CN104092698A - Network resource access control method and device - Google Patents
Network resource access control method and device Download PDFInfo
- Publication number
- CN104092698A CN104092698A CN201410347303.0A CN201410347303A CN104092698A CN 104092698 A CN104092698 A CN 104092698A CN 201410347303 A CN201410347303 A CN 201410347303A CN 104092698 A CN104092698 A CN 104092698A
- Authority
- CN
- China
- Prior art keywords
- white list
- address
- internet resources
- network resource
- dns server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a network resource access control mechanism based on domain name server analysis and a white list, and discloses a network resource access control method and device. The method can include the steps of detecting a network resource access request, obtaining a target IP address of the network resource access request, and determining whether the network resource access request is allowed or not by matching the obtained target IP address with the network resource white list, wherein the network resource white list stores IP addresses of credible network resources. According to the scheme, judgment omission caused by incomplete URL information or untimely renewing can be reduced, and the probability of having access to inappropriate content on the Internet can be eliminated or at least lowered.
Description
Technical field
The present invention relates to moving communicating field, more specifically, relate to a kind of access control method to Internet resources for mobile terminal and corresponding device.
Background technology
In recent years, the use of mobile terminal was more and more universal.As used herein, term " mobile terminal " can refer to the various equipment with radio communication function such as smart mobile phone, wireless PDA, laptop computer, flat computer.
Current, along with the universal and development of mobile terminal, school-age children use as also more and more general in the present situation of the mobile terminal of mobile phone and so on.Because mobile terminal use convenience and carrying content rich, the head of a family and child by mobile phone obtain education related resource and knowledge level also more and more higher.Utilize at present mobile application and browser to obtain educational resource by online mode and become more and more universal.
For this by obtain the mode of educational resource at line method, because its interconnected and open nature, child is in the normal educational resource of access, unintentionally or because child's curiosity is probably accessed the website that this should not access, network as unsound in some.In order to prevent this situation, often adopt the mode of network address classification to control the resource of access at present.This existing mode generally can be controlled the Internet resources of user's access effectively, but this control is often controlled based on web content, there is limitation in coverage rate, also can be because of occurring URL(uniform resource locator) (Uniform Resource Locator, being called for short URL) information is complete or upgrade the situation that makes not in time to fail to judge and occur, thus cause or can access uncomfortable content.
Therefore, need a kind of improved access control mechanisms to Internet resources for mobile terminal, it can eliminate or at least reduce the possibility of the uncomfortable content on access the Internet.
Summary of the invention
To achieve these goals, the present invention proposes a kind of based on name server (domain name server, be called for short DNS) resolve and the network resource accession controlling mechanism of white list, it can reduce because URL information is incomplete or upgrade the situation of failing to judge causing not in time, eliminates or at least reduce the possibility of the uncomfortable content on access the Internet.
According to an aspect of the present invention, provide a kind of access control method to Internet resources for mobile terminal.This access control method can comprise: detect the access request to Internet resources; Obtain target Internet protocol (Internet Protocol the is called for short IP) address of described access request; The target ip address obtaining by coupling and Internet resources white list, determine whether allow described access request, wherein, and the IP address of described Internet resources white list storage trustable network resource.
In some embodiments of the invention, this access control method can also comprise: safeguard dns server white list, described dns server white list is stored the information of credible dns server.
In some embodiments of the invention, this access control method can also comprise: safeguard described Internet resources white list.The maintenance of described Internet resources white list can comprise: the information of adding and/or deleting trustable network resource.For example, for adding operation, user can directly input the IP address of the trustable network resource that will add.The IP address of the trustable network resource that can directly will add in this case, is added described Internet resources white list to.Alternatively, user can input the URL information of the trustable network resource that will add.In this case, the interpolation of described Internet resources white list can comprise: the URL information of the trustable network resource that reception will be added; By the credible dns server in dns server white list, described URL information is resolved, to obtain the IP address of the trustable network resource that will add; And add the IP address of the described trustable network resource that will add to described Internet resources white list.
In some embodiments of the invention, in the access request detecting, comprise target ip address.In this case, the target ip address that obtains described access request can be directly from access request, to obtain target ip address.What in the access request detecting in further embodiments,, comprise is target URL information instead of target ip address.In this case, the target ip address that obtains described access request can comprise: extract the target URL information in described access request; And by the credible dns server in dns server white list, the target URL information of extracting is resolved, to obtain described target ip address.
According to a further aspect in the invention, provide a kind of access control apparatus to Internet resources for mobile terminal.This access control apparatus can comprise: detection module, for detection of the access request to Internet resources; IP acquisition module, for obtaining the target ip address of access request; Control module, the target ip address obtaining by coupling and Internet resources white list, determine whether allow described access request, wherein, the IP address of described Internet resources white list storage trustable network resource.
