CN108322366B - Method, device and system for accessing network - Google Patents

Method, device and system for accessing network Download PDF

Info

Publication number
CN108322366B
CN108322366B CN201710031638.5A CN201710031638A CN108322366B CN 108322366 B CN108322366 B CN 108322366B CN 201710031638 A CN201710031638 A CN 201710031638A CN 108322366 B CN108322366 B CN 108322366B
Authority
CN
China
Prior art keywords
terminal
access
virtual private
private network
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710031638.5A
Other languages
Chinese (zh)
Other versions
CN108322366A (en
Inventor
王青华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201710031638.5A priority Critical patent/CN108322366B/en
Publication of CN108322366A publication Critical patent/CN108322366A/en
Application granted granted Critical
Publication of CN108322366B publication Critical patent/CN108322366B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a method, a device and a system for accessing a network. Wherein, this system includes: the terminal is used for determining that the data to be accessed needs to be connected with a virtual private network, verifying the data to be accessed through a preset verification mode, and sending an access request to the server according to a verification result, wherein the preset verification mode is used for verifying whether prestored identity verification information of the terminal meets the standard of accessing the server; the network to which the server belongs is a virtual private network; and the server is connected with the terminal and used for receiving the access request sent by the terminal and accessing the terminal to the virtual private network to which the server belongs according to the access request. The invention solves the technical problem of low login efficiency caused by login of VPN in the prior art.

Description

Method, device and system for accessing network
Technical Field
The present invention relates to the field of network technology application, and in particular, to a method, an apparatus, and a system for accessing a network.
Background
With the wide application of cloud office technology, a user access Virtual Private Network (VPN for short) becomes a common office mode, and the office mode has the advantages that multi-platform office can be realized on one computer as long as the computing capability of the computer can meet the computing requirement of the Virtual machine on one computer, and cloud office also provides significant contribution to information security problems, that is, working contents completed on the Virtual machine or internal data of a company group stored on the Virtual machine cannot be stored on the local computer, and the problem of information disclosure cannot be caused by copying on the local computer.
In the existing method for logging in the VPN, a user is often required to dial in the VPN by himself, to complete authentication through a password token, and then to disconnect the VPN by means of actively disconnecting the VPN or powering off and sleeping the computer.
The main disadvantage of accessing the intranet of the company by dialing the VPN by the user is represented by complicated login process, the need of logging in an account and a password and the need of waiting for passing the verification.
Aiming at the problem of low login efficiency caused by login of the VPN in the prior art, an effective solution is not provided at present.
Disclosure of Invention
The embodiment of the invention provides a method, a device and a system for accessing a network, which at least solve the technical problem of low login efficiency caused by login of a VPN in the prior art.
According to an aspect of an embodiment of the present invention, there is provided a system for accessing a network, including: the terminal is used for determining that the data to be accessed needs to be connected with a virtual private network, verifying the data to be accessed through a preset verification mode, and sending an access request to the server according to a verification result, wherein the preset verification mode is used for verifying whether prestored identity verification information of the terminal meets the standard of accessing the server; the network to which the server belongs is a virtual private network; and the server is connected with the terminal and used for receiving the access request sent by the terminal and accessing the terminal to the virtual private network to which the server belongs according to the access request.
Optionally, the terminal includes: the system comprises a first terminal and a second terminal, wherein the first terminal is used for determining that the data connection to be accessed needs to be connected with network resources in a virtual private network; sending an access authentication request to the second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information in the access authentication request; the pre-storing of the authentication information includes: verifying the certificate; the second terminal is connected with the first terminal and used for receiving the access authentication request and detecting whether the verification certificate is matched with the verification signaling accessed to the virtual private network; and if the detection result is yes, returning access confirmation information to the first terminal so that the first terminal sends an access request to the server according to the access confirmation information.
Further, optionally, the certificate of authenticity comprises: the account and the password are used for logging in the virtual private network.
Optionally, the first terminal includes: the system comprises a user system and an inspection system, wherein the inspection system is used for detecting whether data to be accessed in the user system is connected with network resources in the virtual private network; sending prompt information to the user system, wherein the prompt information is used for indicating whether the user system is accessed to the virtual private network; the user system is connected with the checking system and used for receiving the prompt information and returning the access confirmation information according to the prompt information; the checking system is further configured to send an access authentication request to the second terminal according to the received access confirmation information.
Optionally, the first terminal is further configured to detect whether there is an operation of requesting data from the virtual private network within a preset time interval after accessing the virtual private network, determine whether the current detection time is greater than or equal to an upper threshold of the preset time interval if the detection result is negative, and send a disconnection request to the virtual private network if the determination result is positive, where the disconnection request is used to instruct the server to disconnect a link of the first terminal accessing the virtual private network.
Optionally, the second terminal includes: a mobile terminal; the mobile terminal is used for receiving the access authentication request, verifying according to a verification certificate carried in the access authentication request and a verification array prestored in the mobile terminal, and returning access confirmation information to the first terminal under the condition of successful verification.
Optionally, the server is further configured to receive a disconnection request sent by the first terminal, and cut off access of the first terminal to the virtual private network according to the disconnection request.
According to another aspect of the embodiments of the present invention, there is provided a method for accessing a network, including: the method comprises the steps that a first terminal determines that data connection to be accessed needs to access a virtual private network; the method comprises the steps that a first terminal sends an access authentication request to a second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal accesses the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request; the first terminal receives access confirmation information returned by the second terminal according to the access authentication request; and the first terminal accesses the virtual private network to which the server belongs according to the access confirmation information.
Optionally, the determining, by the first terminal, that the data connection to be accessed needs to access the virtual private network includes: the first terminal analyzes the currently accessed data and acquires target access information in the data, wherein the target access information comprises: at least one of a path address, an internet protocol address or an access identifier carried in the data; and the first terminal matches the target access information with a pre-stored access data list and judges whether the target access information is matched with the identifier of the access virtual private network in the pre-stored access data list.
Further, optionally, after the first terminal determines whether the target access information matches an identifier of the virtual private network accessed in the pre-stored access data list, the sending, by the first terminal, the access authentication request to the second terminal includes: if the judgment result is yes, the first terminal displays prompt information, wherein the prompt information is used for indicating whether the user accesses the virtual private network or not; the first terminal receives an access confirmation instruction, wherein the access confirmation instruction is used for indicating the first terminal to confirm to access the virtual private network; and the first terminal sends an access authentication request to the second terminal according to the access confirmation instruction.
Optionally, the accessing, by the first terminal, the virtual private network to which the server belongs according to the access confirmation information includes: under the condition that the access confirmation information carries the verification signaling of the second terminal, the first terminal generates an access request according to the verification signaling and the pre-stored identity verification information; the first terminal sends an access request to the server.
Further, optionally, the pre-storing the authentication information includes: a certificate of authenticity, wherein the certificate of authenticity comprises: the account and the password are used for logging in the virtual private network.
Optionally, the method further includes: after a first terminal accesses a virtual private network, the first terminal detects whether an operation of requesting data from the virtual private network exists or not within a preset time interval; under the condition that the detection result is negative, the first terminal judges whether the current detection time is greater than or equal to an upper limit threshold value of a preset time interval; and if so, the first terminal sends a disconnection request to the virtual private network, wherein the disconnection request is used for instructing the server to disconnect the link of the first terminal accessing the virtual private network.
According to another aspect of the embodiments of the present invention, there is provided another method for accessing a network, including: the second terminal receives an access authentication request sent by the first terminal; the second terminal judges whether to confirm the first terminal to access the virtual private network or not according to the pre-stored identity verification information of the first terminal carried in the access authentication request; and if the judgment result is yes, the second terminal sends access confirmation information to the first terminal.
Optionally, the determining, by the second terminal, whether to confirm that the first terminal accesses the virtual private network according to the pre-stored authentication information of the first terminal carried in the access authentication request includes: the second terminal analyzes the pre-stored identity verification information of the first terminal carried in the access authentication request to obtain a verification certificate in the pre-stored identity information, wherein the verification certificate comprises: the account and the password are used for logging in the virtual private network; and the second terminal detects whether the verification certificate is matched with a verification signaling accessed to the virtual private network, wherein the verification signaling is a verification array pre-stored in the second terminal.
According to another aspect of the embodiments of the present invention, there is provided a method for accessing a network, including: the server receives an access request sent by a first terminal; and the server accesses the first terminal to the virtual private network to which the server belongs according to the access request.
Optionally, the accessing, by the server, the virtual private network to which the server belongs by the first terminal according to the access request includes: analyzing the access request, and acquiring pre-stored identity authentication information of the first terminal and an authentication signaling of the second terminal, wherein the pre-stored identity authentication information is carried in the access request; checking whether the pre-stored identity authentication information and the authentication signaling meet a preset access standard or not; and if the verification result is yes, the server accesses the first terminal into the virtual private network to which the server belongs.
Optionally, the method further includes: receiving a disconnection request sent by a first terminal; and cutting off the first terminal from accessing the virtual private network according to the disconnection request.
According to another aspect of the embodiments of the present invention, there is provided a method for accessing a network, including: detecting whether data to be accessed in a user system is connected with network resources in a virtual private network; if the detection result is yes, sending prompt information to the user system, wherein the prompt information is used for indicating whether the user system is accessed to the virtual private network; and sending an access authentication request to the second terminal according to the received access confirmation information returned by the user system.
According to another aspect of the embodiments of the present invention, there is provided a method for accessing a network, including: receiving prompt information sent by an inspection system; and returning the access confirmation information according to the prompt information.
According to an aspect of the embodiments of the present invention, there is provided an apparatus for accessing a network, including: the first detection module is used for determining that the data connection to be accessed needs to access the virtual private network; the first sending module is used for sending an access authentication request to the second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request; the first receiving module is used for receiving access confirmation information returned by the second terminal according to the access authentication request; and the first access module is used for accessing the virtual private network to which the server belongs according to the access confirmation information.
According to an aspect of the embodiments of the present invention, there is provided another apparatus for accessing a network, including: the second receiving module is used for receiving an access authentication request sent by the first terminal; the first verification module is used for judging whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request; and the second sending module is used for sending the access confirmation information to the first terminal under the condition that the judgment result is yes.
According to still another aspect of an embodiment of the present invention, there is provided an intelligent hardware including: the system comprises a receiver/transmitter, a processor, a memory and a display screen, wherein the receiver/transmitter is used for receiving an access authentication request sent by a first terminal; the processor is connected with the receiver/transmitter and used for judging whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request, wherein the processor judges whether to confirm that the first terminal is accessed to the virtual private network or not by calling verification signaling stored in the memory and displays a judgment result through the display screen; and the receiver/transmitter is further used for transmitting the access confirmation information to the first terminal under the condition that the judgment result is yes.
According to an aspect of the embodiments of the present invention, there is provided another apparatus for accessing a network, including: a third receiving module, configured to receive an access request sent by the first terminal; and the second access module is used for accessing the first terminal to the virtual private network to which the server belongs according to the access request.
According to an aspect of the embodiments of the present invention, there is provided another apparatus for accessing a network, including: the second detection module is used for detecting whether the data to be accessed in the user system is connected with the network resources in the virtual private network; a third sending module, configured to send a prompt message to the user system if the detection result is yes, where the prompt message is used to indicate whether the user system accesses the virtual private network; and the fourth sending module is used for sending an access authentication request to the second terminal according to the received access confirmation information returned by the user system.
According to another aspect of the embodiments of the present invention, there is provided an apparatus for accessing a network, including: the fourth receiving module is used for receiving the prompt message sent by the checking system; and the fifth sending module is used for returning the access confirmation information according to the prompt information.
In the embodiment of the invention, the terminal and the server are used, wherein the terminal is used for determining that the data to be accessed needs to be connected with the virtual private network, verifying the data to be accessed in a preset verification mode and sending an access request to the server according to a verification result, and the preset verification mode is used for verifying whether the pre-stored identity verification information of the terminal meets the standard of the access server or not; the network to which the server belongs is a virtual private network; the server is connected with the terminal and used for receiving the access request sent by the terminal and accessing the terminal to the virtual private network to which the server belongs according to the access request, so that the aim of logging in the VPN without a password is fulfilled, the technical effect of improving the login efficiency is achieved, and the technical problem of low login efficiency caused by logging in the VPN in the prior art is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a schematic structural diagram of a system for accessing a network according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a network to which a first terminal access server belongs in a system for accessing a network according to an embodiment of the present invention;
fig. 3 is a flowchart of interaction of a flow of accessing a network to which a first terminal access server belongs in another system for accessing a network according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a process of disconnecting a first terminal from a network to which a server belongs in the system for accessing a network according to still another embodiment of the present invention;
fig. 5 is a block diagram of a hardware structure of a computer terminal (or mobile device) for implementing a method for accessing a network according to an embodiment of the present invention;
fig. 6 is a flowchart of a method for accessing a network according to a second embodiment of the present invention;
fig. 7 is a flowchart of a method of accessing a network according to a third embodiment of the present invention;
fig. 8 is a flowchart of a method of accessing a network according to a fourth embodiment of the present invention;
fig. 9 is a flowchart of a method of accessing a network according to a fifth embodiment of the present invention;
fig. 10 is a flowchart of a method of accessing a network according to a sixth embodiment of the present invention;
fig. 11 is a schematic structural diagram of an apparatus accessing a network according to a seventh embodiment of the present invention;
fig. 12 is a schematic structural diagram of an apparatus for accessing a network according to an eighth embodiment of the present invention;
fig. 13 is a schematic structural diagram of an apparatus for accessing a network according to a tenth embodiment of the present invention;
fig. 14 is a schematic structural diagram of an apparatus for accessing a network according to an eleventh embodiment of the present invention;
fig. 15 is a schematic structural diagram of an apparatus accessing a network according to a twelfth embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, some terms or terms appearing in the description of the embodiments of the present application are applicable to the following explanations:
virtual private network: virtual Private Network, abbreviated as VPN.
Example 1
According to an embodiment of the present application, an embodiment of a system of an access network is provided, and fig. 1 is a schematic structural diagram of the system of the access network according to the embodiment of the present invention.
As shown in fig. 1, the system of the access network includes: a terminal 12 and a server 14, wherein,
the terminal 12 is configured to determine that a connection of data to be accessed needs to be connected to a virtual private network, verify the data to be accessed through a preset verification method, and send an access request to the server 14 according to a verification result, where the preset verification method is used to verify whether pre-stored authentication information of the terminal 12 meets a standard of the access server 14; the network to which the server 14 belongs is a virtual private network; and the server 14 is connected with the terminal 12 and is used for receiving the access request sent by the terminal 12 and accessing the terminal 12 to the virtual private network to which the server 14 belongs according to the access request.
Specifically, in the system accessing a network provided in this embodiment, the terminal 12 detects whether the data to be accessed is connected to a network resource in the virtual private network, where the network resource may include: a folder corresponding to the IP address connected in the data to be accessed, a corresponding application program or a corresponding file; for example, a hyperlink corresponding to a list in a text opened by the terminal 12 corresponds to detailed data in a corresponding IP address in a VPN network, and when it is detected that the list in the text corresponds to the detailed data in the VPN network, the terminal 12 sends an access request to the server 14, where the access request carries pre-stored authentication information of the terminal 12, and when it is verified that the pre-stored authentication information meets a standard of the access server 14, the terminal 12 is accessed to a virtual private network to which the server 14 belongs, that is, the VPN network is accessed in a way of no secret input, so that time for inputting a login account number and a password and waiting for system authentication is saved, and efficiency of entering an office of the VPN network is improved.
In the system for accessing a network provided by the embodiment of the application, the terminal and the server are used, wherein the terminal is used for determining that the connection of data to be accessed needs to be connected with a virtual private network, verifying the data to be accessed through a preset verification mode, and sending an access request to the server according to a verification result, wherein the preset verification mode is used for verifying whether pre-stored identity verification information of the terminal meets the standard of the access server; the network to which the server belongs is a virtual private network; the server is connected with the terminal and used for receiving the access request sent by the terminal and accessing the terminal to the virtual private network to which the server belongs according to the access request, so that the aim of logging in the VPN without a password is fulfilled, the technical effect of improving the login efficiency is achieved, and the technical problem of low login efficiency caused by logging in the VPN in the prior art is solved.
The functions in the terminal 12 in the system of the access network provided in the embodiment of the present application may be implemented in two ways, as shown in fig. 2 and fig. 3, specifically as follows:
the first scheme is as follows:
optionally, fig. 2 is a flowchart illustrating a process of accessing a network to which a first terminal belongs in a system accessing a network according to an embodiment of the present invention, and as shown in fig. 2, the terminal 12 includes: a first terminal 121 and a second terminal 122, wherein,
a first terminal 121, configured to determine that a data connection to be accessed needs to connect a network resource in a virtual private network; and sends an access authentication request to the second terminal 122, where the access authentication request is used to instruct the second terminal 122 to determine whether to confirm that the first terminal 121 accesses the virtual private network according to the pre-stored identity verification information in the access authentication request; the pre-storing of the authentication information includes: verifying the certificate;
a second terminal 122, connected to the first terminal 121, configured to receive the access authentication request, and detect whether the verification certificate matches a verification signaling for accessing the virtual private network; if the detection result is yes, the access confirmation information is returned to the first terminal 121, so that the first terminal 121 sends the access request to the server 14 according to the access confirmation information.
Before the second terminal 122 detects whether the verification certificate matches the verification signaling for accessing the virtual private network, the second terminal 122 receives the verification signaling sent by the server 14, where the verification signaling may be sent to the second terminal 122 in the form of a mobile token, where the verification signaling corresponds to the verification certificate pre-stored by the first terminal 121, that is, when the access authentication request sent by the first terminal 121 to the second terminal 122 carries the verification certificate, the second terminal 122 matches the verification certificate and the verification signaling, and when the matching is successful, it indicates that the verification of the first terminal 121 is successful.
Further, optionally, the certificate of authenticity comprises: the account and the password are used for logging in the virtual private network.
Specifically, as shown in fig. 2, in the system of the access network provided in this embodiment, functions in the terminal 12 may be implemented by two terminals, that is, the first terminal 121 and the second terminal 122, where the first terminal 121 and the second terminal 122 may be mobile terminals, and the mobile terminals may include: the smart phone (such as a mobile phone currently applying an Android system or an IOS system, or a mobile phone capable of logging in a VPN network), a tablet computer, a notebook computer, a desktop computer, handheld business, and an intelligent wearable device (e.g., an Augmented virtual reality (AR) device, such as Google glasses and a smart watch, capable of accessing a network and logging in a VPN network).
In the network access system provided in this embodiment, the first terminal 121 is a laptop or a desktop computer, the second terminal 122 is a smartphone, and the virtual private network is abbreviated as a VPN network, which is used for explanation, when a user uses a computer to open any program, the system running in the current computer detects that a data storage location connected to the program is the VPN network, and at this time, sends an access authentication request to the smartphone, where the access authentication request is a request message carrying preset authentication information, where the preset authentication information includes: and the authentication certificate can be a security certificate which is arranged in a VPN client of the current computer corresponding to the VPN network and is distributed to the computer, the smart phone is matched with the authentication signaling according to the security certificate, and the smart phone sends access confirmation information to the computer under the condition of successful matching.
The smart phone matches the verification signaling according to the security certificate, and when the matching is successful, the expression mode on the smart phone in the process of sending the access confirmation information to the computer can be as follows: on the aspect of data processing, the smart phone matches the verification signaling on the smart phone according to the security certificate in the access authentication request, or receives the access authentication request sent by the computer and verifies the verification certificate in the access authentication request according to the verification token on the smart phone; on the display, after the smart phone receives the access authentication request sent by the computer, the smart phone displays a prompt message to indicate "do or not access the VPN network? When the user selects confirmation, the access confirmation information is returned to the computer, and then the computer is accessed to the VPN network.
It should be noted that the verification process on the smart phone may verify the access authentication request sent by the computer in the form of a mobile phone token through an application APP, where the mobile phone token may be a random number group and is used for verifying the access authentication request.
When the first terminal 121 is a tablet computer or a smart phone, the implementation manner is the same as that of a computer, and the difference is that corresponding VPN clients are installed according to different terminal types, which is not described in detail.
Scheme II:
optionally, fig. 3 is a flowchart illustrating a process of accessing a network to which a server belongs by a first terminal in another system accessing a network according to an embodiment of the present invention, as shown in fig. 3, the first terminal 121 includes: user system 1211 and ping system 1212, wherein,
a checking system 1212 for detecting whether the data to be accessed in the user system 1211 is connected to a network resource in the virtual private network; and sends a prompt message to the user system 1211, wherein the prompt message is used for indicating whether the user system 1211 is accessed to the virtual private network;
the user system 1211 is connected with the checking system 1212, and is configured to receive the prompt message and return the access confirmation message according to the prompt message;
the pinging system 1212 is further configured to send an access authentication request to the second terminal 122 according to the received access confirmation information.
Specifically, as shown in fig. 3, different from the first scheme, in the second scheme, in the first terminal 121, the user system 1211 and the inspection system 1212 respectively perform corresponding functions, for example, the user system 1211 opens an a application (or an a text), wherein the inspection system 1212 detects that the source data in the a application is mapped to the network resource in the VPN network and needs to access the VPN network, so the inspection system 1212 sends a prompt message to the user system 1211, the user system 1211 displays the prompt message and receives an instruction for confirming access, the user system 1211 generates confirmation access information according to the instruction, and the inspection system 1212 sends the confirmation access information to the second terminal 122 according to the confirmation access information, so that the VPN network to which the server 14 belongs is accessed through the secondary authentication of the second terminal 122.
Optionally, fig. 4 is a flowchart illustrating a process of disconnecting the first terminal from the network to which the server belongs in the system having an access network according to yet another embodiment of the present invention, as shown in fig. 4, the first terminal 121 is further configured to detect whether there is an operation of requesting data from the virtual private network by the first terminal 121 within a preset time interval after accessing the virtual private network, determine whether the current detection time is greater than or equal to an upper threshold of the preset time interval if the detection result is no, and send a disconnection request to the virtual private network if the determination result is yes, where the disconnection request is used to instruct the server 14 to disconnect a link of the first terminal 121 accessing the virtual private network.
Specifically, as shown in fig. 4, after the first terminal 121 accesses the VPN network, the first terminal 121 enters a similar "listening" mode in which a preset time interval is set, that is, if an operation that the first terminal 121 requests data from the virtual private network is not detected within the preset time interval, a disconnection request is sent to the virtual private network, so that the server 14 disconnects the link of the first terminal 121 accessing the virtual private network.
Optionally, the second terminal 122 includes: a mobile terminal; the mobile terminal is configured to receive the access authentication request, perform authentication according to a verification certificate carried in the access authentication request and a verification array pre-stored in the mobile terminal, and return access confirmation information to the first terminal 121 when the authentication is successful.
Specifically, as shown in fig. 2 and fig. 3, the second terminal 122 may be a mobile terminal, and receive the access authentication request through the mobile terminal, and perform verification according to a verification certificate carried in the access authentication request and a verification array pre-stored in the mobile terminal, and return access confirmation information to the first terminal 121 when the verification is successful.
Optionally, as shown in fig. 4, the server 14 is further configured to receive a disconnection request sent by the first terminal 121, and cut off the first terminal 121 from accessing the virtual private network according to the disconnection request.
Specifically, as shown in fig. 4, after the first terminal 121 sends the disconnection request, the server 14 receives the disconnection request, and disconnects the first terminal 121 from accessing the virtual private network according to the disconnection request.
In addition, after the first terminal 121 is disconnected from the VPN network, if the user needs to access the first terminal 121 to the VPN again, the above-mentioned authentication of the first terminal 121 is performed again, and after the first terminal 121 performs the secondary authentication through the second terminal 122, an access request is sent to the server 14, and the server 14 is accessed to the VPN.
The network access system provided by the embodiment can enable a user to automatically access a company intranet without privacy and with high safety, when the user actively accesses intranet resources, the user is actively prompted whether to access the intranet, if the user determines that the intranet needs to be accessed, a notification is pushed to a token mobile phone registered by the user for secondary confirmation, then VPN dial-in is carried out in a background, and the whole access process is completely transparent and unaware to the user. After the user has no requirement for accessing the network for several minutes, the intranet connection is actively disconnected, and the information safety in the VPN network is guaranteed.
Example 2
There is also provided, in accordance with another embodiment of the present invention, an embodiment of a method for accessing a network, including the steps illustrated in the flowchart of the figure, as being executable by a computer system, such as a set of computer executable instructions, and wherein, although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be executed in an order different than that which is presented herein.
The method provided by the first embodiment of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Fig. 5 is a block diagram of a hardware structure of a computer terminal (or mobile device) for implementing a method for accessing a network according to an embodiment of the present invention. As shown in fig. 5, computer terminal 50 (or mobile device 50) may include one or more (shown as 502a, 502b, … …, 502 n) processors 502 (processor 502 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), and memory 504 for storing data. Besides, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a power source, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 5 is only an illustration and is not intended to limit the structure of the electronic device. For example, computer terminal 50 may also include more or fewer components than shown in FIG. 5, or have a different configuration than shown in FIG. 5.
It should be noted that the one or more processors 502 and/or other data processing circuitry described above may be referred to generally herein as "data processing circuitry". The data processing circuitry may be embodied in whole or in part in software, hardware, firmware, or any combination thereof. Further, the data processing circuit may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the computer terminal 50 (or mobile device). As referred to in the embodiments of the application, the data processing circuit acts as a processor control (e.g. selection of a variable resistance termination path connected to the interface).
The memory 504 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the method for accessing a network in the embodiment of the present invention, and the processor 502 executes various functional applications and data processing by running the software programs and modules stored in the memory 504, that is, implementing the vulnerability detection method of the application program. The memory 504 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 504 may further include memory located remotely from the processor 502, which may be connected to the computer terminal 50 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computer terminal 50 (or mobile device).
In the above operating environment, the present application provides a method for accessing a network as shown in fig. 6. On the first terminal side, fig. 6 is a flowchart of a method for accessing a network according to a second embodiment of the present invention.
Step S602, the first terminal determines that the data connection to be accessed needs to access the virtual private network;
in the above step S602 of the present application, corresponding to the first terminal 121 in fig. 2 and fig. 3 in embodiment 1, the first terminal 121 detects whether the currently accessed data is connected to a network resource in the virtual private network.
Specifically, in the method for accessing a network provided in this embodiment, the first terminal 121 is exemplified by a notebook computer or a desktop computer, and when a user uses the computer to open any program, a system running on the current computer detects the data, and detects whether a data storage location connected to the program originates from a VPN network.
Step S604, the first terminal sends an access authentication request to the second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal accesses the virtual private network according to the pre-stored identity verification information of the first terminal carried in the access authentication request;
based on the detection in step S602, in step S604, if the detection result is that the data storage location connected to the program is originated from the VPN network, the first terminal sends an access authentication request to the second terminal.
Step S606, the first terminal receives the access confirmation information returned by the second terminal according to the access authentication request;
based on the access authentication request sent in step S604, in step S606, the first terminal receives access confirmation information returned by the second terminal according to the access authentication request, where the access confirmation information is used to indicate that the second verification of the first terminal at the second terminal is successful, and the first terminal can access the VPN network.
Step S608, the first terminal accesses the virtual private network to which the server belongs according to the access confirmation information.
Based on the access confirmation information received in step S606, in step S602, the first terminal accesses the network to which the server belongs according to the access confirmation information.
In the method for accessing the network provided by the embodiment of the application, the data connection to be accessed is determined to need to access the virtual private network through the first terminal; the method comprises the steps that a first terminal sends an access authentication request to a second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal accesses the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request; the first terminal receives access confirmation information returned by the second terminal according to the access authentication request; the first terminal accesses the virtual private network to which the server belongs according to the access confirmation information, and the purpose of login to the VPN without a password is achieved, so that the technical effect of improving login efficiency is achieved, and the technical problem of low login efficiency caused by login to the VPN in the prior art is solved.
Optionally, the step S602 of determining, by the first terminal, that the data connection to be accessed needs to access the virtual private network includes:
step1, the first terminal analyzes the currently accessed data and acquires target access information in the data, wherein the target access information comprises: at least one of a path address, an internet protocol address or an access identifier carried in the data;
in Step1, in the process of how the first terminal detects whether the currently accessed data is connected to the network resource in the virtual private network, first, the currently accessed data needs to be analyzed to obtain the target access information in the data, that is, in fig. 3 in embodiment 1, the inspection system in the first terminal analyzes the data to be accessed to obtain whether the path information (i.e., the target access information in the embodiment of the present application) connected to the data is connected to the network resource in the VPN.
It should be noted here that the target access information in the embodiment of the present application includes: at least one of a path address, an internet protocol address, or an access identifier carried in the data, for example, a folder path in the VPN network is connected in the data to be accessed, which may be: "200.200. X.XX/folder A/subfolder 1"; or, the data to be accessed carries the IP address of the VPN network; or, a check list is stored in the first terminal, and a feature group cluster connected between each first terminal local data and the VPN network is stored in the list, where the feature group cluster is formed by access identifiers generated according to each group of local data in the feature group cluster and resource path information of the corresponding VPN network.
And Step2, the first terminal matches the target access information with a pre-stored access data list, and judges whether the target access information is matched with the identifier of the access virtual private network in the pre-stored access data list.
Based on the target access information obtained in Step1, in Step2, the target access information is matched with a pre-stored access data list, and whether the target access information is matched with an identifier of an access virtual private network in the pre-stored access data list is determined.
Further, optionally, after the first terminal determines in Step2 in Step S602 whether the target access information matches an identifier of the virtual private network in the pre-stored access data list, the sending, by the first terminal, the access authentication request to the second terminal in Step S604 includes:
step1, in case that the judgment result is yes, the first terminal displays a prompt message, wherein the prompt message is used for indicating whether the user accesses the virtual private network;
in Step1, in a case that the determination result is that the target access information matches the identifier of the virtual private network accessed in the pre-stored access data list, the first terminal displays a prompt message, corresponding to the embodiment shown in fig. 3 in embodiment 1, and the checking system feeds back the successful detection to the user system when the detection target access information matches the identifier of the virtual private network accessed in the pre-stored access data list, and the user system displays the prompt message, where the prompt message is used to prompt the user whether to access the VPN network.
Step2, the first terminal receives an access confirmation instruction, wherein the access confirmation instruction is used for instructing the first terminal to confirm to access the virtual private network;
based on the prompt information displayed in Step1, the user system in the first terminal in Step2 receives a trigger operation of the user touching an icon or key for confirming access, and generates an access confirmation instruction according to the trigger operation.
And Step3, the first terminal sends an access authentication request to the second terminal according to the access confirmation instruction.
Based on the confirmed access command received in Step2, in Step3, the first terminal sends an access authentication request to the second terminal according to the confirmed access command.
Optionally, the step S608 of accessing, by the first terminal, the virtual private network to which the server belongs according to the access confirmation information includes:
step1, under the condition that the access confirmation information carries the verification signaling of the second terminal, the first terminal generates an access request according to the verification signaling and the pre-stored identity verification information;
in Step1, the pre-stored authentication information may include an authentication certificate (e.g., a security certificate) in the first terminal, and the first terminal generates the access request by combining the authentication signaling and the authentication certificate carried in the access confirmation information sent by the second terminal when receiving the confirmation information carrying the authentication signaling of the second terminal.
Step2, the first terminal sends an access request to the server.
Based on the access request generated in Step1, in Step2, the first terminal transmits the access request to the server.
Further, optionally, the pre-storing the authentication information includes: a certificate of authenticity, wherein the certificate of authenticity comprises: the account and the password are used for logging in the virtual private network.
Optionally, the method for accessing a network provided in this embodiment further includes:
step S609, after the first terminal accesses the virtual private network, the first terminal detects whether the operation of requesting data from the virtual private network exists in a preset time interval;
in the above step S609, based on the VPN network to which the first terminal access server belongs in the steps S602 to S608, after the first terminal 121 accesses the VPN network, the first terminal 121 enters a similar "listening" mode, in which a preset time interval is set, that is, if an operation that the first terminal 121 requests data from the virtual private network is not detected in the preset time interval.
Step S610, under the condition that the detection result is negative, the first terminal judges whether the current detection time is greater than or equal to the upper limit threshold value of the preset time interval;
based on the detection in the step S609, in the step S610 of the present application, in a case that the detection result is that the first terminal detects that there is no operation of requesting data from the virtual private network, it is determined whether the current detection time is greater than or equal to an upper limit threshold of a preset time interval; here, it is determined whether the current detection time is greater than or equal to an upper threshold of the preset time interval, which is used to determine whether there is a timeout condition when the current first terminal accesses the VPN, that is, the user leaves the first terminal, and suspends the manual operation on the first terminal, and the detection in step S609 and step S610 can be used as a determination and evaluation condition before the security of the VPN network is guaranteed.
Step S611, if the determination result is yes, the first terminal sends a disconnection request to the virtual private network, where the disconnection request is used to instruct the server to disconnect the link of the first terminal accessing the virtual private network.
Based on the determination in the step S610, in the step S611, in the case that the determination result is that the first terminal determines that the current detection time is greater than or equal to the upper limit threshold of the preset time interval, the first terminal sends a disconnection request to the VPN network. Thereby breaking the link with the VPN network.
The method for accessing the network provided by the embodiment can enable a user to automatically access the intranet without privacy and with high safety, actively prompt whether the user needs to access the intranet or not when the user actively accesses intranet resources, if the user determines that the intranet needs to be accessed, a notification is pushed to a token mobile phone registered by the user for secondary confirmation, then VPN dial-in is carried out in a background, and the whole access process is completely transparent and unaware to the user. And actively disconnecting the intranet after the user has no requirement for accessing the network for a plurality of minutes.
Example 3
The present application provides a method of accessing a network as shown in fig. 7. On the second terminal side, fig. 7 is a flowchart of a method for accessing a network according to a third embodiment of the present invention.
Step S702, a second terminal receives an access authentication request sent by a first terminal;
in the above step S702 of the present application, based on the system of the access network provided in fig. 1 to 3 in embodiment 1, in combination with the method of the access network provided by the first terminal side in embodiment 2, in this embodiment of the present application, an access authentication request sent by the first terminal is received at the second terminal side, where the access authentication request is used to instruct the second terminal to determine whether to confirm that the first terminal accesses the virtual private network according to the pre-stored authentication information of the first terminal carried in the access authentication request; the judgment step is shown in step S704.
Step S704, the second terminal judges whether to confirm the first terminal to access the virtual private network according to the pre-stored identity verification information of the first terminal carried in the access authentication request;
based on the access authentication request received in step S702, in step S704 of the present application, the second terminal determines whether to confirm that the first terminal accesses the virtual private network according to the pre-stored authentication information of the first terminal carried in the access authentication request.
In step S706, if the determination result is yes, the second terminal sends access confirmation information to the first terminal.
Based on the determination in step S704, in step S706, if the determination result is that the first terminal is confirmed to access the virtual private network, the second terminal sends access confirmation information to the first terminal.
In the method for accessing the network provided by the embodiment of the application, an access authentication request sent by a first terminal is received by a second terminal; the second terminal judges whether to confirm the first terminal to access the virtual private network or not according to the pre-stored identity verification information of the first terminal carried in the access authentication request; and if the judgment result is yes, the second terminal sends access confirmation information to the first terminal, so that the purpose of logging in the VPN without a password is achieved, the technical effect of improving the login efficiency is achieved, and the technical problem of low login efficiency caused by logging in the VPN in the prior art is solved.
Optionally, the step S704, determining, by the second terminal, whether to confirm that the first terminal accesses the virtual private network according to the pre-stored authentication information of the first terminal carried in the access authentication request includes:
step1, the second terminal analyzes the pre-stored identity verification information of the first terminal carried in the access authentication request to obtain a verification certificate in the pre-stored identity information, wherein the verification certificate comprises: the account and the password are used for logging in the virtual private network;
in Step1 above, corresponding to the second terminal part in the system of the access network provided in fig. 2 and 3 in embodiment 1, the second terminal analyzes the pre-stored identity authentication information of the first terminal carried in the access authentication request to obtain a certificate of authenticity in the pre-stored identity information, where the certificate of authenticity includes: the account and the password are used for logging in the virtual private network.
Step2, the second terminal detects whether the certificate of authentication matches with the authentication signaling accessing the virtual private network, wherein the authentication signaling is an authentication array pre-stored in the second terminal.
Based on the judgment in Step1, in Step2, the second terminal detects whether the certificate of authenticity matches the authentication signaling for accessing the virtual private network.
Specifically, with reference to the above steps 1 and Step2, at the second terminal, the second terminal may perform secondary verification on the access authentication request sent by the first terminal in a manner of a mobile phone token, where the mobile phone token verification may be implemented by installing an application program of a network access security verification class in the second terminal, and the method for accessing the network provided in the embodiment of the present application is only described by way of the mobile phone token, so that the method for accessing the network provided in the embodiment of the present application is subject to the method for implementing the network provided in the embodiment of the present application, and is not limited specifically.
Example 4
The present application provides a method of accessing a network as shown in fig. 8. On the server side, fig. 8 is a flowchart of a method for accessing a network according to a fourth embodiment of the present invention.
Step S802, a server receives an access request sent by a first terminal;
in the above step S802 of the present application, based on the systems of the access networks provided in fig. 1 to 3 in embodiment 1, in combination with the method of the access network provided by the first terminal side in embodiment 2 and the method of the access network provided by the second terminal side in embodiment 3, in the embodiment of the present application, the server receives the access request sent by the first terminal on the server side.
Step S804, the server accesses the first terminal to the virtual private network to which the server belongs according to the access request.
Based on the access request received by the server in step S802, in step S804, the server accesses the first terminal to the virtual private network to which the server belongs according to the access request.
In the method for accessing the network provided by the embodiment of the application, an access request sent by a first terminal is received through a server; the server accesses the first terminal to the virtual private network to which the server belongs according to the access request, and the purpose of logging in the VPN without a password is achieved, so that the technical effect of improving the login efficiency is achieved, and the technical problem that the login efficiency is low due to the fact that the VPN is logged in the prior art is solved.
Optionally, the step S804 of accessing, by the server according to the access request, the virtual private network to which the first terminal belongs by the server includes:
step1, analyzing the access request, and acquiring the pre-stored identity authentication information of the first terminal and the authentication signaling of the second terminal carried in the access request;
step2, checking whether the pre-stored identity authentication information and the authentication signaling meet the preset access standard;
step3, if the check result is yes, the server accesses the first terminal to the virtual private network to which the server belongs.
Specifically, with reference to steps 1 to 3, the server obtains the pre-stored authentication information of the first terminal and the authentication signaling of the second terminal, which are carried in the access request, by analyzing the access request; checking whether the pre-stored identity authentication information and the authentication signaling meet a preset access standard or not; and if the verification result is yes, the server accesses the first terminal into the virtual private network to which the server belongs.
In addition, in addition to the process of server verification, after the server receives the access request, the server can directly access the first terminal to the VPN network to which the first terminal belongs, so that the authentication process is reduced, the time for the first terminal to access the VPN network is saved, and the access efficiency is improved.
Optionally, the method for accessing a network provided in the embodiment of the present application further includes:
step S805, receiving a disconnection request sent by a first terminal;
step S806, according to the disconnection request, disconnecting the first terminal from accessing the virtual private network.
Specifically, with reference to step S805 and step S806, based on fig. 4 in embodiment 1, the server receives a disconnection request sent by the first terminal, and after receiving the disconnection request sent by the first terminal, disconnects the first terminal from accessing the virtual private network according to the disconnection request.
Example 5
The present application provides a method of accessing a network as shown in fig. 9. On the inspection system side of the first terminal, fig. 9 is a flowchart of a method of accessing a network according to a fifth embodiment of the present invention.
Step S902, detecting whether the data to be accessed in the user system is connected with the network resource in the virtual private network;
in step S902, corresponding to the system accessing the network provided in fig. 3 in embodiment 1, in the embodiment of the present application, on the checking system side of the first terminal, the checking system detects whether the data to be accessed in the user system is connected to the network resource in the virtual private network.
Step S904, sending a prompt message to the user system when the detection result is yes, wherein the prompt message is used for indicating whether the user system accesses the virtual private network;
based on the detection in step S902, in step S904, in the present application, in the case that the detection result is that the network resource in the virtual private network to which the data to be accessed in the user system is connected is detected, the checking system sends a prompt message to the user system, where the prompt message is used to indicate whether the user system is accessed to the virtual private network.
Step S906, sending an access authentication request to the second terminal according to the received access confirmation information returned by the user system.
Based on the prompt message sent in step S904, in step S906, the checking system sends an access authentication request to the second terminal according to the received access confirmation message returned by the user system.
In the method for accessing the network provided by the embodiment of the application, whether the data to be accessed in the user system is connected with the network resource in the virtual private network is detected; if the detection result is yes, sending prompt information to the user system, wherein the prompt information is used for indicating whether the user system is accessed to the virtual private network; according to the received access confirmation information returned by the user system, the access authentication request is sent to the second terminal, the purpose of login to the VPN without a password is achieved, the technical effect of improving login efficiency is achieved, and the technical problem that the login efficiency is low due to the fact that the VPN is logged in the prior art is solved.
Example 6
The present application provides a method of accessing a network as shown in fig. 10. On the user system side of the first terminal, fig. 10 is a flowchart of a method for accessing a network according to a sixth embodiment of the present invention.
Step S1002, receiving the prompt message sent by the checking system;
in step S1002 of the present application, corresponding to the system accessing the network provided in fig. 3 in embodiment 1, in the embodiment of the present application, on the user system side of the first terminal, the user system receives the prompt information sent by the checking system.
Step S1004, the access confirmation information is returned according to the prompt information.
Based on the prompt information received in step S1002, in step S1004, the user system returns the access confirmation information according to the prompt information.
In the method for accessing the network provided by the embodiment of the application, the prompt message sent by the checking system is received; the access confirmation information is returned according to the prompt information, the purpose of login to the VPN without a password is achieved, the technical effect of improving login efficiency is achieved, and the technical problem that the login efficiency is low due to the fact that the VPN is logged in the prior art is solved.
In summary, based on the system for accessing a network provided in embodiment 1 and in combination with the methods for accessing a network provided in embodiments 2 to 6, the method for accessing a network provided in the embodiments of the present application is specifically as follows:
in the method for accessing the network provided by the embodiment of the application, the requirement for accessing the intranet of the company is detected, whether the user accesses the intranet of the company is prompted, the token mobile phone performs secondary confirmation, the intranet is accessed, and the intranet connection is disconnected without the intranet access requirement, and the specific flow is as follows:
(1) performing hook on socket data at a system level, wherein the hook is mainly used for confirming whether an access address is an intranet address of a company;
(2) after a request for accessing the intranet of a company to the network is detected, prompting a user;
(3) after the user confirms that the intranet of the company needs to be accessed, the user is prompted to perform token mobile phone secondary confirmation;
(4) after the user completes the two-factor authentication, the VPN is dialed in the background to access the internal network of the company;
(5) and after the timeout, the hook of the socket on the system level actively disconnects the VPN connection to protect intranet resources of the company.
The method for accessing the network provided by the embodiment of the application can enable a user to automatically access the intranet of a company in a privacy-free and high-safety manner, actively prompt whether the user needs to access the intranet or not when the user actively accesses intranet resources, if the user determines that the intranet needs to be accessed, a notification is pushed to a token mobile phone registered by the user for secondary confirmation, then VPN dialing is carried out in a background, and the whole access process is completely transparent and unaware to the user. And actively disconnecting the intranet after the user has no requirement for accessing the network for a plurality of minutes.
The method for accessing the network provided by the embodiment of the application can actively prompt the user to access the intranet on the premise of ensuring the safety of two factors, and improves the login experience of the user, thereby saving the time cost of the user login; and simultaneously, intranet resources are protected.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method for accessing a network according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 7
According to an embodiment of the present application, there is also provided an embodiment of an apparatus for implementing the method embodiment corresponding to the embodiment.
Fig. 11 is a schematic structural diagram of an apparatus accessing a network according to a seventh embodiment of the present invention.
As shown in fig. 11, the apparatus of the access network includes: a first detection module 1102, a first sending module 1104, a first receiving module 1106, and a first access module 1108, wherein,
