CN101997686A - Method for acquiring MAC user authentication by spanning firewall through Activex - Google Patents
Method for acquiring MAC user authentication by spanning firewall through Activex Download PDFInfo
- Publication number
- CN101997686A CN101997686A CN2009101841450A CN200910184145A CN101997686A CN 101997686 A CN101997686 A CN 101997686A CN 2009101841450 A CN2009101841450 A CN 2009101841450A CN 200910184145 A CN200910184145 A CN 200910184145A CN 101997686 A CN101997686 A CN 101997686A
- Authority
- CN
- China
- Prior art keywords
- activex
- mac address
- client
- machine
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention relates to actual application of Activex technology in the public security and traffic management industry. An MAC (media access control) address of a WEB remote machine is accurately acquired by the Activex technology so as to determine that the remote computer is an authentication validity computer, and an operator of the remote computer is confirmed through a user password. The special person and special machine security purpose of the operator and the operated machine is fulfilled.
Description
Technical field
The present invention relates to the practical application of Activex technology in public security traffic control industry, in the B/S development structure, realize obtaining the MAC Address of remote client's machine by the Activex technology, can see through the MAC Address that fire compartment wall and router get access to client machine accurately, utilize this unique MAC Address and client's account number cipher binding again, determine special messenger's special plane of login user, reach the purpose of secure access.
Background technology
MAC (Media Access Control, medium access control) MAC Address is that burning is at Network Interface Card (network interface card, NIC) the .MAC address of lining, also be hardware address, be by 48 bit long (6 byte), it is to distribute the .24-47 position by producer oneself that the numeral of 16 systems is formed the .0-23 position, is called to organize unique identifier (organizationally unique is the sign of identification LAN (innings .MAC territory net) node.Wherein the 40th is the multicast address flag bit.The physical address of network interface card is normally by the EPROM (a kind of flash chip usually can be erasable by program) of the burned network interface card of network interface card manufacturer, and what its was stored is really to rely when transmitting data to identify computer that sends data and the address that receives the main frame of data.
That is to say, in the physical transfer process of network bottom layer, discern main frame by physical address, it generally also is globally unique.Such as, famous Ethernet card, its physical address are the integers of 48bit (bit), as: 44-45-53-54-00-00 deposits in the host interface in machine-readable mode.Ethernet address management organization (IEEE) is with ethernet address, just the various combination of 48 bits is divided into some independently continuation address groups, and the producer of production ethernet nic just buys wherein one group, during concrete production, give Ethernet card with unique address one by one.
Vivid says that MAC Address has global uniqueness just as the ID card No. on our identity card.
The effect of identity card on ordinary days is not very big, but to the crucial moment that has, identity card is used for proving your identity.To go to bank to extract cash such as you, at this moment will use identity card.MAC Address and IP address binding are just done the reason of important thing as our identity card that carries oneself in person in daily life so.Sometimes, we are stolen in order to prevent the IP address, just by simple switch ports themselves binding (the MAC table of port uses static entry), can under only connecting the situation of a main frame, each switch ports themselves prevent to revise usurping of MAC Address, if three-layer equipment can also provide: switch ports themselves/IP/MAC three's binding prevents that the IP that revises MAC from usurping.General binding MAC address all disposes on switch and router, is that the webmaster personnel just can touch, as long as understood the effect of binding for general computer user.In campus network the notebook computer of oneself is changed to the another one dormitory such as you and just can't surf the Net, this causes because MAC Address and IP address (port) are bound.
Summary of the invention
The objective of the invention is to: at the characteristics of Activex technology, the Activex module is joined in the B/S structure, obtain the MAC Address of remote client's machine, use the MAC Address of client machine again, add the username and password that the client imports, can finish triple verifications.
Embodiment
Embodiment one
The online Health Certificate system of submitting to, this system adopts the development mode of B/S, on server, issue native system, each client does not need to install any control, directly can operate system with IE browser login native system, mode so conveniently causes the uncontrollable factor of client simultaneously.Because native system relates to the driving license information uploading of public security system, the checking of customer to customer end need reach the purpose of special messenger's special plane.Simple IP address is divided again can't firewall-penetrating, so adopt Activex module firewall-penetrating to obtain the purpose that the remote machine MAC Address reaches the visit of user side special messenger special plane.
The process of present embodiment is:
At first in database side maintenance customer name, password and client NIC MAC Address.
