CN109088884B - Website access method, device, server and storage medium based on identity authentication - Google Patents

Website access method, device, server and storage medium based on identity authentication Download PDF

Info

Publication number
CN109088884B
CN109088884B CN201811128064.4A CN201811128064A CN109088884B CN 109088884 B CN109088884 B CN 109088884B CN 201811128064 A CN201811128064 A CN 201811128064A CN 109088884 B CN109088884 B CN 109088884B
Authority
CN
China
Prior art keywords
website
target
mapping relation
relation table
camouflage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811128064.4A
Other languages
Chinese (zh)
Other versions
CN109088884A (en
Inventor
叶湘涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Ping An Medical Health Technology Service Co Ltd
Original Assignee
Ping An Medical and Healthcare Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Medical and Healthcare Management Co Ltd filed Critical Ping An Medical and Healthcare Management Co Ltd
Priority to CN201811128064.4A priority Critical patent/CN109088884B/en
Publication of CN109088884A publication Critical patent/CN109088884A/en
Application granted granted Critical
Publication of CN109088884B publication Critical patent/CN109088884B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a website access method, a website access device, a server and a storage medium based on identity authentication. The method comprises the following steps: receiving a login request sent by a terminal, wherein the login request carries a uniform account number and carries out identity authentication according to the uniform account number; if the identity authentication is passed, issuing a main interface of the unified login platform and a first mapping relation table to the terminal; when receiving an access request sent by the terminal, analyzing the access request; and determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website. The embodiment of the invention can prevent malicious users from attacking the server and improve the safety.