a first detection module 1102, configured to determine that a data connection to be accessed needs to access a virtual private network; a first sending module 1104, configured to send an access authentication request to the second terminal, where the access authentication request is used to instruct the second terminal to determine whether to confirm that the first terminal accesses the virtual private network according to pre-stored identity verification information of the first terminal, where the pre-stored identity verification information is carried in the access authentication request; a first receiving module 1106, configured to receive access confirmation information returned by the second terminal according to the access authentication request; the first access module 1108 is configured to access the virtual private network to which the server belongs according to the access confirmation information.
In the network access device provided by the embodiment of the application, the data connection to be accessed is determined to need to access the virtual private network through the first terminal; the method comprises the steps that a first terminal sends an access authentication request to a second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal accesses the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request; the first terminal receives access confirmation information returned by the second terminal according to the access authentication request; the first terminal accesses the virtual private network to which the server belongs according to the access confirmation information, and the purpose of login to the VPN without a password is achieved, so that the technical effect of improving login efficiency is achieved, and the technical problem of low login efficiency caused by login to the VPN in the prior art is solved.
It should be noted here that the first detecting module 1102, the first sending module 1104, the first receiving module 1106 and the first accessing module 1108 correspond to steps S602 to S608 in the second embodiment, and the four modules are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in the second embodiment. It should be noted that the above modules may be executed in the first terminal provided in the second embodiment as a part of the apparatus, and may be implemented by software or hardware.
Example 8
According to an embodiment of the present application, there is further provided an embodiment of an apparatus for implementing the method embodiment corresponding to the third embodiment, where the apparatus provided in the above embodiment of the present application may be run on a second terminal.
Fig. 12 is a schematic structural diagram of an apparatus for accessing a network according to an eighth embodiment of the present invention.
As shown in fig. 12, the apparatus of the access network includes: a second receiving module 1202, a first verifying module 1204, and a second sending module 1206, wherein,
a second receiving module 1202, configured to receive an access authentication request sent by a first terminal; a first verification module 1204, configured to determine whether to confirm that the first terminal accesses the virtual private network according to pre-stored identity verification information of the first terminal carried in the access authentication request; a second sending module 1206, configured to send the access confirmation information to the first terminal if the determination result is yes.
In the network access device provided by the embodiment of the application, an access authentication request sent by a first terminal is received by a second terminal; the second terminal judges whether to confirm the first terminal to access the virtual private network or not according to the pre-stored identity verification information of the first terminal carried in the access authentication request; and if the judgment result is yes, the second terminal sends access confirmation information to the first terminal, so that the purpose of logging in the VPN without a password is achieved, the technical effect of improving the login efficiency is achieved, and the technical problem of low login efficiency caused by logging in the VPN in the prior art is solved.
It should be noted here that the second receiving module 1202, the first verifying module 1204 and the second sending module 1206 correspond to steps S702 to S706 in the third embodiment, and the three modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in the third embodiment. It should be noted that the above modules as a part of the apparatus may be run in the second terminal provided in the third embodiment, and may be implemented by software or hardware.
Example 9
According to the embodiment of the application, an intelligent hardware embodiment is further provided, and the intelligent hardware provided by the embodiment of the application can be operated on the second terminal. This intelligent hardware includes: the system comprises a receiver/transmitter, a processor, a memory and a display screen, wherein the receiver/transmitter is used for receiving an access authentication request sent by a first terminal; the processor is connected with the receiver/transmitter and used for judging whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request, wherein the processor judges whether to confirm that the first terminal is accessed to the virtual private network or not by calling verification signaling stored in the memory and displays a judgment result through the display screen; and the receiver/transmitter is further used for transmitting the access confirmation information to the first terminal under the condition that the judgment result is yes.
In the network access device provided in the embodiment of the present application, the transceiver is configured to receive an access authentication request sent by a first terminal; the processor is connected with the receiver/transmitter and used for judging whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request, wherein the processor judges whether to confirm that the first terminal is accessed to the virtual private network or not by calling verification signaling stored in the memory and displays a judgment result through the display screen; the receiver/transmitter is further configured to send the access confirmation information to the first terminal when the determination result is yes, so that the purpose of login to the VPN without a password is achieved, the technical effect of improving login efficiency is achieved, and the technical problem of low login efficiency caused by login to the VPN in the prior art is solved.
Example 10
According to an embodiment of the present application, there is further provided an apparatus embodiment for implementing the method embodiment corresponding to the fourth embodiment, and the apparatus provided in the foregoing embodiment of the present application may be run on a server.
Fig. 13 is a schematic structural diagram of an apparatus of an access network according to a tenth embodiment of the present invention.
As shown in fig. 13, the apparatus of the access network includes: a third receiving module 1302 and a second access module 1304, wherein,
a third receiving module 1302, configured to receive an access request sent by the first terminal; a second access module 1304, configured to access, according to the access request, the virtual private network to which the server belongs, the first terminal.
In the network access device provided by the embodiment of the application, an access request sent by a first terminal is received through a server; the server accesses the first terminal to the virtual private network to which the server belongs according to the access request, and the purpose of logging in the VPN without a password is achieved, so that the technical effect of improving the login efficiency is achieved, and the technical problem that the login efficiency is low due to the fact that the VPN is logged in the prior art is solved.
It should be noted here that the third receiving module 1302 and the second accessing module 1304 correspond to steps S802 to S804 in the third embodiment, and the two modules are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in the fourth embodiment. It should be noted that the above modules may be executed in the server provided in the fourth embodiment as a part of the apparatus, and may be implemented by software or hardware.
Example 11
According to an embodiment of the present application, there is further provided an embodiment of an apparatus for implementing the method embodiment corresponding to the fifth embodiment, where the apparatus provided in the foregoing embodiment of the present application may be operated on an inspection system of the first terminal.
Fig. 14 is a schematic structural diagram of an apparatus for accessing a network according to an eleventh embodiment of the present invention.
As shown in fig. 14, the apparatus of the access network includes: a second detection module 1402, a third transmission module 1404, and a fourth transmission module 1406, wherein,
a second detecting module 1402, configured to detect whether data to be accessed in the user system is connected to a network resource in the virtual private network; a third sending module 1404, configured to send a prompt message to the user system if the detection result is yes, where the prompt message is used to indicate whether the user system accesses the virtual private network; the fourth sending module 1406 sends an access authentication request to the second terminal according to the received access confirmation information returned by the user system.
In the network access device provided by the embodiment of the application, whether the data to be accessed in the user system is connected with the network resource in the virtual private network is detected; if the detection result is yes, sending prompt information to the user system, wherein the prompt information is used for indicating whether the user system is accessed to the virtual private network; according to the received access confirmation information returned by the user system, the access authentication request is sent to the second terminal, the purpose of login to the VPN without a password is achieved, the technical effect of improving login efficiency is achieved, and the technical problem that the login efficiency is low due to the fact that the VPN is logged in the prior art is solved.
It should be noted here that the second detecting module 1402, the third sending module 1404, and the fourth sending module 1406 correspond to steps S902 to S906 in the fifth embodiment, and the three modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in the fifth embodiment. It should be noted that the above modules may be implemented in the inspection system of the first terminal provided in the fifth embodiment as a part of an apparatus, and may be implemented by software or hardware.
Example 12
According to an embodiment of the present application, there is further provided an embodiment of an apparatus for implementing the method embodiment corresponding to the sixth embodiment, where the apparatus provided in the foregoing embodiment of the present application may be operated on an inspection system of the first terminal.
Fig. 15 is a schematic structural diagram of an apparatus accessing a network according to a twelfth embodiment of the present invention.
As shown in fig. 15, the apparatus of the access network includes: a fourth receiving module 1502 and a fifth transmitting module 1504, wherein,
a fourth receiving module 1502, configured to receive the prompt message sent by the inspection system; a fifth sending module 1504, configured to return the access confirmation information according to the prompt information.
In the network access device provided by the embodiment of the application, the prompt message sent by the checking system is received; the access confirmation information is returned according to the prompt information, the purpose of login to the VPN without a password is achieved, the technical effect of improving login efficiency is achieved, and the technical problem that the login efficiency is low due to the fact that the VPN is logged in the prior art is solved.
It should be noted here that the fourth receiving module 1502 and the fifth sending module 1504 correspond to steps S1002 to S1004 in the fifth embodiment, and the two modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in the sixth embodiment. It should be noted that the above modules as a part of the apparatus may be run in the user system of the first terminal provided in the sixth embodiment, and may be implemented by software or hardware.
Example 13
The embodiment of the invention also provides a storage medium. Optionally, in this embodiment, the storage medium may be configured to store a program code executed by the method for accessing a network provided in the first embodiment.
Optionally, in this embodiment, the storage medium may be located in any one of computer terminals in a computer terminal group in a computer network, or in any one of mobile terminals in a mobile terminal group.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: determining that a data connection to be accessed needs to access a virtual private network; sending an access authentication request to a second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request; receiving access confirmation information returned by the second terminal according to the access authentication request; and accessing the virtual private network to which the server belongs according to the access confirmation information.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: determining that the data connection to be accessed requires access to the virtual private network comprises: analyzing the currently accessed data, and acquiring target access information in the data, wherein the target access information comprises: at least one of a path address, an internet protocol address or an access identifier carried in the data; and matching the target access information with a pre-stored access data list, and judging whether the target access information is matched with the identifier of the access virtual private network in the pre-stored access data list.
Further, optionally, in the present embodiment, the storage medium is configured to store program code for performing the following steps: after the first terminal judges whether the target access information is matched with the identifier of the access virtual private network in the pre-stored access data list, the step of sending the access authentication request to the second terminal comprises the following steps: if the judgment result is yes, displaying prompt information, wherein the prompt information is used for indicating whether the user accesses the virtual private network; receiving an access confirmation instruction, wherein the access confirmation instruction is used for indicating the first terminal to confirm to access the virtual private network; and sending an access authentication request to the second terminal according to the access confirmation instruction.
Optionally, in this embodiment, the storage medium is configured to store program codes for performing the following steps: the virtual private network to which the access server belongs according to the access confirmation information comprises: under the condition that the access confirmation information carries the verification signaling of the second terminal, generating an access request according to the verification signaling and the pre-stored identity verification information; an access request is sent to the server.
Further, optionally, the pre-storing the authentication information includes: a certificate of authenticity, wherein the certificate of authenticity comprises: the account and the password are used for logging in the virtual private network.
Optionally, in this embodiment, the storage medium is configured to store program codes for performing the following steps: after a first terminal accesses a virtual private network, the first terminal detects whether an operation of requesting data from the virtual private network exists or not within a preset time interval; under the condition that the detection result is negative, the first terminal judges whether the current detection time is greater than or equal to an upper limit threshold value of a preset time interval; and if so, the first terminal sends a disconnection request to the virtual private network, wherein the disconnection request is used for instructing the server to disconnect the link of the first terminal accessing the virtual private network.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (23)

1. A system for accessing a network, comprising: a terminal and a server, wherein,
the terminal is used for determining that the connection of data to be accessed needs to be connected with a virtual private network, verifying the data to be accessed through a preset verification mode and sending an access request to the server according to a verification result, wherein the preset verification mode is used for verifying whether prestored identity verification information of the terminal meets the standard of accessing the server or not; the network to which the server belongs is the virtual private network;
the server is connected with the terminal and used for receiving the access request sent by the terminal and accessing the terminal to the virtual private network to which the server belongs according to the access request;
wherein the determining that the data connection to be accessed needs to be connected to the virtual private network comprises: detecting whether the data to be accessed is connected with network resources in the virtual private network; the access request carries pre-stored identity authentication information of the terminal;
the terminal includes: a first terminal and a second terminal, wherein,
the first terminal is used for determining that the data connection to be accessed needs to be connected with the network resource in the virtual private network; sending an access authentication request to the second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal accesses the virtual private network or not according to the pre-stored identity verification information in the access authentication request; the pre-stored authentication information comprises: verifying the certificate;
the second terminal is connected with the first terminal and used for receiving the access authentication request and detecting whether the verification certificate is matched with verification signaling accessed to the virtual private network; and if the detection result is yes, returning access confirmation information to the first terminal, so that the first terminal sends the access request to the server according to the access confirmation information.
2. The system of access network of claim 1, wherein the authentication certificate comprises: and the account and the password are used for logging in the virtual private network.
3. The system of accessing a network according to claim 1, wherein the first terminal comprises: a user system and an inspection system, wherein,
the checking system is used for detecting whether the data to be accessed in the user system is connected with the network resource in the virtual private network; sending prompt information to the user system, wherein the prompt information is used for indicating whether the user system is accessed to the virtual private network;
the user system is connected with the checking system and used for receiving the prompt information and returning confirmation access information according to the prompt information;
the checking system is further configured to send the access authentication request to the second terminal according to the received access confirmation information.
4. The system according to claim 1, wherein the first terminal is further configured to detect whether there is an operation of requesting data from the virtual private network within a preset time interval after accessing the virtual private network, determine whether the current detection time is greater than or equal to an upper threshold in the preset time interval if the detection result is negative, and send a disconnection request to the virtual private network if the determination result is positive, where the disconnection request is used to instruct the server to disconnect the link of the first terminal accessing the virtual private network.
5. System for accessing a network according to claim 1 or 3, characterised in that said second terminal comprises: a mobile terminal; the mobile terminal is configured to receive the access authentication request, perform authentication according to the authentication certificate carried in the access authentication request and a verification array pre-stored in the mobile terminal, and return the access confirmation information to the first terminal when the authentication is successful.
6. The system according to claim 4, wherein the server is further configured to receive a disconnection request sent by the first terminal, and to disconnect the first terminal from the virtual private network according to the disconnection request.
7. A method for accessing a network, comprising:
the method comprises the steps that a first terminal determines that data connection to be accessed needs to access a virtual private network;
the first terminal sends an access authentication request to a second terminal, wherein the access authentication request is used for indicating the second terminal to judge whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request;
the first terminal receives access confirmation information returned by the second terminal according to the access authentication request;
the first terminal accesses the virtual private network to which the server belongs according to the access confirmation information;
wherein the determining that the data connection to be accessed needs to be connected to the virtual private network comprises: whether the data to be accessed is connected with the network resource in the virtual private network is detected.
8. The method of accessing a network according to claim 7, wherein the first terminal determining that the data connection to be accessed requires access to a virtual private network comprises:
the first terminal analyzes the currently accessed data and acquires target access information in the data, wherein the target access information comprises: at least one of a path address, an internet protocol address or an access identifier carried in the data;
and the first terminal matches the target access information with a pre-stored access data list and judges whether the target access information is matched with an identifier of an access virtual private network in the pre-stored access data list.
9. The method of claim 8, wherein after the first terminal determines whether the target access information matches an identifier of an access virtual private network in the pre-stored access data list, the first terminal sending an access authentication request to a second terminal comprises:
if the judgment result is yes, the first terminal displays prompt information, wherein the prompt information is used for indicating whether the user accesses the virtual private network;
the first terminal receives an access confirmation instruction, wherein the access confirmation instruction is used for indicating the first terminal to confirm to access the virtual private network;
and the first terminal sends an access authentication request to the second terminal according to the access confirmation instruction.
10. The method for accessing the network according to claim 7, wherein the accessing, by the first terminal, the virtual private network to which the server belongs according to the access confirmation information comprises:
under the condition that the access confirmation information carries a verification signaling of the second terminal, the first terminal generates an access request according to the verification signaling and the pre-stored identity verification information;
and the first terminal sends the access request to the server.
11. The method of accessing a network according to claim 10, wherein the pre-storing authentication information comprises: a certificate of authenticity, wherein the certificate of authenticity comprises: and the account and the password are used for logging in the virtual private network.
12. The method of accessing a network of claim 7, further comprising:
after the first terminal accesses the virtual private network, the first terminal detects whether an operation of requesting data from the virtual private network exists or not within a preset time interval;
under the condition that the detection result is negative, the first terminal judges whether the current detection time is greater than or equal to the upper limit threshold of the preset time interval or not;
and if so, the first terminal sends a disconnection request to the virtual private network, wherein the disconnection request is used for indicating the server to disconnect a link of the first terminal accessing the virtual private network.
13. A method for accessing a network, comprising:
the second terminal receives an access authentication request sent by the first terminal;
the second terminal judges whether to confirm the first terminal to access the virtual private network or not according to the prestored identity verification information of the first terminal carried in the access authentication request;
if the judgment result is yes, the second terminal sends access confirmation information to the first terminal;
wherein the pre-stored authentication information comprises: verifying the certificate; the authentication certificate includes: an account and a password, wherein the account and the password are used for logging in the virtual private network;
the second terminal judging whether to confirm the first terminal to access the virtual private network according to the pre-stored identity verification information of the first terminal carried in the access authentication request comprises the following steps:
the second terminal analyzes prestored identity verification information of the first terminal carried in the access authentication request to obtain a verification certificate in the prestored identity information;
and the second terminal detects whether the verification certificate is matched with a verification signaling accessed to the virtual private network, wherein the verification signaling is a verification array stored in the second terminal in advance.
14. A method for accessing a network, comprising:
the server receives an access request sent by a first terminal;
the server accesses the first terminal to a virtual private network to which the server belongs according to the access request;
the access request carries pre-stored identity authentication information of the first terminal; the pre-stored authentication information comprises: verifying the certificate; the authentication certificate includes: an account and a password, wherein the account and the password are used for logging in the virtual private network;
the server accessing the virtual private network to which the first terminal belongs according to the access request comprises:
analyzing the access request, and acquiring prestored identity authentication information of the first terminal and an authentication signaling of a second terminal, wherein the prestored identity authentication information is carried in the access request;
checking whether the pre-stored identity authentication information and the authentication signaling meet a preset access standard or not;
and if the verification result is yes, the server accesses the first terminal to the virtual private network to which the server belongs.
15. The method of accessing a network of claim 14, further comprising:
receiving a disconnection request sent by the first terminal;
and cutting off the first terminal from accessing the virtual private network according to the disconnection request.
16. A method for accessing a network, wherein a system applied to the access network of claim 1 comprises:
detecting whether data to be accessed in a user system is connected with network resources in the virtual private network;
if the detection result is yes, sending prompt information to the user system, wherein the prompt information is used for indicating whether the user system is accessed to the virtual private network;
and sending the access authentication request to a second terminal according to the received access confirmation information returned by the user system.
17. A method for accessing a network, wherein a system applied to the access network of claim 1 comprises:
receiving prompt information sent by an inspection system;
and returning access confirmation information according to the prompt information.
18. An apparatus for accessing a network, wherein the apparatus for accessing the network is a first terminal, comprising:
the first detection module is used for determining that the data connection to be accessed needs to access the virtual private network;
a first sending module, configured to send an access authentication request to a second terminal, where the access authentication request is used to instruct the second terminal to determine whether to confirm that the first terminal accesses the virtual private network according to pre-stored identity verification information of the first terminal, where the pre-stored identity verification information is carried in the access authentication request;
a first receiving module, configured to receive access confirmation information returned by the second terminal according to the access authentication request;
a first access module, configured to access the virtual private network to which the server belongs according to the access confirmation information;
wherein the determining that the data connection to be accessed needs to be connected to the virtual private network comprises: whether the data to be accessed is connected with the network resource in the virtual private network is detected.
19. An apparatus for accessing a network, wherein the apparatus for accessing the network is a second terminal, comprising:
the second receiving module is used for receiving an access authentication request sent by the first terminal;
the first verification module is used for judging whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request;
a second sending module, configured to send access confirmation information to the first terminal if the determination result is yes;
wherein the pre-stored authentication information comprises: verifying the certificate; the authentication certificate includes: an account and a password, wherein the account and the password are used for logging in the virtual private network;
judging whether to confirm that the first terminal is accessed to the virtual private network according to the prestored identity verification information of the first terminal carried in the access authentication request comprises the following steps: the second terminal analyzes prestored identity verification information of the first terminal carried in the access authentication request to obtain a verification certificate in the prestored identity information; and the second terminal detects whether the verification certificate is matched with a verification signaling accessed to the virtual private network, wherein the verification signaling is a verification array stored in the second terminal in advance.
20. An intelligent hardware, operable in a second terminal, comprising: a transceiver, a processor, a memory, and a display, wherein,
the receiver/transmitter is used for receiving an access authentication request sent by a first terminal;
the processor is connected with the receiver/transmitter and used for judging whether to confirm that the first terminal is accessed to the virtual private network or not according to prestored identity verification information of the first terminal carried in the access authentication request, wherein the processor judges whether to confirm that the first terminal is accessed to the virtual private network or not by calling verification signaling stored in the memory and displays a judgment result through the display screen;
the transceiver is further configured to send access confirmation information to the first terminal if the determination result is yes;
wherein the pre-stored authentication information comprises: verifying the certificate; the authentication certificate includes: an account and a password, wherein the account and the password are used for logging in the virtual private network;
judging whether to confirm that the first terminal is accessed to the virtual private network according to the prestored identity verification information of the first terminal carried in the access authentication request comprises the following steps: the second terminal analyzes prestored identity verification information of the first terminal carried in the access authentication request to obtain a verification certificate in the prestored identity information; and the second terminal detects whether the verification certificate is matched with a verification signaling accessed to the virtual private network, wherein the verification signaling is a verification array stored in the second terminal in advance.
21. An apparatus for accessing a network, wherein the apparatus for accessing the network is a server, comprising:
a third receiving module, configured to receive an access request sent by the first terminal;
a second access module, configured to access the first terminal to a virtual private network to which the server belongs according to the access request;
the access request carries pre-stored identity authentication information of the first terminal; the pre-stored authentication information comprises: verifying the certificate; the authentication certificate includes: an account and a password, wherein the account and the password are used for logging in the virtual private network;
accessing the virtual private network to which the first terminal belongs to the server according to the access request comprises: analyzing the access request, and acquiring prestored identity authentication information of the first terminal and an authentication signaling of a second terminal, wherein the prestored identity authentication information is carried in the access request; checking whether the pre-stored identity authentication information and the authentication signaling meet a preset access standard or not; and if the verification result is yes, the server accesses the first terminal to the virtual private network to which the server belongs.
22. An apparatus for accessing a network, wherein the system applied to the access network of claim 1 comprises:
the second detection module is used for detecting whether the data to be accessed in the user system is connected with the network resources in the virtual private network;
a third sending module, configured to send a prompt message to the user system if the detection result is yes, where the prompt message is used to indicate whether the user system accesses the virtual private network;
and the fourth sending module is used for sending the access authentication request to the second terminal according to the received access confirmation information returned by the user system.
23. An apparatus for accessing a network, wherein the system applied to the access network of claim 1 comprises:
the fourth receiving module is used for receiving the prompt message sent by the checking system;
and the fifth sending module is used for returning the access confirmation information according to the prompt information.
CN201710031638.5A 2017-01-17 2017-01-17 Method, device and system for accessing network Active CN108322366B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710031638.5A CN108322366B (en) 2017-01-17 2017-01-17 Method, device and system for accessing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710031638.5A CN108322366B (en) 2017-01-17 2017-01-17 Method, device and system for accessing network

Publications (2)

Publication Number Publication Date
CN108322366A CN108322366A (en) 2018-07-24
CN108322366B true CN108322366B (en) 2021-10-01

Family

ID=62891038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710031638.5A Active CN108322366B (en) 2017-01-17 2017-01-17 Method, device and system for accessing network

Country Status (1)

Country Link
CN (1) CN108322366B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995759B (en) * 2019-03-04 2022-10-28 平安科技(深圳)有限公司 Method for accessing VPC (virtual private network) by physical machine and related device
CN112953885B (en) * 2019-12-11 2023-04-18 中国移动通信集团山东有限公司 Virtual private network login method and device and computer equipment
CN113206817B (en) * 2020-02-03 2022-07-12 中移物联网有限公司 Equipment connection confirmation method and block chain network
CN114546927B (en) * 2020-11-24 2023-08-08 北京灵汐科技有限公司 Data transmission method, core, computer readable medium, and electronic device
CN113691545B (en) * 2021-08-26 2023-03-24 中国电信股份有限公司 Routing control method and device, electronic equipment and computer readable medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
CN101784049A (en) * 2009-12-31 2010-07-21 中兴通讯股份有限公司 Method and system thereof for controlling cars through mobile terminal
CN102143492A (en) * 2010-12-06 2011-08-03 东莞宇龙通信科技有限公司 Method for establishing virtual private network (VPN) connection, mobile terminal and server
CN103746812A (en) * 2013-12-30 2014-04-23 迈普通信技术股份有限公司 Access authentication method and system
CN104869043A (en) * 2015-06-04 2015-08-26 魅族科技(中国)有限公司 Method for establishing VPN (Virtual Private Network) connection and terminal
CN105162763A (en) * 2015-07-29 2015-12-16 网神信息技术(北京)股份有限公司 Method and device for processing communication data
CN105827624A (en) * 2016-04-26 2016-08-03 浙江宇视科技有限公司 Identity verifying system
CN105871677A (en) * 2016-05-12 2016-08-17 北京奇虎科技有限公司 Method and device for sharing VPN service among application
CN106209912A (en) * 2016-08-30 2016-12-07 迈普通信技术股份有限公司 Access authorization methods, device and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7305705B2 (en) * 2003-06-30 2007-12-04 Microsoft Corporation Reducing network configuration complexity with transparent virtual private networks

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447907A (en) * 2008-10-31 2009-06-03 北京东方中讯联合认证技术有限公司 VPN secure access method and system thereof
CN101784049A (en) * 2009-12-31 2010-07-21 中兴通讯股份有限公司 Method and system thereof for controlling cars through mobile terminal
CN102143492A (en) * 2010-12-06 2011-08-03 东莞宇龙通信科技有限公司 Method for establishing virtual private network (VPN) connection, mobile terminal and server
CN103746812A (en) * 2013-12-30 2014-04-23 迈普通信技术股份有限公司 Access authentication method and system
CN104869043A (en) * 2015-06-04 2015-08-26 魅族科技(中国)有限公司 Method for establishing VPN (Virtual Private Network) connection and terminal
CN105162763A (en) * 2015-07-29 2015-12-16 网神信息技术(北京)股份有限公司 Method and device for processing communication data
CN105827624A (en) * 2016-04-26 2016-08-03 浙江宇视科技有限公司 Identity verifying system
CN105871677A (en) * 2016-05-12 2016-08-17 北京奇虎科技有限公司 Method and device for sharing VPN service among application
CN106209912A (en) * 2016-08-30 2016-12-07 迈普通信技术股份有限公司 Access authorization methods, device and system

Also Published As

Publication number Publication date
CN108322366A (en) 2018-07-24

Similar Documents

Publication Publication Date Title
CN108322366B (en) Method, device and system for accessing network
US11310239B2 (en) Network connection method, hotspot terminal and management terminal
TWI780047B (en) Identity authentication method, device and system
CN105282126B (en) Login authentication method, terminal and server
CN105827600B (en) Method and device for logging in client
EP3101607A1 (en) NFC-ENABLED DEVICES FOR & xA;PERFORMING SECURE CONTACTLESS TRANSACTIONS AND USING HCE
US20180041893A1 (en) Method and system of multi-terminal mapping to a virtual sim card
CN103152400A (en) Method and system for logging in through mobile terminal and cloud server
CN104869043B (en) A kind of method and terminal for establishing VPN connection
US10244392B2 (en) Over-the-air personalization of network devices
CN110875819B (en) Password operation processing method, device and system
CN105100022A (en) Cipher processing method, server and system
CN104540135A (en) Safety access method of wireless network, device and terminal
CN111291372B (en) Method and device for detecting files of terminal equipment based on software gene technology
EP3179751B1 (en) Information sending method and apparatus, terminal device, and system
CN105471884A (en) Authentication method and server
CN111079140A (en) Method, device and system for preventing cheating
CN113812125A (en) Login behavior verification method, device and system, storage medium and electronic device
CN105991572B (en) Login authentication method, device and system of wireless network
CN111212062B (en) Information completion method and device, storage medium and electronic equipment
CN114020678B (en) Server serial console redirection method, device and system and electronic equipment
CN112422602B (en) Processing method, device and system for distributed coordination service
KR102054422B1 (en) Service providing system and method for security based on multi-channel authentication, and non-transitory computer readable medium having computer program recorded thereon
CN105187448A (en) Service processing method and service equipment
KR102054421B1 (en) Service providing system and method for security supporting multi-channel authentication, and non-transitory computer readable medium having computer program recorded thereon

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1258189

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant