公司 | Method, device and system for avoiding bypass blocking |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6725378B1 (en) * | 1998-04-15 | 2004-04-20 | Purdue Research Foundation | Network protection for denial of service attacks |
| CN101350746A (en) * | 2007-07-20 | 2009-01-21 | 莱克斯信息技术(北京)有限公司 | By-path interdiction TCP connection |
| CN101447896A (en) * | 2007-11-27 | 2009-06-03 | 北京高信达网络科技有限公司 | TCP connection managing method for internet bypass monitoring system |
| CN101582771A (en) * | 2009-07-02 | 2009-11-18 | 济宁盛世光明软件技术有限公司 | Method of identity recognition of computer internet under mode of multi-stage routers |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100889670B1 (en) * | 2007-08-08 | 2009-03-19 | 삼성에스디에스 주식회사 | Method for preventing tcp-based denial-of-service attacks on mobile devices |
-
2011
- 2011-08-16 CN CN 201110234098 patent/CN102244663B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6725378B1 (en) * | 1998-04-15 | 2004-04-20 | Purdue Research Foundation | Network protection for denial of service attacks |
| CN101350746A (en) * | 2007-07-20 | 2009-01-21 | 莱克斯信息技术(北京)有限公司 | By-path interdiction TCP connection |
| CN101447896A (en) * | 2007-11-27 | 2009-06-03 | 北京高信达网络科技有限公司 | TCP connection managing method for internet bypass monitoring system |
| CN101582771A (en) * | 2009-07-02 | 2009-11-18 | 济宁盛世光明软件技术有限公司 | Method of identity recognition of computer internet under mode of multi-stage routers |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102244663A (en) | 2011-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2651097B1 (en) | Method of authenticating a user at a service on a service server, application and system | |
| CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
| CN104243458A (en) | Secure online game logging-in method and system | |
| CN106304264B (en) | Wireless network access method and device | |
| CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
| CN103795966B (en) | A kind of security video call implementing method and system based on digital certificate | |
| CN109729000B (en) | Instant messaging method and device | |
| CN105392137A (en) | Household WIFI embezzlement preventing method, wireless router and terminal equipment | |
| EP1680940B1 (en) | Method of user authentication | |
| CN112020716A (en) | Remote biometric identification | |
| CN107659935A (en) | A kind of authentication method, certificate server, network management system and Verification System | |
| CN105792204A (en) | Network connection authentication method and device | |
| CN103401686A (en) | User Internet identity authentication system and application method thereof | |
| CN109587683B (en) | Method and system for preventing short message from being monitored, application program and terminal information database | |
| CN107786978B (en) | NFC authentication system based on quantum encryption | |
| CN101594615B (en) | Method, system and equipment for network management of terminal triple information security | |
| CN102244663B (en) | User identification method and system based on transmission control protocol (TCP) data packet construction technology | |
| CN103621125A (en) | Systems and methods of integrating openid with a telecommunications network | |
| CN101771684A (en) | Internet compuphone authentication method and service system thereof | |
| CN110267264B (en) | System for binding non-networked intelligent terminal and user mobile terminal | |
| CN106453400B (en) | A kind of authentication method and system | |
| CN115767538A (en) | Information verification method, information processing method, device and equipment | |
| CN107864136A (en) | A kind of stolen method of anti-locking system short message service | |
| CN106533895A (en) | Password-based instant communication method and system | |
| KR101310043B1 (en) | Voice one-time password based user authentication method on smart phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131218 Termination date: 20210816 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |