CN114584400B - Authentication method, authentication device, electronic equipment and medium - Google Patents

Authentication method, authentication device, electronic equipment and medium Download PDF

Info

Publication number
CN114584400B
CN114584400B CN202210463578.5A CN202210463578A CN114584400B CN 114584400 B CN114584400 B CN 114584400B CN 202210463578 A CN202210463578 A CN 202210463578A CN 114584400 B CN114584400 B CN 114584400B
Authority
CN
China
Prior art keywords
authentication
customer service
service end
server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210463578.5A
Other languages
Chinese (zh)
Other versions
CN114584400A (en
Inventor
李�杰
王忠新
聂晓磊
宋江涛
王明鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Webray Tech Beijing Co ltd
Original Assignee
Webray Tech Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Webray Tech Beijing Co ltd filed Critical Webray Tech Beijing Co ltd
Priority to CN202210463578.5A priority Critical patent/CN114584400B/en
Publication of CN114584400A publication Critical patent/CN114584400A/en
Application granted granted Critical
Publication of CN114584400B publication Critical patent/CN114584400B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an authentication method, an authentication device, electronic equipment and a medium, wherein the authentication method comprises the following steps: intercepting a first access request sent by a customer service side to a server; judging whether the customer service side is authenticated or not according to pre-stored authentication equipment information and customer service side equipment information; generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service side under the condition that the customer service side is not authenticated; acquiring an authentication request generated by a customer service end according to IP information and port information of an authentication system; and generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service end. The invention utilizes the two-dimension code technology to ensure that the customer service end can pass the authentication in time without the participation of an authentication system administrator, and has higher automation degree and high efficiency.

Description

Authentication method, authentication device, electronic equipment and medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an authentication method, an authentication apparatus, an electronic device, and a medium.
Background
The specific process of the HTTP server authentication is that when the Web server receives an HTTP request message, the server does not directly respond to the requested resource, but responds with an "authentication challenge" to request the user to provide some secret information to explain his identity. When the user initiates the request again, the security credentials (username and password) are attached. If not, the server may again challenge the customer service side or generate an error message. If the credentials match, the requested resource is returned. The intermediate "authentication challenge" is done by the authentication system.
At present, most authentication systems adopt a black and white list mode, authentication needs to be manually added to a customer service terminal address by an authentication system administrator, and then the customer service terminal can achieve the purpose of accessing a server.
Disclosure of Invention
The invention provides an authentication method, an authentication device, an electronic device and a medium, which are used for solving the problems.
The invention provides an authentication method, which is applied to an authentication system and comprises the following steps:
intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
judging whether the customer service side is authenticated or not according to pre-stored authentication equipment information and the customer service side equipment information;
under the condition that the customer service end is not authenticated, generating an HTTP response message corresponding to the first access request, and sending the HTTP response message to the customer service end; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
acquiring an authentication request generated by the customer service end according to the IP information and the port information of the authentication system;
generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service end; and the authentication result comprises configuration authority.
According to the authentication method provided by the invention, after the first access request sent by the client side to the server is intercepted, the method further comprises the following steps:
and generating a blocking response message according to the first access request, and sending the blocking response message to the server, so as to disconnect the communication between the customer service side and the server.
According to the authentication method provided by the invention, after the authentication result corresponding to the authentication request is generated by using the preset configuration rule and is sent to the customer service end, the method further comprises the following steps:
the customer service end equipment information is used as new authentication equipment information and is stored correspondingly to the authentication result;
correspondingly, after the determining whether the customer service end is authenticated according to the pre-stored authentication device information and the customer service end device information, the method further includes:
under the condition that the customer service end is authenticated, judging whether the first access request passes through according to the configuration authority in the authentication result corresponding to the customer service end equipment information;
in the case of passing the first access request, restoring the communication between the customer service side and the server so that the customer service side can access the server;
and sending the HTTP response message to the customer service terminal under the condition that the HTTP response message does not pass the first access request.
According to the authentication method provided by the invention, the preset configuration rule is the configuration of the identity of the customer service end, and the identity of the customer service end comprises an allowed access customer service end and a refused access customer service end; and/or
Configuring a customer service end IP address allowing to access the server; and/or
Configuring the time of a customer service side for accessing a server;
accordingly, the configuration authority includes the service end identity and/or the service end IP address allowing the server to be accessed and/or the time when the service end accesses the server.
According to the authentication method provided by the invention, the authentication system is a bypass authentication system and is connected between the customer service end and the server.
The invention also provides an authentication method, which is applied to a customer service end and comprises the following steps:
sending a first access request to a server, wherein the first access request comprises customer service end equipment information;
acquiring an HTTP response message generated by the authentication system according to the first access request under the condition that the customer service end is not authenticated, wherein the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of the authentication system;
generating an authentication request according to the customer service end equipment information, the IP information of the authentication system and the port information, and sending the authentication request to the authentication system;
acquiring an authentication result generated by the authentication system according to an authentication request and by using a preset configuration rule; and the authentication result comprises configuration authority.
According to the authentication method provided by the invention, after receiving the authentication result generated by the authentication system according to the authentication request and by using the preset configuration rule, the method further comprises the following steps:
sending a second access request to the server, and accessing the server under the condition that the authentication system passes the second access request;
and acquiring the HTTP response message under the condition that the authentication system does not pass a second access request.
The present invention also provides an authentication apparatus, which is applied to an authentication system, and includes:
the first access request intercepting module is used for intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
the authentication judgment module is used for judging whether the customer service side is authenticated or not according to pre-stored authentication equipment information and the customer service side equipment information;
the response message generation module is used for generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service side under the condition that the customer service side is not authenticated; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
the authentication request acquisition module is used for acquiring an authentication request generated by the customer service side according to the IP information and the port information of the authentication system;
the authentication result generation module is used for generating an authentication result corresponding to the authentication request by using a preset configuration rule and sending the authentication result to the customer service end; wherein, the authentication result comprises the configuration authority.
The invention also provides an authentication device, and the authentication method is applied to the customer service end and comprises the following steps:
the first access request sending module is used for sending a first access request to a server, wherein the first access request comprises customer service end equipment information;
the response message acquisition module is used for acquiring an HTTP response message generated by the authentication system according to the first access request under the condition that the customer service end is not authenticated, wherein the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of the authentication system;
the authentication request generating module is used for generating an authentication request according to the customer service end equipment information, the IP information of the authentication system and the port information and sending the authentication request to the authentication system;
the authentication result acquisition module is used for acquiring an authentication result generated by the authentication system according to an authentication request and by using a preset configuration rule; and the authentication result comprises configuration authority.
The present invention also provides an electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement any of the above-mentioned authentication methods.
The invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the authentication methods described above.
According to the authentication method, the authentication device, the electronic equipment and the medium, when the customer service end authenticates in the authentication system for the first time, the customer service end sends the authentication request to the authentication system by scanning the two-dimensional code containing the IP and the port information of the authentication system, the authentication system directly carries out authority configuration based on the authentication request, and a corresponding administrator does not need to add and authenticate the address of the customer service end after the authentication system intercepts the first access request. Therefore, compared with the traditional authentication method, the invention utilizes the two-dimension code technology to ensure that the customer service end can pass the authentication in time without the participation of an authentication system administrator, and has higher automation degree and high efficiency.