Secondly behind the client login system, system will take out this machine MAC Address, allow the client input login user name and password simultaneously, submit to and do authentication.When confirming that user name, password and MAC Address three do not have the system of being allowed for access of causing delay.
Claims (2)
1. at the characteristics of Activex technology, can say that the Activex module is installed in the webpage of B/S structure.Activex can obtain the higher operating right of ratio of remote system at remote computer, so just can reach long-range requirement of obtaining the machine MAC Address.
2. according to claim 1 the Activex module is joined in the B/S structure, obtain the MAC Address of remote client's machine, use the MAC Address of client machine again, add the username and password that the client imports, can finish triple verifications.Utilize this unique MAC Address and client's account number cipher binding again, determine special messenger's special plane of login user, reach the order of secure access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101841450A CN101997686A (en) | 2009-08-25 | 2009-08-25 | Method for acquiring MAC user authentication by spanning firewall through Activex |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101841450A CN101997686A (en) | 2009-08-25 | 2009-08-25 | Method for acquiring MAC user authentication by spanning firewall through Activex |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101997686A true CN101997686A (en) | 2011-03-30 |
Family
ID=43787334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101841450A Pending CN101997686A (en) | 2009-08-25 | 2009-08-25 | Method for acquiring MAC user authentication by spanning firewall through Activex |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101997686A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468676A (en) * | 2013-09-25 | 2015-03-25 | 江苏智软信息科技有限公司 | Method for obtaining MAC address of user by crossing fire wall through Activex |
| CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
| CN105306407A (en) * | 2014-05-29 | 2016-02-03 | 中国移动通信集团云南有限公司 | User account number login method and device |
-
2009
- 2009-08-25 CN CN2009101841450A patent/CN101997686A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468676A (en) * | 2013-09-25 | 2015-03-25 | 江苏智软信息科技有限公司 | Method for obtaining MAC address of user by crossing fire wall through Activex |
| CN105306407A (en) * | 2014-05-29 | 2016-02-03 | 中国移动通信集团云南有限公司 | User account number login method and device |
| CN105306407B (en) * | 2014-05-29 | 2019-09-27 | 中国移动通信集团云南有限公司 | User account login method and device |
| CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111414210B (en) | Method, apparatus and computer readable storage medium for generating side chains based on main chains | |
| CN101518023B (en) | Apparatuses and methods for authenticating voice and data devices on the same port | |
| CN102271132B (en) | Control method and system for network access authority and client | |
| CN100405796C (en) | Admittance control method for IPv6 switch-in network true source address access | |
| CN100496038C (en) | Method for implementing experimental system of firewall under multiple user's remote concurrency control in large scale | |
| CN107209659A (en) | Mobile authentication in mobile virtual network | |
| CN101888389B (en) | Method and system for realizing uniform authentication of ICP union | |
| CN101355557B (en) | Method and system for implementing network access control in MPLS/VPN network | |
| CN101207613A (en) | Method, system and apparatus for authentication of striding network area information communication | |
| CN103414709A (en) | User identity binding and user identity binding assisting method and device | |
| CN107534645A (en) | Main frame authentication storage | |
| JP2011107796A (en) | Device and system for effectively using a plurality of authentication servers | |
| CN104408777B (en) | Internet attendance management system and method based on P2P communication realized by NAT traversal | |
| CN105071945A (en) | Network terminal address bulk binding method based on interchanger technology | |
| CN103051643B (en) | Fictitious host computer secure connection dynamic establishing method and system under cloud computing environment | |
| CN101436923A (en) | Method, equipment and network system for synchronizing clock | |
| CN103428211A (en) | Network authentication system on basis of switchboards and authentication method for network authentication system | |
| US20150215301A1 (en) | Authentication of a First Device by a Switching Center | |
| CN101997686A (en) | Method for acquiring MAC user authentication by spanning firewall through Activex | |
| CN101554016A (en) | Apparatus and methods for supporting 802.1X in daisy chained devices | |
| WO2007138068A1 (en) | A type of management method and device for network equipment | |
| CN102130803A (en) | Local area network website security architecture system | |
| CN103188208A (en) | Authority control method and authority control system of webpage access, and call center | |
| CN101286871B (en) | Isolation system configuring method based on digital certificate and security protocol | |
| CN101599834B (en) | Method for identification and deployment and management equipment thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110330 |