In some embodiments of the invention, this access control apparatus can also comprise: dns server white list administration module, it is configured for safeguards dns server white list.Described dns server white list is stored the information of credible dns server.
In some embodiments of the invention, this access control apparatus can also comprise: Internet resources white list administration module, it is configured for maintaining network resource white list.The maintenance of described Internet resources white list can comprise: the information of adding and/or deleting trustable network resource.For example, for adding operation, user can directly input the IP address of the trustable network resource that will add.The IP address of the trustable network resource that in this case, Internet resources white list administration module can directly will add is added described Internet resources white list to.Alternatively, user can input the URL information of the trustable network resource that will add.In this case, Internet resources white list administration module can be further configured to: the URL information of the trustable network resource that reception will be added; By the credible dns server in dns server white list, described URL information is resolved, to obtain the IP address of the trustable network resource that will add; And add the IP address of the described trustable network resource that will add to described Internet resources white list.
In some embodiments of the invention, described access control apparatus also comprises: Internet resources dns resolution module, it is configured for IP address corresponding to URL information that parses Internet resources by the credible dns server in dns server white list.
The scheme that the present invention proposes can solve deficiency and the imperfection of the existing scheme of facing moving terminal to online content access control.The access control method based on dns resolution and white list proposing according to the present invention, initiatively carry out credible dns server setting, dns resolution function and the management of Internet resources white list and control function by terminal use, can ensure when child carries out network resource accession by the browser of mobile terminal or mobile application, the content that child can be accessed by whole Internet resources white list be limited in have a mind to and zone of reasonableness in, thereby prevent child because unintentionally or intentional act and access the content that should not access.
Brief description of the drawings
By below in conjunction with brief description of the drawings the preferred embodiments of the present invention, will make of the present invention above-mentioned and other objects, features and advantages are clearer, wherein:
Fig. 1 schematically shows and can realize the schematic block diagram of mobile terminal according to an embodiment of the invention.
Fig. 2 schematically shows according to the flow chart of the access control method to Internet resources for mobile terminal of the embodiment of the present invention;
Fig. 3 has schematically shown according to the block diagram of the access control apparatus to Internet resources for mobile terminal of the embodiment of the present invention; And
Fig. 4 schematically shows according to the flow chart of a specific implementation 400 of the access control method to Internet resources for mobile terminal of the embodiment of the present invention.
In institute of the present invention drawings attached, same or analogous structure all identifies with same or analogous Reference numeral.
Embodiment
Describe the present invention in detail referring now to accompanying drawing, shown in the drawings of illustrative embodiment of the present invention, to make those skilled in the art can realize the present invention.Being noted that the following drawings and example do not mean that limits the scope of the present invention to single embodiment, on the contrary by exchange and combine described in some or all of different embodiment or shown in element to form other embodiment be also possible.In addition, in the situation that can partially or completely realizing element-specific of the present invention by known tip assemblies, to only describe in these known tip assemblies in order to understand part assembly essential to the invention, and by the detailed description of omitting other parts in these known tip assemblies, to make the present invention more outstanding.Unless pointed out separately herein, otherwise those skilled in the art should understand that: existing although some embodiments of the present invention are described as with software real form, but the present invention is not limited to this, but also can realize with the combination of hardware, software and hardware, and vice versa.Unless explicit state separately herein, otherwise in this manual, it is restrictive the embodiment that shows single component should not being considered as, but the invention is intended to comprise other embodiment including multiple same components, and vice versa.In addition the equivalent current and that develop in the future that, the present invention comprises the known tip assemblies of quoting as signal herein.
Fig. 1 schematically shows and can realize the schematic block diagram of mobile terminal 100 according to an embodiment of the invention.As shown in Figure 1, mobile terminal can comprise: CPU (CPU) 101, RAM (random access memory) 102, ROM (read-only memory) 103, system bus 104, SIM/RUIM105, loud speaker 106, microphone 107, auxiliary I/O (I/O) subsystem 108, FPDP 109, communication subsystem 110, display controller 112, display 113 and other subsystems 114.In these equipment, CPU101, RAM102, ROM103, SIM/RUIM105, loud speaker 106, microphone 107, auxiliary I/O (I/O) subsystem 108, FPDP 109, communication subsystem 110, display controller 112 and other subsystems 114 are coupled by system bus 104.Display 113 is coupled with display controller 112.Particularly, CPU101 can control the overall operation of mobile terminal 100.Communication subsystem 110 can, for interconnection network, to carry out various communication functions, comprise data and voice communication.Should be appreciated that the structured flowchart described in Fig. 1 illustrates just to the object of example, instead of limitation of the scope of the invention.In some cases, can increase or reduce as the case may be some equipment.