Drawings
In order to more clearly illustrate the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of an authentication method applied to an authentication system according to an embodiment of the present invention;
fig. 2 is a network deployment topology diagram provided by an embodiment of the present invention;
fig. 3 is a schematic flowchart of an authentication method applied to a customer service end according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating an authentication method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an authentication apparatus applied to an authentication system according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an authentication apparatus applied to a customer service end according to an embodiment of the present invention;
fig. 7 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
At present, most authentication systems adopt a black and white list mode, authentication needs to be manually added to a customer service terminal address by an authentication system administrator, and then the customer service terminal can achieve the purpose of accessing a server.
In addition, in most scenarios, if a device is added between the server and the client for authenticating the access address of the client, a serial connection mode is generally adopted to connect the authentication system between the client and the server in series, which does indeed achieve the purpose of authentication, but in some special scenarios, it is often not desirable to connect the authentication system or other devices in series, because once some faults occur in the serial connected devices, the server may not be accessed, or even other devices in the network may be affected.
In view of the foregoing problems, embodiments of the present invention provide an authentication method, an authentication apparatus, an electronic device, and a medium, which are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of an authentication method applied to an authentication system according to an embodiment of the present invention, and as shown in fig. 1, the authentication method applied to the authentication system includes the following steps:
s101, intercepting a first access request sent by a customer service end to a server.
The first access request comprises customer service end equipment information.
Specifically, when a user wants to access a certain Web server, an HTTP access request (i.e., a first access request) is sent to the Web server by starting a browser installed in a client, and the HTTP access request is intercepted by the authentication system, so as to perform an "authentication challenge" on the HTTP access request.
The first access request comprises TCP information and customer service end equipment information, and the customer service end equipment information specifically comprises a customer service end IP address.
And S102, judging whether the customer service end is authenticated or not according to pre-stored authentication equipment information and the customer service end equipment information.
The authentication system stores the information of the equipment which has completed authentication in advance. When the customer service end equipment information of the first access request exists in the pre-stored authentication equipment information, the customer service end is considered to be authenticated before; if the customer service end equipment information does not exist in the prestored authentication equipment information, the customer service end is considered to be not authenticated before, and an authentication system is required to perform authentication.
And S103, generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service side under the condition that the customer service side is not authenticated.
The HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system.
Specifically, when the customer service end is not authenticated, the authentication system generates an HTTP response message, the HTTP response message corresponds to the first access request, the HTTP response message includes an authentication two-dimensional code, and the authentication two-dimensional code carries IP information and port information of the authentication system.
Html, and the authentication two-dimensional code is accompanied by data packet source IP information (namely IP information corresponding to the first access request), an authentication system IP address, an authentication system port and customer service equipment related information. The IP address and the port of the authentication system are used for providing authentication service for the customer service end.
The HTTP response message is generated according to the TCP information and the customer service end device information in the first access request, and a corresponding response code is 200.
When the authentication system returns the HTTP response message to the customer service end, the authentication two-dimensional code appears on a browser of the customer service end.
S104, acquiring an authentication request generated by the customer service end according to the IP information and the port information of the authentication system.
Specifically, code scanning software is pre-installed in the customer service end, after an HTTP response message returned by the authentication system is obtained, the authentication two-dimensional code is scanned by the code scanning software, so that IP information and port information of the authentication system in the authentication two-dimensional code are obtained, an authentication request is sent to the authentication system by the IP information and the port information of the authentication system, and the authentication request is obtained by the authentication system.
And S105, generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service side.
Wherein, the authentication result comprises the configuration authority.
Specifically, the authentication system is configured with a relevant policy for configuring the authority of the customer service end, for example, the customer service end allowed to access is controlled according to the region where the server IP is located, the server request device, the timeout time, and the like. And carrying out authority configuration on the customer service side by using a preset configuration rule to obtain a configuration authority, generating an authentication result based on the configuration authority, and sending the authentication result to the customer service side.
According to the authentication method provided by the embodiment of the invention, when the customer service side authenticates in the authentication system for the first time, the customer service side sends the authentication request to the authentication system by scanning the two-dimensional code which is generated by the authentication system and contains the IP and the port information of the authentication system, and the authentication system directly carries out authority configuration based on the authentication request without considering that the customer service side address is added and authenticated after the authentication system intercepts the first access request. Therefore, compared with the traditional authentication method, the invention utilizes the two-dimension code technology to ensure that the customer service end can pass the authentication in time without the participation of an authentication system administrator, and has higher automation degree and high efficiency.
Further, after intercepting the first access request sent by the customer service end to the server, the method further comprises:
and generating a blocking response message according to the first access request, and sending the blocking response message to the server, thereby disconnecting the communication between the customer service side and the server.
Specifically, after the handshake between the client and the server is successful, each time the bypass authentication system detects an access request packet of the client, it constructs an RST response packet (blocking response packet) according to the relevant TCP information of the access request packet, and returns the RST response packet to the server. At this time, from the perspective of the server, the connection between the server and the client is already interrupted (i.e. the communication is disconnected); and from the perspective of the customer service end, the connection between the customer service end and the service end is still normal.
It should be noted that, because the HTTP protocol is based on TCP, the authentication system needs to use a TCP connection request sent by the customer service end to push the HTTP response message containing the authentication two-dimensional code to the browser of the customer service end. In addition, the bypass authentication system hijacks the session when the customer service end sends a request message after three-way handshake, namely the authentication system firstly sends an RST message to the server, so that the server feels that the session is ended, the communication between the authentication system and the customer service end is disconnected, and then the bypass authentication system simulates the server to send an HTTP response message to the customer service end.
According to the authentication method provided by the embodiment of the invention, the authentication system sends the RST response message to the server after intercepting the first access request, so that the communication between the customer service side and the server is interrupted, and the safety of the server is ensured.
Further, after the authentication result corresponding to the authentication request is generated by using the preset configuration rule and is sent to the customer service end, the method further includes:
and taking the customer service end equipment information as new authentication equipment information and storing the new authentication equipment information corresponding to the authentication result.
Specifically, after the authentication system passes the authentication request of the customer service end, the address of the customer service end is loaded into the authentication system, the authenticated customer service end equipment information is used as new authentication equipment information, the new authentication equipment information is stored, and meanwhile, the corresponding authentication result and the new authentication equipment information are correspondingly stored.
Correspondingly, after the determining whether the customer service end is authenticated according to the pre-stored authentication device information and the customer service end device information, the method further comprises:
under the condition that the customer service end is authenticated, judging whether the first access request passes through according to the configuration authority in the authentication result corresponding to the customer service end equipment information;
in the case of passing the first access request, restoring the communication between the customer service side and the server so that the customer service side can access the server;
and sending the HTTP response message to the customer service end under the condition that the first access request is not passed.
Specifically, if the customer service end is authenticated in the authentication system, the authentication system directly finds the corresponding authentication device information and the corresponding authentication result in the pre-stored authentication device information according to the customer service end device information in the first access request after intercepting the first access request. Determining whether the first access request passes according to the configuration authority in the authentication result, for example, if the configuration authority sets the customer service side to refuse to access the customer service side, the first access request does not pass; if the access time of the customer service side is set as permanent access in the configuration permission, the first access request is directly passed; if the time for the customer service side to access the service side is set in the configuration permission, the first access request is not passed when the access time is exceeded, and the first access request is passed within the preset time.
When the authentication system passes the first access request, the customer service end can directly access the server by refreshing the browser, and at the moment, the authentication system recovers the communication between the customer service end and the server.
When the authentication system does not pass the first access request, the authentication system returns a response of authentication failure to the customer service end, and the customer service end scans the two-dimensional code corresponding to the response of authentication failure through code scanning software.
It should be noted that, after the authentication system fails to pass the first access request, if the customer service end user still wants to access the server and re-generates the first access request by refreshing the browser on the customer service end, the authentication system still returns the HTTP response message including the authentication two-dimensional code, thereby prompting that the customer service end user fails in authentication and does not have an authority to access the relevant server.
According to the authentication method provided by the embodiment of the invention, under the condition that the customer service end is authenticated by the authentication system, the authentication system automatically judges whether the first access request passes or not according to the authentication result corresponding to the first access request, so that the labor cost is reduced, and automatic authentication is realized.
Further, the preset configuration rule is to configure the identity of the customer service end, and the identity of the customer service end comprises an allowed customer service end and a denied customer service end; and/or
Configuring a customer service end IP address allowing to access the server; and/or
Configuring the time of a customer service side for accessing a server;
accordingly, the configuration authority includes the service end identity and/or the service end IP address allowing the server to be accessed and/or the time when the service end accesses the server.
Specifically, the preset configuration rule includes: configuring the identity of a customer service end, namely setting the access authority of the customer service end as permission or denial of access; configuring the IP address of the client side allowing access to the server, i.e. which client side in the IP range is considered to have access to the server, for example: configuring a source IP (namely a customer service end IP address) of 1.1.1.1 to be incapable of accessing the server, and a source IP of 2.2.2.2 to be capable of accessing the server, so that when the IP of 1.1.1.1 is found to request, the two-dimensional code is directly returned (until the rule is overtime and the rule is aged), and if the message of 2.2.2.2 is found, no action is made, and the message is directly released, so that the user can obtain system resources; the time for the customer service end to access the server is configured, for example, the customer service end is set to be permanently accessed, or the customer service end can be accessed within a certain time, and after the time is exceeded, the customer service end cannot be accessed.
According to the authentication method provided by the embodiment of the invention, the authority configuration is carried out on the customer service side authenticated in the authentication system for the first time, so that the automatic authentication can be realized only through the two-dimension code in the subsequent authentication process, and the efficiency is improved.
Furthermore, the authentication system is a bypass authentication system, and is connected between the customer service end and the server in a bypass mode.
Fig. 2 is a network deployment topology diagram provided by an embodiment of the present invention; as shown in fig. 2, the customer service end and the server communicate with each other through the switch, the bypass authentication system is connected to the switch and can mirror the traffic on the switch, and the bypass authentication system implements the authentication method based on the mirrored traffic.
A bypass authentication system is deployed between a client and a server, in the communication process of the client and the server, a Transmission Control Protocol (TCP) is used for establishing connection between the client and the server, then the authentication system forges RST data (one of six marking bits in a TCP header represents reset connection and reset connection) and sends RST messages to the client and the server to disconnect the connection between the client and the server, and therefore the purpose of blocking communication between the client and the server is achieved.
According to the authentication method provided by the embodiment of the invention, the authentication system is connected between the customer service end and the server in a bypass mode instead of being connected in series in the network environment, so that other equipment in the whole network environment cannot be influenced even if any equipment fails, and the stability is improved.
Fig. 3 is a schematic flowchart of an authentication method applied to a customer service end according to an embodiment of the present invention, and as shown in fig. 3, the authentication method applied to the customer service end includes the following steps:
s201, sending a first access request to a server, wherein the first access request comprises customer service end equipment information.
Specifically, when a customer service end user accesses the server, the browser is opened to send an access request (here, a first access request) to the server, where the first access request includes TCP information and customer service end device information, and the customer service end device information specifically includes information such as a customer service end IP address.
S202, obtaining an HTTP response message generated by the authentication system according to the first access request under the condition that the customer service terminal is not authenticated.
The HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system.
Specifically, the authentication system judges whether the customer service end is authenticated according to the customer service end device information in the first access request, generates an HTTP response message corresponding to the first access request under the condition that the customer service end is not authenticated, and sends the HTTP response message to the customer service end, wherein the HTTP response message includes an authentication two-dimensional code, and the authentication two-dimensional code carries the IP information and the port information of the authentication system.
S203, generating an authentication request according to the customer service end equipment information, the IP information of the authentication system and the port information, and sending the authentication request to the authentication system.
Specifically, code scanning software (or a WeChat applet) is pre-installed in the customer service end, after an HTTP response message returned by the authentication system is obtained, the authentication two-dimensional code is scanned by using the code scanning software, so that IP information and port information of the authentication system in the authentication two-dimensional code are obtained, and an authentication request is sent to the authentication system by using the IP information and the port information of the authentication system.
And S204, acquiring an authentication result generated by the authentication system according to the authentication request and by using a preset configuration rule.
And the authentication result comprises configuration authority.
Specifically, after the authentication system obtains the authentication request, the authentication system configures the access right of the customer service end according to a preset configuration rule, so that an authentication result is obtained and sent to the customer service end, and the customer service end obtains the authentication result, so that the authentication system can directly judge whether the access request passes through according to the authentication result when the server is accessed subsequently.
According to the authentication method provided by the embodiment of the invention, when the customer service side authenticates in the authentication system for the first time, the customer service side sends the authentication request to the authentication system by scanning the two-dimensional code containing the IP and the port information of the authentication system, which is generated by the authentication system, and the authentication system directly carries out authority configuration based on the authentication request without adding and authenticating the address of the customer service side by considering a corresponding administrator after the authentication system intercepts the first access request. Therefore, compared with the traditional authentication method, the invention utilizes the two-dimension code technology to ensure that the customer service end can pass the authentication in time, does not need the participation of an authentication system administrator, and has higher automation degree and high efficiency.
Further, after receiving an authentication result generated by the authentication system according to the authentication request and by using a preset configuration rule, the method further comprises:
sending a second access request to the server, and accessing the server under the condition that the authentication system passes the second access request;
and under the condition that the authentication system does not pass a second access request, acquiring the HTTP response message.
Specifically, after the customer service end receives the authentication result, a second access request is sent out in a browser page refreshing mode, under the condition, the authentication system can judge whether the second access request passes through the authentication result corresponding to the second access request, if the corresponding authentication result is that access is allowed, the second access request directly passes through, and at the moment, communication between the customer service end and the server is recovered; and if the corresponding authentication result is access refusal, the server side obtains the HTTP response message including the authentication two-dimensional code again.
According to the authentication method provided by the embodiment of the invention, the labor cost is reduced by utilizing a two-dimension code authentication mechanism, the automatic authentication is realized, and the efficiency is improved.
The following describes an authentication apparatus provided by the present invention, and the authentication apparatus described below and the authentication method described above may be referred to in correspondence with each other.
Fig. 4 is a flowchart illustrating an authentication method according to an embodiment of the present invention.
In another embodiment, an authentication method is shown in fig. 4, and includes the following steps:
s301, the customer service end sends an access request to a server;
s302, the authentication system detects the access request message, if the access request message is a first request, the authentication system cannot inquire the corresponding customer service end equipment information, and the step S303 is executed; otherwise, go to step S307;
s303, the authentication system sends a blocking message to the server and returns the two-dimension code to the customer service end;
s304, the customer service end scans the two-dimensional code and sends an authentication request to an authentication system;
s305, the authentication system sets the customer service terminal as allowing access or refusing access according to a preset administrator configuration rule, sets the authority such as overtime and the like, and sends a configuration result serving as an authentication result to the customer service terminal;
s306, the customer service side accesses the server again and sends out an access request for the second time;
s307, the authentication system carries out inquiry judgment according to the access request sent for the second time, and if the access request is allowed, the access request sent for the second time is released; and if the access is denied, blocking the access request sent for the second time and returning the two-dimensional code.
According to the authentication method provided by the embodiment of the invention, when the customer service side authenticates in the authentication system for the first time, the customer service side sends the authentication request to the authentication system by scanning the two-dimensional code containing the IP and the port information of the authentication system, which is generated by the authentication system, and the authentication system directly carries out authority configuration based on the authentication request without adding and authenticating the address of the customer service side by considering a corresponding administrator after the authentication system intercepts the first access request. Therefore, compared with the traditional authentication method, the invention utilizes the two-dimension code technology to ensure that the customer service end can pass the authentication in time, does not need the participation of an authentication system administrator, and has higher automation degree and high efficiency.
Fig. 5 is a schematic structural diagram of an authentication device applied to an authentication system according to an embodiment of the present invention, and as shown in fig. 5, the authentication device applied to the authentication system includes:
a first access request intercepting module 501, configured to intercept a first access request sent by a client to a server.
Wherein the first access request comprises customer service end equipment information.
In this module, when a user wants to access a certain Web server, an HTTP access request (i.e., a first access request) is sent to the Web server by starting a browser installed in a client, and an authentication system intercepts the HTTP access request and performs an "authentication challenge" on the HTTP access request.
The first access request comprises TCP information and customer service end equipment information, and the customer service end equipment information specifically comprises a customer service end IP address.
The authentication judgment module 502 is configured to judge whether the customer service end is authenticated according to pre-stored authentication device information and the customer service end device information.
In this module, the authentication system stores in advance the information of the device that has completed authentication. When the customer service end equipment information of the first access request exists in the pre-stored authentication equipment information, the customer service end is considered to be authenticated before; if the customer service end equipment information does not exist in the prestored authentication equipment information, the customer service end is considered to be not authenticated before, and an authentication system is required to perform authentication.
The response message generating module 503 is configured to generate an HTTP response message corresponding to the first access request and send the HTTP response message to the customer service end when the customer service end is not authenticated.
The HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system.
In the module, when the customer service end is not authenticated, the authentication system generates an HTTP response message, the HTTP response message corresponds to the first access request, the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code carries IP information and port information of the authentication system.
Html, and the authentication two-dimensional code is accompanied by data packet source IP information (namely IP information corresponding to the first access request), an authentication system IP address, an authentication system port and customer service terminal equipment related information. The IP address and the port of the authentication system are used for providing authentication service for the customer service end.
The HTTP response message is generated according to the TCP information and the customer service end device information in the first access request, and a corresponding response code is 200.
When the authentication system returns the HTTP response message to the customer service end, the authentication two-dimensional code appears on the browser of the customer service end.
An authentication request obtaining module 504, configured to obtain an authentication request generated by the customer service end according to the IP information and the port information of the authentication system.
In the module, code scanning software is pre-installed in a customer service end, after an HTTP response message returned by an authentication system is acquired, the code scanning software is used for scanning the authentication two-dimensional code, so that IP information and port information of the authentication system in the authentication two-dimensional code are acquired, an authentication request is sent to the authentication system by using the IP information and the port information of the authentication system, and the authentication request is acquired by the authentication system.
And the authentication result generating module 505 is configured to generate an authentication result corresponding to the authentication request by using a preset configuration rule, and send the authentication result to the customer service end.
Wherein, the authentication result comprises the configuration authority.
In this module, the authentication system is configured with a relevant policy for configuring the authority of the customer service end, for example, the customer service end allowed to access is controlled according to the region where the server IP is located, the server request device, the timeout time, and the like. And carrying out authority configuration on the customer service terminal by using a preset configuration rule to obtain a configuration authority, generating an authentication result based on the configuration authority, and sending the authentication result to the customer service terminal.
The authentication device provided by the embodiment of the invention has the advantages that the customer service end can pass the authentication in time by utilizing the two-dimensional code technology, the participation of an authentication system administrator is not needed, the automation degree is higher, and the efficiency is high.
Fig. 6 is a schematic structural diagram of an authentication device applied to a customer service end according to an embodiment of the present invention, and as shown in fig. 6, the authentication device applied to the customer service end includes:
the first access request sending module 601 is configured to send a first access request to a server, where the first access request includes customer service end device information.
In this module, when a customer service end user accesses a server, a browser is opened to send an access request (here, a first access request) to the server, where the first access request includes TCP information and customer service end device information, and the customer service end device information specifically includes information such as a customer service end IP address.
A response message obtaining module 602, configured to obtain an HTTP response message generated by the authentication system according to the first access request when the client is not authenticated.
The HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system.
In the module, the authentication system judges whether the customer service end is authenticated according to the customer service end equipment information in the first access request, generates an HTTP response message corresponding to the first access request under the condition that the customer service end is not authenticated, and sends the HTTP response message to the customer service end, wherein the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code bears the IP information and the port information of the authentication system.
An authentication request generating module 603, configured to generate an authentication request according to the customer service device information, the IP information of the authentication system, and the port information, and send the authentication request to the authentication system.
In the module, code scanning software (or a WeChat applet) is pre-installed in a customer service end, after an HTTP response message returned by an authentication system is obtained, the code scanning software is used for scanning the authentication two-dimensional code, so that IP information and port information of the authentication system in the authentication two-dimensional code are obtained, and an authentication request is sent to the authentication system by using the IP information and the port information of the authentication system.
An authentication result obtaining module 604, configured to obtain an authentication result generated by the authentication system according to the authentication request and by using a preset configuration rule.
Wherein, the authentication result comprises the configuration authority.
In the module, after the authentication system acquires the authentication request, the access authority of the customer service end is configured according to the preset configuration rule, so that the authentication result is obtained and sent to the customer service end, and the customer service end acquires the authentication result, so that the authentication system can directly judge whether the access request passes according to the authentication result when the server is accessed subsequently.
According to the authentication device provided by the embodiment of the invention, the customer service end can pass the authentication in time by using the two-dimensional code technology, and the participation of an authentication system administrator is not required, so that the degree of automation is higher and the efficiency is high.
Fig. 7 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 7, the electronic device may include: a processor (processor)710, a communication Interface (Communications Interface)720, a memory (memory)730, and a communication bus 740, wherein the processor 710, the communication Interface 720, and the memory 730 communicate with each other via the communication bus 740. The processor 710 may call the logic instructions in the memory 730 to execute the authentication method, which is implemented in the above embodiments, and the authentication method is applied to the authentication system, and includes:
intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
judging whether the customer service end is authenticated or not according to prestored authentication equipment information and the customer service end equipment information;
generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service side under the condition that the customer service side is not authenticated; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
acquiring an authentication request generated by the customer service side according to the IP information and the port information of the authentication system;
generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service end; wherein, the authentication result comprises the configuration authority.
In addition, the logic instructions in the memory 730 can be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product includes a computer program, the computer program can be stored on a non-transitory computer readable storage medium, when the computer program is executed by a processor, the computer can be used to execute an authentication method, the method is based on the implementation in the above embodiment, the authentication method is applied to an authentication system, and includes:
intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
judging whether the customer service end is authenticated or not according to prestored authentication equipment information and the customer service end equipment information;
generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service side under the condition that the customer service side is not authenticated; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
acquiring an authentication request generated by the customer service side according to the IP information and the port information of the authentication system;
generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service side; and the authentication result comprises configuration authority.
In another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, the computer program being implemented by a processor to execute the methods provided by the above methods to perform an authentication method, the method being implemented according to the above embodiments, the authentication method applied to an authentication system and including:
intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
judging whether the customer service end is authenticated or not according to prestored authentication equipment information and the customer service end equipment information;
under the condition that the customer service end is not authenticated, generating an HTTP response message corresponding to the first access request, and sending the HTTP response message to the customer service end; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
acquiring an authentication request generated by the customer service end according to the IP information and the port information of the authentication system;
generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service side; and the authentication result comprises configuration authority.
The above-described embodiments of the apparatus are merely illustrative, and units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An authentication method, applied to an authentication system, includes:
intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
judging whether the customer service end is authenticated or not according to prestored authentication equipment information and the customer service end equipment information;
generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service side under the condition that the customer service side is not authenticated; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