Description

Website access method, device, server and storage medium based on identity authentication
Technical Field
The invention relates to the technical field of computers, in particular to a website access method, a website access device, a website access server and a storage medium based on identity authentication.
Background
For a large-scale application system (such as a medical insurance management system), a plurality of service processing subsystems are usually involved, each service processing subsystem corresponds to one server, and data in the server corresponding to each service processing subsystem is independently stored and independently maintained.
At present, after a terminal successfully logs in a large-scale application system, a server may issue a mapping relation table between a menu option and a real website to the terminal, and each menu option corresponds to a service processing subsystem. After detecting a selection instruction of a user for a menu option, the terminal can determine a target menu option and a target access website corresponding to the selection instruction, wherein the target access website is a real network address. After receiving the access request sent by the terminal, the server can directly jump to the target access website carried by the access request, so as to realize that the terminal successfully accesses the target access website.
Therefore, the terminal directly accesses the target access website and displays the target access website on the user interface. The target access website is exposed to the user, so that a malicious user or a hacker can easily analyze the IP address of the server corresponding to the service processing subsystem according to the target access website, attack the server of the service processing subsystem, and tamper or steal data in the server, and the security is low.
Disclosure of Invention
The embodiment of the invention provides a website access method, a website access device, a server and a computer readable storage medium based on identity authentication, which can prevent malicious users from attacking the server and improve the security.
In one aspect, an embodiment of the present invention provides an identity authentication-based website access method, where the identity authentication-based website access method includes:
receiving a login request sent by a terminal, wherein the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
if the identity authentication is passed, a main interface of a unified login platform and a first mapping relation table are issued to the terminal, so that the main interface is displayed by the terminal; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
when an access request sent by the terminal is received, analyzing the access request, wherein the access request is generated by a selection instruction of a target menu option detected by the terminal on the main interface and is used for accessing a target camouflage website corresponding to the target menu option;
and determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website.
On the other hand, the embodiment of the invention provides an identity authentication-based website access device, which comprises:
the terminal comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a login request sent by the terminal, the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
the sending unit is used for issuing a main interface of a unified login platform and a first mapping relation table to the terminal if the identity authentication passes so that the terminal can display the main interface; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
the processing unit is used for analyzing the access request when receiving the access request sent by the terminal, wherein the access request is generated by a selection instruction of the terminal on a target menu option detected by the terminal on the main interface and is used for accessing a target camouflage website corresponding to the target menu option;
and the processing unit is also used for determining a target real website according to the target camouflage website in the analysis result and accessing the target real website.
In still another aspect, an embodiment of the present invention provides a server, where the server includes a memory, a transceiver, and a processor, where the processor, the transceiver, and the memory are connected to each other, where the transceiver is configured to receive and transmit messages under control of the processor, the memory is configured to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to perform the following steps:
receiving a login request sent by a terminal, wherein the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
if the identity authentication is passed, a main interface of a unified login platform and a first mapping relation table are issued to the terminal, so that the main interface is displayed by the terminal; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
when an access request sent by the terminal is received, analyzing the access request, wherein the access request is generated by a selection instruction of a target menu option detected by the terminal on the main interface and is used for accessing a target camouflage website corresponding to the target menu option;
and determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website.
In yet another aspect, an embodiment of the present invention provides a computer-readable storage medium, in which a computer program is stored. The computer program comprises at least one program instruction, the at least one program instruction being loadable by a processor and adapted to perform the steps of:
receiving a login request sent by a terminal, wherein the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
if the identity authentication is passed, a main interface of a unified login platform and a first mapping relation table are issued to the terminal, so that the main interface is displayed by the terminal; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
when an access request sent by the terminal is received, analyzing the access request, wherein the access request is generated by a selection instruction of a target menu option detected by the terminal on the main interface and is used for accessing a target camouflage website corresponding to the target menu option;
and determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website.
In the embodiment of the invention, after the login request sent by the terminal is received, the identity authentication can be carried out according to the unified account carried by the login request. After the identity authentication is passed, the main interface of the unified login platform and the first mapping relation table (the mapping relation table of the menu option and the disguised website) can be issued to the terminal. When receiving an access request sent by a terminal, analyzing the access request, and determining and accessing a target real website according to an analysis result. The mapping relation table of the menu options and the disguised website is sent to the terminal, so that the website accessed by the terminal determined according to the selection instruction of the user on the menu options is a disguised website, the terminal is prevented from exposing a real website, a malicious user or a hacker cannot analyze the IP address of the server of the target subsystem corresponding to the target menu options according to the disguised website, the server can be prevented from being attacked, falsified or stolen by the malicious user or the hacker, and the safety is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments of the present invention will be briefly described below.
Fig. 1 is a schematic flowchart of a website access method based on identity authentication according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a website address accessing method based on authentication according to another embodiment of the present invention;
fig. 3a is an application scenario diagram of a website access method based on identity authentication according to an embodiment of the present invention;
fig. 3b is an application scenario diagram of a website access method based on identity authentication according to an embodiment of the present invention;
fig. 3c is an application scenario diagram of a website access method based on identity authentication according to an embodiment of the present invention;
fig. 3d is an application scenario diagram of a website access method based on identity authentication according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a website address access apparatus based on authentication according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solution in the embodiment of the present invention is described below with reference to the drawings in the embodiment of the present invention.
The embodiment of the invention provides an identity authentication-based website access method, which can be applied to a unified login platform, wherein the unified login platform can be a platform which is built by one or more servers and can jump to and log in different service subsystems, for example, the unified login platform can be a medical insurance unified login platform, and the medical insurance unified login platform can be associated with a plurality of medical insurance service subsystems. The main interface of the unified login platform may include one or more menu options, and each menu option may correspond to a login entry of a service subsystem. The website access method based on identity authentication is applied to a unified login platform, so that when jumping and logging in other service subsystems, the website displayed on a terminal side is a disguised website, the disguised website is exposed to a user, a malicious user or a hacker can not analyze the IP address of the server of the target subsystem corresponding to the target menu option according to the disguised website, the server can be prevented from being attacked, falsified or stolen by the malicious user or the hacker, and the safety is improved.
Referring to fig. 1, a website access method based on authentication according to an embodiment of the present invention is provided, and the website access method based on authentication may be executed by the unified login platform. As shown in fig. 1, the website address access method based on authentication may include the following steps S101-S104:
s101, receiving a login request sent by a terminal, wherein the login request carries a unified account, and performing identity authentication according to the unified account, and the unified account comprises a unified user name and a unified password.
Specifically, when a user wants to log in the unified login platform, a unified account can be input in a unified login interface displayed by the terminal, and the unified account includes a unified user name and a unified password. After detecting that the unified user name and the unified password are input, the terminal can send a login request to the unified login platform, wherein the login request can carry a unified account number input by the user, namely the login request can carry the unified user name and the unified password.
After receiving a login request sent by a terminal, the unified login platform can perform identity authentication according to a unified user name and a unified password carried in the login request. Specifically, the unified login platform may obtain a preset login account list, where the login account list may include one or more unified user names and unified passwords corresponding to the unified user names. After the login account list is obtained, whether the unified user name carried by the login request exists or not can be inquired in the login account list. If not, the authentication fails. If yes, inquiring a unified password corresponding to a unified user name carried by the login request in a login account list; and detecting whether the inquired unified password is the same as the unified password carried by the login request, if so, passing the authentication, and executing the step S102. If not, the authentication fails.
And S102, if the identity authentication is passed, issuing a main interface of the unified login platform and a first mapping relation table to the terminal so that the terminal displays the main interface.
The main interface comprises at least one menu option of the subsystem, the subsystems and the menu options are in one-to-one correspondence, and each menu option can be a login entry of the corresponding subsystem. And issuing the main interface to the terminal so that the terminal displays the main interface, and thus, a user can skip and log in a subsystem corresponding to the menu option by clicking the menu option in the main interface displayed by the terminal.
The first mapping relation table is a mapping relation table of the menu options and the disguised website, and the first mapping relation table may be preset, for example, set when a unified login platform is built. When setting the first mapping relationship table, a first mapping relationship table may be constructed first, and the first mapping relationship table is initialized; generating a camouflage network address for each menu option, and then adding the menu options and the camouflage network addresses to the initialized first mapping relation table in a one-to-one correspondence manner. Because the website at least includes two parts of domain name and route, wherein the domain name can also be called network domain, is the name of a certain computer or computer group on the Internet (Internet) composed of a string of names separated by points, and is used for identifying the electronic position (sometimes also referred to as geographical position) of the computer during data transmission; a path may be used to represent a route to find a system or file. Therefore, when generating the disguised website, the domain name can be disguised, the path can be disguised, and both the domain name and the path can be disguised. That is, the disguised website herein may include any one of the following: the domain name disguise website only subjected to domain name disguise, the path disguise website only subjected to domain name disguise and the path, the disguise website only subjected to path disguise and the like.
It should be noted that the first mapping relation table may also be modified according to service requirements (for example, increasing or decreasing subsystems and increasing or decreasing menu options). And issuing the first mapping relation table to the terminal, so that the terminal determines the target menu option according to the selection instruction after detecting the selection instruction of the user on the menu option in the main interface, and determines the target camouflage website corresponding to the target menu option according to the first mapping relation table. The terminal does not know that the website determined according to the first mapping relation table is a disguised website, considers that the website is the real website corresponding to the target menu option, and sends an access request to the unified login platform, wherein the access request can carry the target disguised website to access the target disguised website.
S103, when receiving the access request sent by the terminal, analyzing the access request.
And S104, determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website.
The access request in steps S103-S104 is generated by a selection instruction for the target menu option detected by the terminal on the main interface, and is used to access the target masquerading website corresponding to the target menu option. After receiving the access request sent by the terminal, the unified login platform can analyze the access request to obtain an analysis result containing the target camouflage website. And then determining a target real website according to the target camouflage website and accessing the target real website. When the target real website is determined according to the target camouflage website, the target real website can be directly determined according to the corresponding relation table of the camouflage website and the real website, and the target real website corresponding to the target camouflage website is directly inquired from the corresponding relation table.
In the embodiment of the invention, after the login request sent by the terminal is received, the identity authentication can be carried out according to the unified account carried by the login request. After the identity authentication is passed, the main interface of the unified login platform and the first mapping relation table (the mapping relation table of the menu option and the disguised website) can be issued to the terminal. When receiving an access request sent by a terminal, analyzing the access request, and determining and accessing a target real website according to an analysis result. The mapping relation table of the menu options and the disguised website is sent to the terminal, so that the website accessed by the terminal determined according to the selection instruction of the user on the menu options is a disguised website, the terminal is prevented from exposing a real website, a malicious user or a hacker cannot analyze the IP address of the server of the target subsystem corresponding to the target menu options according to the disguised website, the server can be prevented from being attacked, falsified or stolen by the malicious user or the hacker, and the safety is improved.
Referring to fig. 2, another website access method based on authentication according to an embodiment of the present invention is provided, and the website access method based on authentication may be executed by the unified login platform. As shown in fig. 2, the website address access method based on authentication may include the following steps S201 to S207:
s201, receiving a login request sent by a terminal, wherein the login request carries a unified account, and performing identity authentication according to the unified account, and the unified account comprises a unified user name and a unified password.
S202, if the identity authentication is passed, establishing a first communication connection with the terminal.
S203, the main interface of the unified login platform and the first mapping relation table are issued to the terminal, so that the terminal displays the main interface.
The first mapping relation table is a mapping relation table of the menu option and the disguised website, and the first mapping relation table may be preset. When setting the first mapping relationship table, a first mapping relationship table may be constructed first, and the first mapping relationship table is initialized; then, aiming at the menu option of any subsystem in the main interface, acquiring the real access path of the menu option; acquiring a domain name of a unified login platform, splicing the domain name and the real access path to obtain a domain name camouflage website, and using the domain name camouflage website as a camouflage website; and then adding the menu options and the disguised website to the initialized first mapping relation table.
For example: for a menu option of any subsystem, for example, menu option 1 of subsystem 1, the real website of menu option 1 is: html, where www.baidu.com is the domain name and/aaa/index html is the real access path for menu option 1. The obtained domain name of the unified login platform is as follows: www.pertal.com, respectively; splicing the domain name of the unified login platform and the real access path of the menu option 1 to obtain a domain name camouflage website, and using the domain name camouflage website as a camouflage website, namely the camouflage website is as follows: html www.pertal.com/aaa/index. And then adding the menu option 1 and the disguised website to the initialized first mapping relation table.
In one embodiment, after the domain name masquerading website is used as the masquerading website, the menu option and the masquerading website are added to the initialized first mapping relation table, and a masquerading access path of the menu option can be acquired, wherein the masquerading access path can be preset; then replacing a real access path in the domain name camouflage website by adopting the camouflage access path to obtain a path camouflage website, and taking the path camouflage website as the camouflage website; and then executing the step of adding the menu option and the disguised website to the initialized first mapping relation table.
For example: still taking menu option 1 of subsystem 1 above as an example, the domain name masquerading website of menu option 1 is www.pertal.com/aaa/index. html, where/aaa/index. html is the real access path of menu option 1. Html, replacing the real access path/aaa/index.html with the disguised access path/bbb/index.html on the basis of the disguised domain name website to obtain a path disguised website, and taking the path disguised website as the disguised website, namely the disguised website is: html www.pertal.com/bbb/index. And then adding the menu option 1 and the disguised website to the initialized first mapping relation table.
By adopting the above manner, after generating the masquerading websites for the menu options of all the subsystems in the main interface, all the menu options and the corresponding masquerading websites thereof are added to the first mapping relation table, so that the first mapping relation table shown in table 1 can be obtained.
TABLE 1
Menu options Camouflage website
Menu option 1 www.pertal.com/bbb/index.html
Menu option 1 www.pertal.com/ddd/index.html
Menu option 1 www.pertal.com/eee/index.html
…… ……
After establishing a first communication connection with the terminal, a main interface of the unified login platform and a first mapping relation table can be issued to the terminal so that the terminal can display the main interface, and after detecting a selection instruction of a user for a menu option in the main interface, the terminal can determine a target menu option according to the selection instruction and determine a target camouflage website corresponding to the target menu option according to the first mapping relation table.
And S204, when receiving the access request sent by the terminal, analyzing the access request.
Specifically, when the user wants to access the target subsystem, the user may click a target menu option of the target subsystem in a main interface displayed by the terminal. After detecting the click command of the user to the target menu option, the terminal can determine the target menu option according to the click command. And then determining a target camouflage website corresponding to the target menu option according to the first mapping relation table, and then sending an access request to the unified login platform, wherein the access request carries the target camouflage website. After receiving the access request, the unified login platform can analyze the access request to obtain an analysis result.
S205, determining a target real website according to the target camouflage website in the analysis result.
The parsing result may include the target disguised website, and accordingly, the specific implementation manner of determining the target real website according to the parsing result may be: determining a target camouflage access path in the target camouflage website according to the target camouflage website in the analysis result; acquiring a second mapping relation table, wherein the second mapping relation table is a mapping relation table of the disguised access path and the real website; and inquiring a target real website corresponding to the target disguised access path in the second mapping relation table.
The second mapping relationship table may also be preset, and when the second mapping relationship table is set, the second mapping relationship table may be constructed first, and the second mapping relationship table is initialized; secondly, acquiring a disguised access path of the menu option and a real website of the menu option aiming at the menu option of any subsystem in the main interface, wherein the disguised access path is preset; and then adding the disguised access path and the real website to the initialized second mapping relation table. For example: the actual website of the subsystem 1 corresponding to the menu option 1 is acquired as follows: html, www.baidu.com/aaa/index, the masquerading access path is: html; and correspondingly adding the real website and the disguised access path into a second mapping relation table. And according to the above manner, the disguised access paths of all menu options and the corresponding real websites thereof are added to the initialized second mapping relationship table in a one-to-one correspondence manner, so that the second mapping relationship table shown in table 2 can be obtained.
TABLE 2
Masquerading access path True web site
bbb/index.html www.baidu.com/aaa/index.html
ddd/index.html www.baidu.com/ccc/index.html
eee/index.html www.baidu.com/fff/index.html
…… ……
S206, keeping the first communication connection with the terminal, and establishing a second communication connection with the target subsystem corresponding to the target menu option according to the target real website.
After the target real website is determined, a second communication connection with the target subsystem corresponding to the target menu option may be established according to the target real website. Specifically, a third mapping relationship table may be obtained, where the third mapping relationship table is a mapping relationship table between a real website and a subsystem account, and the subsystem account includes a user name and a password; inquiring a target subsystem account corresponding to the target real website in a third mapping relation table; and sending a communication connection establishment request to the target subsystem to establish a second communication connection of the target subsystem corresponding to the target menu option, wherein the establishment request carries the account number of the target subsystem. After receiving the establishment request, the target subsystem may perform identity authentication according to the target subsystem account carried in the establishment request, and if the authentication is passed, establish a second communication connection. The unified login platform can directly acquire the target user name and the target password of the target subsystem, and the user does not need to manually input the target user name and the target password again, so that the system login efficiency and convenience are improved.
The third mapping relationship table may be preset, and when the third mapping relationship table is set, the third mapping relationship table may be constructed first, and the third mapping relationship table is initialized; and secondly, acquiring a subsystem account of the subsystem corresponding to the real website, and correspondingly adding the real website and the corresponding subsystem account into the initialized third mapping relation table. All real websites and system accounts thereof are added to the initialized third mapping relationship table in a one-to-one correspondence manner, so that the third mapping relationship table shown in table 3 can be obtained.
TABLE 3
True web site User name Cipher code
www.baidu.com/aaa/index.html User_1 147
www.google.com/ccc/index.html User_2 258
www.sogou.com/fff/index.html User_3 369
…… …… ……
Therefore, after receiving the access request of the terminal, the embodiment of the invention does not establish connection between the terminal and the target subsystem corresponding to the target menu option, but establishes connection between the unified login platform and the target subsystem. In addition, the terminal accesses a camouflage website, the visitor of the target real website is a unified login platform, and the terminal does not know what the target real website is, so that the target real website can be prevented from being exposed to the user, and the safety is improved.
And S207, if the second communication connection is successfully established, accessing the target real website.
In one embodiment, if the unified login platform receives a system logout request sent by the terminal, the first communication connection with the terminal and the second communication connection with the target subsystem are disconnected, where the system logout request may be generated by the terminal according to a logout instruction detected on the main interface of the unified login platform or the sub-interface of any one of the subsystems. For example, if the terminal detects that the user clicks a log-out button on the sub-interface of the subsystem 1, the terminal may send a system log-out request to the unified log-in platform; for another example, if the terminal detects that the user clicks the log-out button on the main interface of the unified login platform, the terminal may still send a system log-out request to the unified login platform.
In addition, if the unified login platform maintains communication with other subsystems in addition to the terminal and the target subsystem, the unified login platform also disconnects communication with other subsystems after receiving a system logout request sent by the terminal. That is to say, the unified login platform can provide a unified logout function, a user can click a logout button in a main interface of the unified login platform or a sub-interface of any other subsystem, and once the terminal detects that the user clicks the logout button, the terminal can send a system logout request to the unified login platform, and at this moment, the unified login platform and all subsystems can be logged out.
In the embodiment of the invention, after the login request sent by the terminal is received, the identity authentication can be carried out according to the unified account carried by the login request. After the identity authentication is passed, the main interface of the unified login platform and the first mapping relation table (the mapping relation table of the menu option and the disguised website) can be issued to the terminal. When receiving an access request sent by a terminal, analyzing the access request, and determining and accessing a target real website according to an analysis result. The mapping relation table of the menu options and the disguised website is sent to the terminal, so that the website accessed by the terminal determined according to the selection instruction of the user on the menu options is a disguised website, the terminal is prevented from exposing a real website, a malicious user or a hacker cannot analyze the IP address of the server of the target subsystem corresponding to the target menu options according to the disguised website, the server can be prevented from being attacked, falsified or stolen by the malicious user or the hacker, and the safety is improved.
Please refer to fig. 3a to 3d, which are application scene diagrams of the website access method based on identity authentication according to the embodiment of the present invention, and the website access method based on identity authentication is applied to the unified login platform for medical insurance. As shown in FIG. 3a, the user can input a unified user name and a unified password in the login interface of the medical insurance unified login platform, and click the "login" button. At this time, the terminal may send a login request to the medical insurance unified login platform, after the medical insurance unified login platform successfully performs identity authentication according to the unified user name and the unified password carried by the login request, a main interface of the medical insurance unified login platform may be issued to the terminal, the terminal displays the main interface, and the main interface may include menu options corresponding to a plurality of medical insurance service subsystems, as shown in fig. 3 b. At this time, the terminal can display the website of the medical insurance unified login platform, namely the website displayed in the website display bar is as follows: www.pertal.com are provided.
If the user wants to log in the medical insurance business subsystem 1, the user can click a menu option corresponding to the medical insurance business subsystem 1, as shown in fig. 3 c. At this time, the terminal can send an access request to the medical insurance unified login platform, wherein the access request carries the target camouflage website. And the medical insurance unified login platform determines a target real website according to the target camouflage website in the access request and accesses the target real website. After successful access, the sub-interface of the medical insurance business subsystem 1 may be issued to the terminal, so that the terminal may display the sub-interface of the medical insurance business subsystem 1, as shown in fig. 3 d. At this time, the terminal can display the target camouflage website of the medical insurance service subsystem 1, namely, the website displayed in the website display bar is as follows: html www.pertal.com/bbb/index, but the actual target real web address is www.baidu.com/aaa/index. When the sub-interface of the medical insurance business subsystem 1 is displayed, the domain name of the website in the website display column is the same as the domain name of the unified login platform, so that the user can not be felt to cross-domain when logging in the medical insurance business subsystem 1, and the cross-domain means that any one of the domain name, the port and the protocol is different when a webpage of one domain name requests a resource of another domain name.
Fig. 4 is a schematic structural diagram of a website address access apparatus based on authentication according to an embodiment of the present invention. As shown in fig. 4, the apparatus in the embodiment of the present invention may include:
the terminal comprises a receiving unit 101, a login request sending by a terminal, a login authentication unit and a password authentication unit, wherein the login request carries a unified account, and the identity authentication unit carries out identity authentication according to the unified account, and the unified account comprises a unified user name and a unified password;
a sending unit 102, configured to issue a main interface of a unified login platform and a first mapping relationship table to the terminal if the identity authentication passes, so that the terminal displays the main interface; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
the processing unit 103 is configured to, when receiving an access request sent by the terminal, parse the access request, where the access request is generated by a selection instruction for a target menu option detected by the terminal on the main interface, and is used to access a target masquerading website corresponding to the target menu option;
and the processing unit is also used for determining a target real website according to the target camouflage website in the analysis result and accessing the target real website.
In one embodiment, the processing unit 103 is further configured to:
constructing a first mapping relation table, and initializing the first mapping relation table;
aiming at the menu option of any subsystem in the main interface, acquiring a real access path of the menu option;
acquiring a domain name of the unified login platform, splicing the domain name and the real access path to obtain a domain name camouflage website, and using the domain name camouflage website as a camouflage website;
and adding the menu options and the disguised website to the initialized first mapping relation table.
In still another embodiment, when the processing unit 103 is configured to add the menu option and the masquerading website to the initialized first mapping relation table after the domain name masquerading website is used as the masquerading website, it is further configured to:
acquiring a disguised access path of the menu option, wherein the disguised access path is preset;
replacing the real access path in the domain name camouflage website with the camouflage access path to obtain a path camouflage website, and using the path camouflage website as a camouflage website;
in another embodiment, when the processing unit 103 is configured to determine the target real website according to the target camouflage website in the parsing result, it may specifically be configured to:
determining a target camouflage access path in the target camouflage website according to the target camouflage website in the analysis result;
acquiring a second mapping relation table, wherein the second mapping relation table is a mapping relation table of a disguised access path and a real website;
and inquiring a target real website corresponding to the target disguised access path in the second mapping relation table.
In yet another embodiment, the processing unit 103 is further configured to:
constructing a second mapping relation table, and initializing the second mapping relation table;
aiming at a menu option of any subsystem in the main interface, acquiring a disguised access path of the menu option and a real website of the menu option, wherein the disguised access path is preset;
and adding the disguised access path and the real website to an initialized second mapping relation table.
In yet another embodiment, before issuing the main interface of the unified login platform, the processing unit 103 may be further configured to:
establishing a first communication connection with the terminal;
before the accessing the target real website, the processing unit 103 may be further configured to:
maintaining a first communication connection with the terminal, and establishing a second communication connection with a target subsystem corresponding to the target menu option according to the target real website;
and if the second communication connection is successfully established, executing the step of accessing the target real website.
In another embodiment, when the processing unit 103 is configured to establish the second communication connection with the target subsystem corresponding to the target menu option, specifically, the processing unit is configured to:
acquiring a third mapping relation table, wherein the third mapping relation table is a mapping relation table of a real website and a subsystem account, and the subsystem account comprises a user name and a password;
inquiring a target subsystem account corresponding to the target real website in the third mapping relation table;
and sending a communication connection establishment request to the target subsystem to establish a second communication connection of the target subsystem corresponding to the target menu option, wherein the establishment request carries the account number of the target subsystem.
In the embodiment of the invention, after the login request sent by the terminal is received, the identity authentication can be carried out according to the unified account carried by the login request. After the identity authentication is passed, the main interface of the unified login platform and the first mapping relation table (the mapping relation table of the menu option and the disguised website) can be issued to the terminal. When receiving an access request sent by a terminal, analyzing the access request, and determining and accessing a target real website according to an analysis result. The mapping relation table of the menu options and the disguised website is sent to the terminal, so that the website accessed by the terminal determined according to the selection instruction of the user on the menu options is a disguised website, the terminal is prevented from exposing a real website, a malicious user or a hacker cannot analyze the IP address of the server of the target subsystem corresponding to the target menu options according to the disguised website, the server can be prevented from being attacked, falsified or stolen by the malicious user or the hacker, and the safety is improved.
Based on the above described website access method and apparatus based on authentication, the embodiment of the present invention further provides a server, where the server may be used to implement the above described website access method based on authentication, and the server may be used to build the above described unified login platform (medical insurance unified login platform). Fig. 5 is a schematic structural diagram of a server according to an embodiment of the present invention. As shown in fig. 5, the server includes a memory 201, a transceiver 202, and a processor 203, where the processor 203, the transceiver 202, and the memory 201 may be connected to each other, where the transceiver 202 may be controlled by the processor 203 to send and receive messages, the transceiver 202 may correspond to the receiving unit 101 and the sending unit 102 in the above-described embodiment of the invention, and the processor 203 may correspond to the processing unit 103 in the above-described embodiment of the invention. The memory 201 may be used to store a computer program comprising program instructions. In another embodiment, the processor 203, the transceiver 202 and the memory 201 may be connected to each other by a bus.
It will be understood by those skilled in the art that all or part of the processes in the methods of the above embodiments may be implemented by hardware related to instructions of a computer program, where the program may be stored in a computer-readable storage medium, and the program includes at least one program instruction, and the at least one program instruction is loaded by the processor 203 and used to execute the following steps:
receiving a login request sent by a terminal, wherein the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
if the identity authentication is passed, a main interface of a unified login platform and a first mapping relation table are issued to the terminal, so that the main interface is displayed by the terminal; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
when an access request sent by the terminal is received, analyzing the access request, wherein the access request is generated by a selection instruction of a target menu option detected by the terminal on the main interface and is used for accessing a target camouflage website corresponding to the target menu option;
and determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website.
In one embodiment, the at least one program instruction may also be loaded by processor 203 and used to perform:
constructing a first mapping relation table, and initializing the first mapping relation table;
aiming at the menu option of any subsystem in the main interface, acquiring a real access path of the menu option;
acquiring a domain name of the unified login platform, splicing the domain name and the real access path to obtain a domain name camouflage website, and using the domain name camouflage website as a camouflage website;
and adding the menu options and the disguised website to the initialized first mapping relation table.
In another embodiment, after the at least one program instruction is loaded by the processor 203 and is used to execute the step of adding the menu option and the domain name masquerading address to the initialized first mapping table after the domain name masquerading address is used as the masquerading address, the at least one program instruction may be loaded by the processor and is specifically used to execute:
acquiring a disguised access path of the menu option, wherein the disguised access path is preset;
and replacing the real access path in the domain name camouflage website by the camouflage access path to obtain a path camouflage website, and using the path camouflage website as a camouflage website.
In another embodiment, when the at least one program instruction is loaded by the processor 203 and is used to execute determining the target real website according to the target masquerading website in the parsing result, the at least one program instruction may be loaded by the processor and is specifically used to execute:
determining a target camouflage access path in the target camouflage website according to the target camouflage website in the analysis result;
acquiring a second mapping relation table, wherein the second mapping relation table is a mapping relation table of a disguised access path and a real website;
and inquiring a target real website corresponding to the target disguised access path in the second mapping relation table.
In yet another embodiment, the at least one program instruction may be further loadable by the processor 203 and operable to cause execution of:
constructing a second mapping relation table, and initializing the second mapping relation table;
aiming at a menu option of any subsystem in the main interface, acquiring a disguised access path of the menu option and a real website of the menu option, wherein the disguised access path is preset;
and adding the disguised access path and the real website to an initialized second mapping relation table.
In yet another embodiment, the at least one program instruction may be further loaded by the processor 203 and configured to perform, prior to said issuing the host interface of the unified login platform:
establishing a first communication connection with the terminal;
before the accessing the target real website, the method further comprises:
maintaining a first communication connection with the terminal, and establishing a second communication connection with a target subsystem corresponding to the target menu option according to the target real website;
and if the second communication connection is successfully established, executing the step of accessing the target real website.
In another embodiment, when the at least one program instruction is loaded by the processor 203 and is used to establish the second communication connection with the target subsystem corresponding to the target menu option, the at least one program instruction may be loaded by the processor and is specifically used to perform:
acquiring a third mapping relation table, wherein the third mapping relation table is a mapping relation table of a real website and a subsystem account, and the subsystem account comprises a user name and a password;
inquiring a target subsystem account corresponding to the target real website in the third mapping relation table;
and sending a communication connection establishment request to the target subsystem to establish a second communication connection of the target subsystem corresponding to the target menu option, wherein the establishment request carries the account number of the target subsystem.
In the embodiment of the invention, after the login request sent by the terminal is received, the identity authentication can be carried out according to the unified account carried by the login request. After the identity authentication is passed, the main interface of the unified login platform and the first mapping relation table (the mapping relation table of the menu option and the disguised website) can be issued to the terminal. When receiving an access request sent by a terminal, analyzing the access request, and determining and accessing a target real website according to an analysis result. The mapping relation table of the menu options and the disguised website is sent to the terminal, so that the website accessed by the terminal determined according to the selection instruction of the user on the menu options is a disguised website, the terminal is prevented from exposing a real website, a malicious user or a hacker cannot analyze the IP address of the server of the target subsystem corresponding to the target menu options according to the disguised website, the server can be prevented from being attacked, falsified or stolen by the malicious user or the hacker, and the safety is improved.
An embodiment of the present invention further provides a computer storage medium, where a computer program is stored in the computer storage medium. The computer program comprises at least one program instruction that is loadable by a processor and adapted to perform the authentication-based web site access method described above.
The computer storage medium is a memory device for storing programs and data. It is understood that the computer storage medium herein may include a built-in storage medium in the server, and may also include an extended storage medium supported by the server. In one embodiment, the computer storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
While the present disclosure has been described with reference to a particular embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure.

Claims (9)

1. A website access method based on identity authentication is characterized by comprising the following steps:
constructing a first mapping relation table, and initializing the first mapping relation table;
aiming at a menu option of any subsystem in a main interface of a unified login platform, acquiring a real access path of the menu option;
acquiring a domain name of the unified login platform, splicing the domain name and the real access path to obtain a domain name camouflage website, and using the domain name camouflage website as a camouflage website;
adding the menu option and the disguised website to an initialized first mapping relation table;
receiving a login request sent by a terminal, wherein the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
if the identity authentication is passed, a main interface of a unified login platform and a first mapping relation table are issued to the terminal, so that the main interface is displayed by the terminal; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
when an access request sent by the terminal is received, analyzing the access request, wherein the access request is generated by a selection instruction of a target menu option detected by the terminal on the main interface and is used for accessing a target camouflage website corresponding to the target menu option;
and determining a target real website according to the target camouflage website in the analysis result, and accessing the target real website.
2. The method of claim 1, wherein after the disguising the domain name website as a disguised website, and before the adding the menu option and the disguised website to the initialized first mapping relationship table, the method further comprises:
acquiring a disguised access path of the menu option, wherein the disguised access path is preset;
and replacing the real access path in the domain name camouflage website by the camouflage access path to obtain a path camouflage website, and using the path camouflage website as a camouflage website.
3. The method of claim 1, wherein the determining the target real website according to the target camouflage website in the parsing result comprises:
determining a target camouflage access path in the target camouflage website according to the target camouflage website in the analysis result;
acquiring a second mapping relation table, wherein the second mapping relation table is a mapping relation table of a disguised access path and a real website;
and inquiring a target real website corresponding to the target disguised access path in the second mapping relation table.
4. The method of claim 3, wherein the method further comprises:
constructing a second mapping relation table, and initializing the second mapping relation table;
aiming at a menu option of any subsystem in the main interface, acquiring a disguised access path of the menu option and a real website of the menu option, wherein the disguised access path is preset;
and adding the disguised access path and the real website to an initialized second mapping relation table.
5. The method of claim 1, wherein prior to issuing a host interface for a unified login platform, the method further comprises:
establishing a first communication connection with the terminal;
before the accessing the target real website, the method further comprises:
maintaining a first communication connection with the terminal, and establishing a second communication connection with a target subsystem corresponding to the target menu option according to the target real website;
and if the second communication connection is successfully established, executing the step of accessing the target real website.
6. The method of claim 5, wherein the establishing a second communication connection with a target subsystem corresponding to the target menu option comprises:
acquiring a third mapping relation table, wherein the third mapping relation table is a mapping relation table of a real website and a subsystem account, and the subsystem account comprises a user name and a password;
inquiring a target subsystem account corresponding to the target real website in the third mapping relation table;
and sending a communication connection establishment request to the target subsystem to establish a second communication connection of the target subsystem corresponding to the target menu option, wherein the establishment request carries the account number of the target subsystem.
7. An identity authentication-based website access device, comprising:
the processing unit is used for constructing a first mapping relation table and initializing the first mapping relation table;
the processing unit is also used for acquiring a real access path of the menu option aiming at the menu option of any subsystem in the main interface of the unified login platform;
the processing unit is further used for acquiring the domain name of the unified login platform, splicing the domain name and the real access path to obtain a domain name camouflage website, and using the domain name camouflage website as a camouflage website;
the processing unit is further used for adding the menu options and the disguised website to the initialized first mapping relation table;
the terminal comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a login request sent by the terminal, the login request carries a unified account, and identity authentication is carried out according to the unified account, and the unified account comprises a unified user name and a unified password;
the sending unit is used for issuing a main interface of a unified login platform and a first mapping relation table to the terminal if the identity authentication passes so that the terminal can display the main interface; the main interface comprises menu options of at least one subsystem, and the first mapping relation table is a mapping relation table of the menu options and the camouflage website;
the processing unit is further configured to, when receiving an access request sent by the terminal, parse the access request, where the access request is generated by a selection instruction for a target menu option detected by the terminal on the main interface, and is used to access a target masquerading website corresponding to the target menu option;
and the processing unit is also used for determining a target real website according to the target camouflage website in the analysis result and accessing the target real website.
8. A server, comprising a memory, a transceiver, and a processor, the transceiver, and the memory being interconnected, wherein the transceiver is configured to receive and transmit messages under the control of the processor, the memory is configured to store a computer program comprising program instructions, and the processor is configured to invoke the program instructions to perform the method of any of claims 1-6.
9. A computer-readable storage medium, characterized in that the computer storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method according to any of claims 1-6.
CN201811128064.4A 2018-09-26 2018-09-26 Website access method, device, server and storage medium based on identity authentication Active CN109088884B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811128064.4A CN109088884B (en) 2018-09-26 2018-09-26 Website access method, device, server and storage medium based on identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811128064.4A CN109088884B (en) 2018-09-26 2018-09-26 Website access method, device, server and storage medium based on identity authentication

Publications (2)

Publication Number Publication Date
CN109088884A CN109088884A (en) 2018-12-25
CN109088884B true CN109088884B (en) 2022-02-01

Family

ID=64842671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811128064.4A Active CN109088884B (en) 2018-09-26 2018-09-26 Website access method, device, server and storage medium based on identity authentication

Country Status (1)

Country Link
CN (1) CN109088884B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110286823A (en) * 2019-06-20 2019-09-27 西安西拓电气股份有限公司 Information processing method and device
CN111191254B (en) * 2019-08-01 2024-02-27 腾讯科技(深圳)有限公司 Access verification method, device, computer equipment and storage medium
CN112260983B (en) * 2020-07-01 2023-04-18 北京沃东天骏信息技术有限公司 Identity authentication method, device, equipment and computer readable storage medium
CN113569179A (en) * 2021-07-26 2021-10-29 城云科技(中国)有限公司 Subsystem access method and device based on unified website

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105307055A (en) * 2015-10-30 2016-02-03 深圳云聚汇数码有限公司 Timestamp-based network data access encryption method
CN106657044A (en) * 2016-12-12 2017-05-10 杭州电子科技大学 Webpage address hopping method for improving security defense of website system
CN106657074A (en) * 2016-12-26 2017-05-10 上海斐讯数据通信技术有限公司 URL camouflage and hidden parameter transmission method and system
CN106817375A (en) * 2017-02-07 2017-06-09 上海斐讯数据通信技术有限公司 Link dazzle system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9432358B2 (en) * 2013-10-31 2016-08-30 Tencent Technology (Shenzhen) Company Limited System and method of authenticating user account login request messages

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105307055A (en) * 2015-10-30 2016-02-03 深圳云聚汇数码有限公司 Timestamp-based network data access encryption method
CN106657044A (en) * 2016-12-12 2017-05-10 杭州电子科技大学 Webpage address hopping method for improving security defense of website system
CN106657074A (en) * 2016-12-26 2017-05-10 上海斐讯数据通信技术有限公司 URL camouflage and hidden parameter transmission method and system
CN106817375A (en) * 2017-02-07 2017-06-09 上海斐讯数据通信技术有限公司 Link dazzle system and method

Also Published As

Publication number Publication date
CN109088884A (en) 2018-12-25

Similar Documents

Publication Publication Date Title
CN109088884B (en) Website access method, device, server and storage medium based on identity authentication
US10574698B1 (en) Configuration and deployment of decoy content over a network
US9794283B2 (en) Predicting and preventing an attacker's next actions in a breached network
US10419425B2 (en) Method, device, and system for access control of a cloud hosting service
EP3345087B1 (en) Method, device, and system for access control of a cloud hosting service
CN105939326B (en) Method and device for processing message
JP6533871B2 (en) System and method for controlling sign-on to web applications
US10630676B2 (en) Protecting against malicious discovery of account existence
US8881248B2 (en) Service provider access
CN112597472B (en) Single sign-on method, device and storage medium
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
CN110602216B (en) Method and device for using single account by multiple terminals, cloud server and storage medium
CN106254319B (en) Light application login control method and device
CN110324338B (en) Data interaction method, device, fort machine and computer readable storage medium
US9059987B1 (en) Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network
CN107040518B (en) Private cloud server login method and system
US20180091355A1 (en) Single sign-on system and single sign-on method
CN111431753A (en) Asset information updating method, device, equipment and storage medium
CN108737398B (en) Processing method and device of trust system, computer equipment and storage medium
CN110602134B (en) Method, device and system for identifying illegal terminal access based on session label
US11222100B2 (en) Client server system
US11075922B2 (en) Decentralized method of tracking user login status
CN107172038B (en) Information processing method, platform, assembly and system for providing security service
JP5735687B1 (en) Program, method, and system for warning login
CN113709136B (en) Access request verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220608

Address after: 518000 China Aviation Center 2901, No. 1018, Huafu Road, Huahang community, Huaqiang North Street, Futian District, Shenzhen, Guangdong Province

Patentee after: Shenzhen Ping An medical and Health Technology Service Co.,Ltd.

Address before: Room 12G, Block H, 666 Beijing East Road, Huangpu District, Shanghai 200000

Patentee before: PING AN MEDICAL AND HEALTHCARE MANAGEMENT Co.,Ltd.