Fig. 2 schematically shows according to the flow chart of the access control method 200 to Internet resources for mobile terminal of the embodiment of the present invention.Method 200 can be brought in execution by the network resource accession control client according to the embodiment of the present invention who installs on mobile terminal 100.This client can automatically start in the time that mobile terminal 100 is opened, or can initiatively be started by user.In the time that client is moved, it is by the access request to Internet resources continuing on monitoring mobile terminal 100.
When using mobile application and browser on mobile terminal, user initiates access request (the Internet Request to remote network resource, be called for short IR), client will monitor this access request, so start manner of execution 200, this access request be controlled.
In step S210, detect the access request to Internet resources of initiating in mobile terminal 100.This access request can be for example the request to browsing page of initiating by browser, or downloads the request of video, music or other resources in high in the clouds, etc.This access request comprises destination address information corresponding to Internet resources that will access, such as URL information or IP address etc. conventionally.
In step S220, obtain target Internet protocol (IP) address of this access request.Directly provide the object IP address that the Internet resources that will access are corresponding in the case of user, can obtain its target ip address by resolving this access request.But under normal circumstances, the destination address information that user provides in the time of request access online resource is URL information, and does not know or be indifferent to its IP address.In this case, first client will obtain target URL information by resolving access request; Then resolve obtained target URL information by dns server, obtain its associated target ip address information.
In step S230, mate with Internet resources white list by the target ip address that step S220 is obtained, determine whether to allow this access request.In this Internet resources white list, stored the IP address of trustable network resource, it can be realized with chained list or other suitable data structures.Internet resources white list can be stored in the memory on mobile terminal 100, and is loaded in internal memory in the time of client terminal start-up of the present invention.If find that in step S230 target ip address is present in the Internet resources white list in internal memory, this access request will be allowed to.Otherwise if this target ip address is not present in the Internet resources white list in internal memory, this access request will directly be prohibited, relevant information can store in daily record simultaneously.In addition, if the target information of obtaining is invalid information or can not identifying information, refuse this access request, directly stop access process this time.
In certain embodiments, method 200 can also comprise the operation of safeguarding dns server white list.Dns server white list is stored the information of credible dns server.User can initiatively add or delete this dns server white list.Only have the IP address of resolving by these dns servers in dns server white list to be only the reliable information of mobile terminal 100 (its network resource accession control client particularly) accreditation.The dns server to URL information that may exist in step S220 in these embodiments, is resolved and is preferably utilized the dns server in dns server white list to complete.
In some preferred embodiments, method 200 can also comprise the operation of maintaining network resource white list.Client can have the Internet resources white list of acquiescence, and allows user initiatively Internet resources white list to be upgraded, for example, add the IP address of new trustable network resource and/or delete the existing IP address comprising in these Internet resources.Be elaborated as example to add new trustable network resource below.User can directly input the IP address of the trustable network resource that will add.In this case, client can be directly will user's input the IP address of trustable network resource add in Internet resources white list.Alternatively, user can input the URL information of the trustable network resource that will add.In this case, client can receive the URL information of the trustable network resource that will add of user's input.Then, by the credible dns server in dns server white list, this URL information is resolved, to obtain the IP address of the trustable network resource that will add.Add in Internet resources white list the IP address of the trustable network resource that finally will add.Embodiments of the invention, by Internet resources white list storage networking money source IP address instead of this mode of Internet resources URL information, can be avoided in the time that the Internet resources URL information of access changes owing to not having corresponding update mechanism to react in time the undetected situation that this variation causes.
Fig. 3 has schematically shown according to the block diagram of the access control apparatus 300 to Internet resources for mobile terminal 100 of the embodiment of the present invention.As shown in the figure, access control apparatus 300 can comprise: detection module 310, IP acquisition module 320, control module 330 and memory cell 340.
Detection module 310 can be configured to detect the access request to Internet resources of initiating in mobile terminal 100.
IP acquisition module 320 can be configured to obtain the target ip address of detected access request.
Control module 330 can be configured to: by the target ip address of the access request of obtaining is mated with Internet resources white list, determine whether to allow detected access request.
Memory cell 340 can storage networking resource white list.The IP address of this Internet resources white list storage is credible (allow access) Internet resources, it can be realized with chained list or other suitable data structures.Preferably, memory cell 340 is also stored dns server white list.Dns server white list is stored the information of credible dns server.Only have the IP address of resolving by these dns servers in dns server white list to be only reliable information.
Alternatively, memory cell 340 can also be stored other data, for example daily record etc.Memory cell 340 can be realized by one or more memories, and it can be positioned on single physical equipment or be distributed on different physical equipments.Can realize memory cell by various memory technologies well known by persons skilled in the art.The present invention is unrestricted in this.Memory cell 340 for example can comprise SD card, disk, magneto optical disk, CD or semiconductor memory technologies etc.
In some embodiments of the invention, this access control apparatus 300 can also comprise: dns server white list administration module, it is configured for safeguards dns server white list.This dns server white list is stored the information of credible dns server.
In some embodiments of the invention, this access control apparatus 300 can also comprise: Internet resources white list administration module, it is configured for maintaining network resource white list.Can comprise the maintenance of Internet resources white list: the information of adding and/or deleting trustable network resource.For example, for adding operation, user can directly input the IP address of the trustable network resource that will add.The IP address of the trustable network resource that in this case, Internet resources white list administration module can directly will add is added described Internet resources white list to.Alternatively, user can input the URL information of the trustable network resource that will add.In this case, Internet resources white list administration module can be further configured to: the URL information of the trustable network resource that reception will be added; By the credible dns server in dns server white list, described URL information is resolved, to obtain the IP address of the trustable network resource that will add; And add the IP address of the described trustable network resource that will add to described Internet resources white list.
According to a preferred embodiment of the invention, access control apparatus 300 can also comprise: Internet resources dns resolution module, it is configured for IP address corresponding to URL information that parses Internet resources by the credible dns server in dns server white list.
According to a preferred embodiment of the invention, IP acquisition module 320 is in the time carrying out the parsing of URL information, can carry out by calling Internet resources dns resolution module, also carry out the parsing of URL information to obtain its associated IP address by the dns server in dns server white list.
As already mentioned above, device 300 assemblies that can be used as client or this client are arranged in terminal 100.This client can software form be arranged on voluntarily in mobile terminal 100, or can be arranged in terminal 100 with the form of hardware or firmware by terminal production firm.This client can automatically start in the time that terminal 100 is opened, or can initiatively be started by user.In the time that client is moved, it can manner of execution 200.The operation of installing 300 modules can, referring to the description to method 200, not repeated them here.
Hereinafter with reference Fig. 4 is applied to the mobile phone that uses Android operating system and introduces a specific implementation example of the present invention as example taking the present invention.But should be appreciated that the present invention is not limited thereto.
Fig. 4 shows according to the schematic diagram of the access control process 400 to Internet resources on Android mobile phone of the embodiment of the present invention example.
In this embodiment, network resource accession control client will comprise white list configuration application (the WhiteList Configuration realizing by Java and Andorid SDK, be called for short WLC) and by the network resource accession control application (Internet Resource Control is called for short IRC) of C++ and Android NDK realization.
This WLC can comprise dns server white list administration module (DNS Server Whitelist, be called for short DSWL), Internet resources dns resolution module (Internet DNS Resolve, be called for short IDR) and Internet resources white list administration module (DNS WhiteList Management is called for short DWC).The dns server information that this DSWL provides according to user, generates reliable dns server white list, that is, only have the IP address of resolving by these dns servers to be only reliable information.The URL that IDR realizes specifying carries out parse operation, and provides the IP address information associated with it.DWC, according to IDR analysis result, provides and whether produces Internet resources function of white name list, and existing Internet resources white list is managed.
IRC carries out security monitoring according to the configuration information of IDR to user's access to netwoks behavior.
Process 400 starts from after the system startup of mobile terminal.
In step S402, load IRC module.
In step S404, IRC reads dns server white list and Internet resources white list from assigned address.If dns server white list exists (the "Yes" branch of step S406), in step S408, use the configuration information of already present dns server white list.If cannot read the content (the "No" branch of step S406) of dns server white list, the information of the acquiescence dns server white list that IRC carries employing in step S410.If Internet resources white list exists, in step S414, use so the configuration information of already present Internet resources white list.If cannot read the content (the "No" branch of step S412) of Internet resources white list, the information of the default network resource white list that IRC carries employing in step S416.So IRC reads DSWL and DWC information in internal memory, deposit in for example single linked list mode respectively, then IRC will operate in backstage with service (Service) form.
After IRC starts, in step S418, system is enabled WLC application.
In step S420, produce dns server white list by the DSWL of WLC module.Particularly, allow user add, renewal and deletion dns server address, thereby form dns server white list.DSWL is also after dns server white list upgrades, and notice IDR upgrades.
In step 422, IDR, according to dns server white list, resolves to its associated IP address by URL.The IDR of WLC module resolves to obtain corresponding IP address to adding the URL information of Internet resources white list to.This mode can be avoided in the time that the Internet resources URL information of access changes, the undetected situation occurring in the time not having corresponding update mechanism to catch up with.Its source IP from Internet resources controls, and this IP address is as the interpolation foundation of subsequent network resource white list.First IDR needs the information of dns server white list, by the dns server in dns server white list, URL is resolved.
Above-mentioned URL information, to the parsing of corresponding IP address, can be carried out according to the corresponding relation of URL information and IP address.This correspondence relationship information can be stored in Sqlite data in appointment table, and carries out index taking URL as keyword.In the time of application start, read all information of depositing in this table, and by balanced binary tree algorithm, in internal memory, form the balanced binary tree structure (U_IP_TREE) taking URL information as key message of being convenient to search, wherein, each node information form can be NODE=<URL, IP>.Whether IDR, using the URL information that gets as key message, searches and has matched nodes to exist in U_IP_TREE.If existed, the corresponding informance of this node (NODE) is taken out, obtain wherein IP information, complete resolving.
In step S424, according to the IP address that obtains or produce by IDR, provide the generting machanism that records of Internet resources white list by DWC, the IP address that needs are added adds Internet resources white list as new record.Wherein, the only IP address in the scope of Internet resources white list, the user of mobile terminal just can normally access.
In step 426, IRC monitors all access request (IR) to far-end network resource on backstage.Once find to have network resource accession request, IRC will take over this IR.
If IR detected in step S428, advance to step S430.In step S430, IRC resolves the access destination information of IR.If IR do not detected in step S428, return to step S426 and continue to monitor the access request to Internet resources.
If the IR access destination information parsing in step S430 is IP address (the "Yes" branch of step S432), advance to step S434.In step S434, IRC by this IP address directly and the information of the Internet resources white list of depositing in internal memory compare.If this IP address is present in the chained list of Internet resources white list (the "Yes" branch of step S434), advance to step S442 and allow access request this time, and in step S446, relevant information is existed in daily record, as/sdcard/dwc.log.If this IP address is not present in the chained list of Internet resources white list (the "No" branch of step S434), advance to step S444.So, in step S444, forbid this visit process, and in step S446, relevant information is existed in daily record, as ,/sdcard/dwc.log.
If the IR access destination information parsing in step S430 is not IP address (the "No" branch of step S432), advance to step S436.Whether the target information that judgement is obtained in step S430 is URL address.If the judged result of step S436 is "Yes", advance to step S438.In step S438, IRC will call IDR function to WLC, so that this URL information analysis is become to IP address information.IDR, by the information of the dns server limiting according to dns server white list, becomes corresponding IP address information by URL address resolution, to return to IRC.Then,, in step S440, IRC compares the information of the Internet resources white list of depositing in this IP address information and internal memory.If be present in the chained list of Internet resources white list (the "Yes" branch of step S440), advance to step S442, allow this visit, and in step S446, relevant information is existed in daily record, as/sdcard/dwc.log.If there is no in DWC chained list (the "No" branch of step S440), advances to step S444, and forbid this visit, and in step S446, relevant information is existed in journal file, as/sdcard/dwc.log.
If the judged result of step S436 is "No", also be that the target information obtained in step S430 is invalid or can not identifying information, directly advance to step S444, forbid this visit process, and in step S446, relevant information is existed in journal file, as/sdcard/dwc.log.
After step S446, process 400 can be returned to step S426, and IRC will continue to monitor the access request to Internet resources.
Introduce the access control process 400 to Internet resources on Android mobile phone with reference to accompanying drawing 4 above.In this example, IRC can be realized by the detection module of above-mentioned access control apparatus 300 310, IP acquisition module 320 and control module 330.DSWL function, IDR function and the DWC function of WLC can be realized by Internet resources white list administration module, Internet resources dns resolution module and the dns server white list administration module of above-mentioned access control apparatus 300 respectively.Do not repeat them here.
Should be appreciated that, process 400 shows the detection of the access request to Internet resources on mobile terminal and numerous details of follow-up security measures, but can in the situation that there is no these details, realize the embodiment of the present invention.
Above invention has been described in conjunction with the preferred embodiments.It will be understood by those skilled in the art that the method and apparatus illustrating is only exemplary above.Method of the present invention is not limited to the step and the order that illustrate above.Device of the present invention can comprise the parts more more or less than the parts that illustrate.Those skilled in the art can carry out many variations and amendment according to the instruction of illustrated embodiment.
Device of the present invention and parts thereof can be by such as very lagre scale integrated circuit (VLSIC) or gate array, realize such as the semiconductor of logic chip, transistor etc. or such as the hardware circuit of the programmable hardware device of field programmable gate array, programmable logic device etc., also can use the software of being carried out by various types of processors to realize, also can be realized by the combination of above-mentioned hardware circuit and software.
The present invention can realize plurality of advantages.Scheme provided by the invention is carried out the access control to Internet resources based on dns resolution and white list, can ensure that user is when network resource accession is carried out in the browser by mobile terminal or mobile application, the content constraints that it can be accessed have a mind to and zone of reasonableness in, thereby prevent because be not intended to or intentional act and access the content that should not access, to solve deficiency and the imperfection of existing facing moving terminal to online content access control.
Although it should be appreciated by those skilled in the art that by specific embodiment and described the present invention, scope of the present invention is not limited to these specific embodiments.Scope of the present invention is limited by claims and any equivalents thereof.
Claims (10)
1. for the access control method to Internet resources of mobile terminal, comprising:
Detect the access request to Internet resources;
Obtain target Internet protocol " IP " address of described access request;
The target ip address obtaining by coupling and Internet resources white list, determine whether to allow described access request,
Wherein, the IP address of described Internet resources white list storage trustable network resource.
2. method according to claim 1, also comprises: safeguard name server " DNS " server white list, described dns server white list is stored the information of credible dns server.
3. method according to claim 1, also comprises: maintaining network resource white list.
4. method according to claim 3, also comprises; Described maintaining network resource white list further comprises:
URL(uniform resource locator) " URL " information of the trustable network resource that reception will be added;
By the credible dns server in dns server white list, described URL information is resolved, to obtain the IP address of the trustable network resource that will add; And
Add the IP address of the described trustable network resource that will add to described Internet resources white list.
5. according to the method described in any one in claim 1-3, the target ip address that wherein obtains described access request comprises:
Extract the target URL information in described access request; And
By the credible dns server in dns server white list, the target URL information of extracting is resolved, to obtain described target ip address.
6. for the access control apparatus to Internet resources of mobile terminal, comprising:
Detection module, is configured to: detect the access request to Internet resources;
IP acquisition module, is configured to: target Internet protocol " IP " address that obtains access request;
Control module, is configured to: the target ip address obtaining by coupling and Internet resources white list, determine whether to allow described access request,
Wherein, the IP address of described Internet resources white list storage trustable network resource.
7. access control apparatus according to claim 6, also comprises:
Name server " DNS " server white list administration module, is configured to: safeguard dns server white list, described dns server white list is stored the information of credible dns server.
8. access control apparatus according to claim 6, also comprises:
Internet resources white list administration module, is configured to: for maintaining network resource white list.
9. access control module according to claim 8, described Internet resources white list administration module is further configured to:
URL(uniform resource locator) " URL " information of the trustable network resource that reception will be added;
By the credible dns server in dns server white list, described URL information is resolved, to obtain the IP address of the trustable network resource that will add; And
Add the IP address of the described trustable network resource that will add to described Internet resources white list.
10. according to the access control apparatus described in any one in claim 6-8, also comprise:
Internet resources dns resolution module, for parsing the IP address corresponding to URL information of Internet resources by the credible dns server of dns server white list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410347303.0A CN104092698A (en) | 2014-07-21 | 2014-07-21 | Network resource access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410347303.0A CN104092698A (en) | 2014-07-21 | 2014-07-21 | Network resource access control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104092698A true CN104092698A (en) | 2014-10-08 |
Family
ID=51640379
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410347303.0A Pending CN104092698A (en) | 2014-07-21 | 2014-07-21 | Network resource access control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104092698A (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580185A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | Method and system for network access control |
| CN105561580A (en) * | 2015-12-24 | 2016-05-11 | 北京奇虎科技有限公司 | Network protecting method and device based on game platform |
| CN105592046A (en) * | 2015-08-25 | 2016-05-18 | 杭州华三通信技术有限公司 | Authentication-free access method and device |
| CN105635073A (en) * | 2014-11-06 | 2016-06-01 | 华为技术有限公司 | Access control method and device and network access equipment |
| CN105847251A (en) * | 2016-03-22 | 2016-08-10 | 英赛克科技(北京)有限公司 | Security protection method and system for industrial control system using S7 protocol |
| CN105867551A (en) * | 2016-04-29 | 2016-08-17 | 广州玖晔网络科技有限公司 | Waterproof tablet personal computer used for children and having screen locking and education functions |
| CN105992194A (en) * | 2015-01-30 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Network data content acquiring method and network data content acquiring device |
| CN106295312A (en) * | 2016-08-19 | 2017-01-04 | 硕诺科技(深圳)有限公司 | A kind of mobile terminal limits the method that application program accesses network |
| CN106302383A (en) * | 2016-07-22 | 2017-01-04 | 北京奇虎科技有限公司 | The processing method of data access request and processing means |
| CN107836101A (en) * | 2015-06-27 | 2018-03-23 | 迈克菲有限责任公司 | Goodwill for URL |
| CN107979657A (en) * | 2017-12-18 | 2018-05-01 | 联想(北京)有限公司 | Dns address processing method and system for the network equipment |
| CN108322418A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | The detection method and device of unauthorized access |
| CN108777709A (en) * | 2018-05-31 | 2018-11-09 | 康键信息技术(深圳)有限公司 | Website access method, device, computer equipment and storage medium |
| CN109862025A (en) * | 2019-02-28 | 2019-06-07 | 北京安护环宇科技有限公司 | Access control method, apparatus and system based on black and white lists |
| CN110120932A (en) * | 2018-02-06 | 2019-08-13 | 华为技术有限公司 | Multipath method for building up and device |
| CN110661770A (en) * | 2018-06-29 | 2020-01-07 | 卡巴斯基实验室股份制公司 | System and method for blocking network connections with disabled classes of resources |
| CN112637106A (en) * | 2019-09-24 | 2021-04-09 | 成都鼎桥通信技术有限公司 | Method and device for terminal to access website |
| CN112637192A (en) * | 2020-12-17 | 2021-04-09 | 航天精一(广东)信息科技有限公司 | Authorization method and system for accessing micro-service |
| CN113906771A (en) * | 2019-05-21 | 2022-01-07 | 艾里斯通讯公司 | Communication flow control using domain names |
| CN114301635A (en) * | 2021-12-10 | 2022-04-08 | 中国联合网络通信集团有限公司 | Access control method and device and server |
| CN114499942A (en) * | 2021-12-22 | 2022-05-13 | 天翼云科技有限公司 | Data access method and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183968A (en) * | 2006-11-14 | 2008-05-21 | 中兴通讯股份有限公司 | Gateway equipment login and automatic configuration method |
| CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
| CN102891794A (en) * | 2011-07-22 | 2013-01-23 | 华为技术有限公司 | Data packet transmission control method and gateway device |
| CN103581363A (en) * | 2013-11-29 | 2014-02-12 | 杜跃进 | Method and device for controlling baleful domain name and illegal access |
-
2014
- 2014-07-21 CN CN201410347303.0A patent/CN104092698A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183968A (en) * | 2006-11-14 | 2008-05-21 | 中兴通讯股份有限公司 | Gateway equipment login and automatic configuration method |
| CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
| CN102891794A (en) * | 2011-07-22 | 2013-01-23 | 华为技术有限公司 | Data packet transmission control method and gateway device |
| CN103581363A (en) * | 2013-11-29 | 2014-02-12 | 杜跃进 | Method and device for controlling baleful domain name and illegal access |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635073A (en) * | 2014-11-06 | 2016-06-01 | 华为技术有限公司 | Access control method and device and network access equipment |
| CN105635073B (en) * | 2014-11-06 | 2020-06-26 | 华为技术有限公司 | Access control method and device and network access equipment |
| CN104580185B (en) * | 2014-12-30 | 2017-12-01 | 北京工业大学 | A kind of method and system of NS software |
| CN104580185A (en) * | 2014-12-30 | 2015-04-29 | 北京工业大学 | Method and system for network access control |
| CN105992194A (en) * | 2015-01-30 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Network data content acquiring method and network data content acquiring device |
| CN105992194B (en) * | 2015-01-30 | 2019-10-29 | 阿里巴巴集团控股有限公司 | The acquisition methods and device of network data content |
| CN107836101A (en) * | 2015-06-27 | 2018-03-23 | 迈克菲有限责任公司 | Goodwill for URL |
| CN105592046A (en) * | 2015-08-25 | 2016-05-18 | 杭州华三通信技术有限公司 | Authentication-free access method and device |
| CN105592046B (en) * | 2015-08-25 | 2019-04-12 | 新华三技术有限公司 | A kind of authentication-exempt access method and device |
| CN105561580A (en) * | 2015-12-24 | 2016-05-11 | 北京奇虎科技有限公司 | Network protecting method and device based on game platform |
| CN105847251A (en) * | 2016-03-22 | 2016-08-10 | 英赛克科技(北京)有限公司 | Security protection method and system for industrial control system using S7 protocol |
| CN105847251B (en) * | 2016-03-22 | 2018-10-30 | 英赛克科技(北京)有限公司 | Using the industrial control system safety protecting method and system of S7 agreements |
| CN105867551A (en) * | 2016-04-29 | 2016-08-17 | 广州玖晔网络科技有限公司 | Waterproof tablet personal computer used for children and having screen locking and education functions |
| CN106302383A (en) * | 2016-07-22 | 2017-01-04 | 北京奇虎科技有限公司 | The processing method of data access request and processing means |
| CN106295312A (en) * | 2016-08-19 | 2017-01-04 | 硕诺科技(深圳)有限公司 | A kind of mobile terminal limits the method that application program accesses network |
| CN108322418A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | The detection method and device of unauthorized access |
| CN107979657A (en) * | 2017-12-18 | 2018-05-01 | 联想(北京)有限公司 | Dns address processing method and system for the network equipment |
| WO2019154017A1 (en) * | 2018-02-06 | 2019-08-15 | 华为技术有限公司 | Multipath establishing method and apparatus |
| CN110120932A (en) * | 2018-02-06 | 2019-08-13 | 华为技术有限公司 | Multipath method for building up and device |
| US11432357B2 (en) | 2018-02-06 | 2022-08-30 | Huawei Technologies Co., Ltd. | Multipath establishment method and apparatus |
| CN108777709A (en) * | 2018-05-31 | 2018-11-09 | 康键信息技术(深圳)有限公司 | Website access method, device, computer equipment and storage medium |
| CN110661770A (en) * | 2018-06-29 | 2020-01-07 | 卡巴斯基实验室股份制公司 | System and method for blocking network connections with disabled classes of resources |
| CN109862025A (en) * | 2019-02-28 | 2019-06-07 | 北京安护环宇科技有限公司 | Access control method, apparatus and system based on black and white lists |
| CN113906771A (en) * | 2019-05-21 | 2022-01-07 | 艾里斯通讯公司 | Communication flow control using domain names |
| CN112637106A (en) * | 2019-09-24 | 2021-04-09 | 成都鼎桥通信技术有限公司 | Method and device for terminal to access website |
| CN112637192A (en) * | 2020-12-17 | 2021-04-09 | 航天精一(广东)信息科技有限公司 | Authorization method and system for accessing micro-service |
| CN112637192B (en) * | 2020-12-17 | 2023-10-03 | 广东精一信息技术有限公司 | Authorization method and system for accessing micro-service |
| CN114301635A (en) * | 2021-12-10 | 2022-04-08 | 中国联合网络通信集团有限公司 | Access control method and device and server |
| CN114301635B (en) * | 2021-12-10 | 2024-02-23 | 中国联合网络通信集团有限公司 | Access control method, device and server |
| CN114499942A (en) * | 2021-12-22 | 2022-05-13 | 天翼云科技有限公司 | Data access method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104092698A (en) | Network resource access control method and device | |
| US11240348B2 (en) | Remotely managing application settings using hash value comparison | |
| RU2615057C2 (en) | Method and device for access to web-page and router | |
| RU2383921C2 (en) | Simple and dynamic configuration of network devices | |
| US8200962B1 (en) | Web browser extensions | |
| US9680964B2 (en) | Programming model for installing and distributing occasionally connected applications | |
| US20230072428A1 (en) | Method, Apparatus, and System for Pushing Application Program, and Device | |
| US8965958B2 (en) | File fetch from a remote client device | |
| US10152660B2 (en) | Smart card read/write method and apparatus | |
| US8359031B2 (en) | Computer based method and system for logging in a user mobile device at a server computer system | |
| US20140068026A1 (en) | System for automatically configuring server using pre-recorded configuration script and method thereof | |
| CN102480501A (en) | Application resource downloading method and associated equipment | |
| US9824218B1 (en) | Detecting setting tampering | |
| EP4161015A1 (en) | Network management system, method, and apparatus, and electronic device | |
| CN104363578A (en) | Method and system for automatically installing matched application when mobile equipment accesses to WIFI (wireless fidelity) hot spot | |
| KR100856117B1 (en) | Information providing system and method | |
| US9348999B2 (en) | User terminal, reliability management server, and method and program for preventing unauthorized remote operation | |
| US9306884B2 (en) | Computer-based method and system for processing a file request in response to a message received from a user mobile device | |
| US11263283B1 (en) | Method and system for asynchronous correlation of data entries in spatially separated instances of heterogeneous databases | |
| CN103354927A (en) | Method and apparatus for managing content in a processing device | |
| US20190098045A1 (en) | Browser injection prevention method, browser client and apparatus | |
| CN105956202A (en) | Web page display method and web page display apparatus in browser as well as terminal | |
| CN103491113B (en) | A kind of synchronous method, the apparatus and system of information fusion file | |
| CN115599669A (en) | Debugging method and device of microservice, electronic equipment and readable storage medium | |
| US11645382B2 (en) | Sentinel system for an online device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141008 |