acquiring an authentication request generated by the customer service end according to the IP information and the port information of the authentication system after the customer service end scans the authentication two-dimensional code;
generating an authentication result corresponding to the authentication request by using a preset configuration rule, and sending the authentication result to the customer service side; wherein, the authentication result contains the configuration authority;
the preset configuration rule is that the identity of a customer service end is configured, and the identity of the customer service end comprises an allowed access customer service end and a refused access customer service end; and/or
Configuring a customer service end IP address allowing to access the server; and/or
Configuring the time of a customer service end for accessing a server;
correspondingly, the configuration authority comprises the identity of the client side and/or the IP address of the client side allowing to access the server and/or the time of the client side accessing the server.
2. The authentication method according to claim 1, wherein after intercepting the first access request sent by the client to the server, the method further comprises:
and generating a blocking response message according to the first access request, and sending the blocking response message to the server, thereby disconnecting the communication between the customer service side and the server.
3. The authentication method according to claim 2, wherein after the generating an authentication result corresponding to the authentication request by using the preset configuration rule and sending the authentication result to the customer service end, the method further comprises:
the customer service end equipment information is used as new authentication equipment information and is stored correspondingly to the authentication result;
correspondingly, after the determining whether the customer service end is authenticated according to the pre-stored authentication device information and the customer service end device information, the method further includes:
under the condition that the customer service end is authenticated, judging whether the first access request passes through according to the configuration authority in the authentication result corresponding to the customer service end equipment information;
restoring the communication between the customer service side and the server under the condition of passing the first access request so that the customer service side can access the server;
and sending the HTTP response message to the customer service terminal under the condition that the HTTP response message does not pass the first access request.
4. The authentication method according to claim 1, wherein the authentication system is a bypass authentication system, and is bypassed between the customer service end and the server.
5. An authentication method, which is applied to a customer service end, includes:
sending a first access request to a server, wherein the first access request comprises customer service end equipment information;
acquiring an HTTP response message generated by the authentication system according to the first access request under the condition that the customer service end is not authenticated, wherein the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of the authentication system;
generating an authentication request according to the customer service end equipment information, the IP information of the authentication system obtained by scanning the authentication two-dimensional code and the port information, and sending the authentication request to the authentication system;
acquiring an authentication result generated by the authentication system according to an authentication request and by using a preset configuration rule; the authentication result comprises configuration authority;
the preset configuration rule is to configure the identity of a customer service end, and the identity of the customer service end comprises an allowed customer service end and a denied customer service end; and/or
Configuring a customer service end IP address allowing to access the server; and/or
Configuring the time of a customer service side for accessing a server;
correspondingly, the configuration authority comprises the identity of the client side and/or the IP address of the client side allowing to access the server and/or the time of the client side accessing the server.
6. The authentication method according to claim 5, wherein after receiving an authentication result generated by the authentication system according to an authentication request and using a preset configuration rule, the method further comprises:
sending a second access request to the server, and accessing the server under the condition that the authentication system passes the second access request;
and acquiring the HTTP response message under the condition that the authentication system does not pass a second access request.
7. An authentication apparatus, which is applied to an authentication system, comprising:
the first access request intercepting module is used for intercepting a first access request sent by a customer service end to a server, wherein the first access request comprises customer service end equipment information;
the authentication judgment module is used for judging whether the customer service end is authenticated or not according to prestored authentication equipment information and the customer service end equipment information;
the response message generation module is used for generating an HTTP response message corresponding to the first access request and sending the HTTP response message to the customer service end under the condition that the customer service end is not authenticated; the HTTP response message comprises an authentication two-dimensional code, and the authentication two-dimensional code comprises IP information and port information of an authentication system;
the authentication request acquisition module is used for acquiring an authentication request generated by the customer service side according to the IP information and the port information of the authentication system after scanning the authentication two-dimensional code;
the authentication result generation module is used for generating an authentication result corresponding to the authentication request by using a preset configuration rule and sending the authentication result to the customer service end; the authentication result comprises configuration authority;
the preset configuration rule is that the identity of a customer service end is configured, and the identity of the customer service end comprises an allowed access customer service end and a refused access customer service end; and/or
Configuring a customer service end IP address allowing to access the server; and/or
Configuring the time of a customer service end for accessing a server;
correspondingly, the configuration authority comprises the identity of the client side and/or the IP address of the client side allowing to access the server and/or the time of the client side accessing the server.
8. An authentication device, wherein the authentication method is applied to a customer service end, and comprises:
the first access request sending module is used for sending a first access request to a server, wherein the first access request comprises customer service end equipment information;
a response message acquisition module, configured to acquire an HTTP response message generated by the authentication system according to the first access request when the customer service end is not authenticated, where the HTTP response message includes an authentication two-dimensional code, and the authentication two-dimensional code includes IP information and port information of the authentication system;
the authentication request generation module is used for generating an authentication request according to the customer service end equipment information, the IP information and the port information of the authentication system obtained after the authentication two-dimensional code is scanned, and sending the authentication request to the authentication system;
the authentication result acquisition module is used for acquiring an authentication result generated by the authentication system according to the authentication request and by using a preset configuration rule; the authentication result comprises configuration authority;
the preset configuration rule is to configure the identity of a customer service end, and the identity of the customer service end comprises an allowed customer service end and a denied customer service end; and/or
Configuring a customer service end IP address allowing to access the server; and/or
Configuring the time of a customer service side for accessing a server;
accordingly, the configuration authority includes the service end identity and/or the service end IP address allowing the server to be accessed and/or the time when the service end accesses the server.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the authentication method of any one of claims 1-4 or 5-6 when executing the program.
10. A non-transitory computer-readable storage medium on which a computer program is stored, the computer program, when being executed by a processor, implementing the authentication method according to any one of claims 1-4 or 5-6.
CN202210463578.5A 2022-04-29 2022-04-29 Authentication method, authentication device, electronic equipment and medium Active CN114584400B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210463578.5A CN114584400B (en) 2022-04-29 2022-04-29 Authentication method, authentication device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210463578.5A CN114584400B (en) 2022-04-29 2022-04-29 Authentication method, authentication device, electronic equipment and medium

Publications (2)

Publication Number Publication Date
CN114584400A CN114584400A (en) 2022-06-03
CN114584400B true CN114584400B (en) 2022-07-26

Family

ID=81779221

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210463578.5A Active CN114584400B (en) 2022-04-29 2022-04-29 Authentication method, authentication device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN114584400B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710658A (en) * 2012-06-20 2012-10-03 深圳市宏电技术股份有限公司 Information push method and system
CN105873055A (en) * 2016-04-18 2016-08-17 北京网康科技有限公司 Wireless network access authentication method and device
CN109428893A (en) * 2018-12-25 2019-03-05 武汉思普崚技术有限公司 A kind of identity identifying method, apparatus and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180295137A1 (en) * 2017-04-06 2018-10-11 Iconix, Inc. Techniques for dynamic authentication in connection within applications and sessions

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710658A (en) * 2012-06-20 2012-10-03 深圳市宏电技术股份有限公司 Information push method and system
CN105873055A (en) * 2016-04-18 2016-08-17 北京网康科技有限公司 Wireless network access authentication method and device
CN109428893A (en) * 2018-12-25 2019-03-05 武汉思普崚技术有限公司 A kind of identity identifying method, apparatus and system

Also Published As

Publication number Publication date
CN114584400A (en) 2022-06-03

Similar Documents

Publication Publication Date Title
US10356612B2 (en) Method of authenticating a terminal by a gateway of an internal network protected by an access security entity providing secure access
EP1872558B1 (en) Connecting vpn users in a public network
US8266681B2 (en) System and method for automatic network logon over a wireless network
US8589675B2 (en) WLAN authentication method by a subscriber identifier sent by a WLAN terminal
EP1834465B1 (en) Remote access system and method for enabling a user to remotely access a terminal equipment from a subscriber terminal
US7142851B2 (en) Technique for secure wireless LAN access
US7568107B1 (en) Method and system for auto discovery of authenticator for network login
KR101414312B1 (en) Policy driven, credntial delegat10n for single sign on and secure access to network resources
US7568092B1 (en) Security policy enforcing DHCP server appliance
US9344417B2 (en) Authentication method and system
WO2009037700A2 (en) Remote computer access authentication using a mobile device
CN110266642A (en) Identity identifying method and server, electronic equipment
CN114995214A (en) Method, system, device, equipment and storage medium for remotely accessing application
CN116346375A (en) Access control method, access control system, terminal and storage medium
CN111031540B (en) Wireless network connection method and computer storage medium
CN114584400B (en) Authentication method, authentication device, electronic equipment and medium
CN107770117A (en) A kind of safe network access control method
CN116488868A (en) Server security access method, device and storage medium
US7631344B2 (en) Distributed authentication framework stack
CN114374529A (en) Resource access method, device, system, electronic device, medium, and program
CN113596823A (en) Slice network protection method and device
CN102244663B (en) User identification method and system based on transmission control protocol (TCP) data packet construction technology
CN113765905B (en) Data communication method based on trusted service agent
CN113347190B (en) Authentication method, system, slave station server, client, device and medium
JP2023081604A (en) Authentication system, authentication terminal, authentication server, and authentication program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant