CN102025526A - Method, device and system for preventing Internet deception - Google Patents

Method, device and system for preventing Internet deception Download PDF

Info

Publication number
CN102025526A
CN102025526A CN2009101746189A CN200910174618A CN102025526A CN 102025526 A CN102025526 A CN 102025526A CN 2009101746189 A CN2009101746189 A CN 2009101746189A CN 200910174618 A CN200910174618 A CN 200910174618A CN 102025526 A CN102025526 A CN 102025526A
Authority
CN
China
Prior art keywords
client
message
network
spoofed
account number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2009101746189A
Other languages
Chinese (zh)
Other versions
CN102025526B (en
Inventor
孙卫国
柯用兵
王旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Innovation Polymerization LLC
Gw Partnership Co ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200910174618.9A priority Critical patent/CN102025526B/en
Publication of CN102025526A publication Critical patent/CN102025526A/en
Application granted granted Critical
Publication of CN102025526B publication Critical patent/CN102025526B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the technique field of communication security, in order to solve the problem in the prior art that the same account is illegally used by many people to surf the Internet, the invention provides a method, a device and a system for preventing Internet deception. The method comprises the following steps: when a client accesses the Internet, a query whether an anti deception message is received from the client is performed at the predetermined time interval; if the anti deception message from the client is not received, the client is considered to be an illegal client, then a message for disconnecting the client from the Internet is sent. When in use, the invention queries whether the anti deception message is received from the client at the predetermined time interval, if the anti deception message is not received, the client is considered to be an illegal client, then the invention sends a message for disconnecting the client from the Internet, thereby preventing the case that the same account is illegally used by many people to surf the Internet, and improving the Internet security.

Description

A kind of methods, devices and systems of the deception that prevents to surf the Net
Technical field
The present invention relates to field of communication security, particularly about a kind of methods, devices and systems of the deception that prevents to surf the Net.
Background technology
The broadband access network business is more and more universal, have 1 user to open an account to obtain online account number, password now after, the illegal fraud of using this account number, password online by many people.Especially do not limit under the charge mode of online duration, internet surfing data traffic in monthly payment charge, this 1 people pay many people arbitrarily the behavior of online brought huge interests loss to bandwidth operator.Need a kind of control device, realize the anti-swindle of online.
Operator provides a kind of private client software Netkeeper that is used to surf the Net in the prior art, this software is point-to-point protocol (the Point-to-Poiht Protocol over Ethernet that adopts based on Ethernet equally, PPPoE) behavior of online swindle is controlled in online by the mode of restriction client software.Operator utilizes same account number, password online for fear of a plurality of users, in the Netkeeper client software account number, password has been done encryption.Account number, password that network access authentication server (AAA) is received are encrypted, and other user can't obtain this real account number and password.Prevent that in this way illegal multi-user from using the problem of same account number, password online.
But the present inventor finds that in realizing process of the present invention there is following problem at least in above-mentioned prior art, the mode that client software is encrypted is easy to crack, a lot of crack methods at the Netkeeper client software are arranged now, crack out true account number, the password of aaa server authentication usefulness.On the other hand, the phenomenon of using same account number and password to surf the Net for legal multi-user has no idea to control flexibly.
Summary of the invention
The embodiment of the invention provides a kind of methods, devices and systems of the deception that prevents to surf the Net, and is used for solving the problem of the same account number online of the illegal use of the many people of prior art.
The embodiment of the invention provides a kind of method of the deception that prevents to surf the Net, and comprising: when the client access network, inquire about the anti-spoofed message that whether receives client at interval at preset time; When the anti-spoofed message that does not receive client, think that then this client is illegal client, send the message that disconnects this client network connection
The embodiment of the invention also provides a kind of anti-spoofs services device, comprising: receiving element, be used for when the client access network, and inquire about the anti-spoofed message that whether receives client at interval at preset time; Judging unit is used for not receiving the anti-spoofed message of client, thinks that then this client is illegal client, sends to disconnect the message that this client network connects
The embodiment of the invention also provides a kind of fraud system of surfing the Net that prevents, comprising: client, network access authentication server A AA server, anti-spoofs services device;
Described client is used for initiating the network access authentication request message to described aaa server, and sends the anti-spoofed message of this client at interval to described anti-spoofs services device at preset time;
Described aaa server is used to verify described network access authentication request message, and sends the message that allows logging in network or disconnect network to described client;
Described anti-spoofs services device, be used for inquiring about the anti-spoofed message that whether receives described client at interval at preset time, when not receiving the anti-spoofed message of described client, think that then this client is illegal client, send the message that disconnects described client network connection to described aaa server.
The embodiment of the invention also provides a kind of client to prevent the method for surfing the Net and cheating, and comprising: send the network access authentication request message to network side, with the request logging in network; After successfully logining described network, send anti-spoofed message to network side at interval according to preset time.
The embodiment of the invention also provides a kind of client, comprising: transmitting element is used for sending the network access authentication request message to network side, with the request logging in network; The timed sending unit is used for after successfully logining described network, sends anti-spoofed message to network side at interval according to preset time.
By the embodiment of the invention, by in a predetermined time interval, having judged whether to obtain the anti-spoofed message of client, thereby prevent that a plurality of users from illegally using the consolidated network account number to land the situation of network, improve network security.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Figure 1 shows that the method flow diagram of a kind of deception that prevents to surf the Net of the embodiment of the invention;
Figure 2 shows that a kind of anti-spoofs services device structural representation of the embodiment of the invention;
Figure 3 shows that anti-another structural representation of spoofs services device in the embodiment of the invention;
Figure 4 shows that the structural representation of a kind of fraud system that prevents to surf the Net of the embodiment of the invention;
Figure 5 shows that the embodiment of the invention prevent from the to surf the Net data flow diagram of fraud system;
Figure 6 shows that the embodiment of the invention prevent to surf the Net another data flow diagram of fraud system;
Figure 7 shows that embodiment of the invention client prevents the method flow diagram of surfing the Net and cheating;
Figure 8 shows that the structural representation of client of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Be illustrated in figure 1 as the method flow diagram of a kind of deception that prevents to surf the Net of the embodiment of the invention.
Comprise:
Step 101 when the client access network, is inquired about the anti-spoofed message that whether receives client at interval at preset time.
Step 102 when the anti-spoofed message that does not receive client, thinks that then this client is illegal client, sends to disconnect the message that this client network connects.
As one embodiment of the present of invention, before described step 101, comprise, obtain the network access authentication request message that client sends, verify described network access authentication request message, after by described checking, obtain and write down the notification message of reaching the standard grade of the described client in this network access authentication request message.
As one embodiment of the present of invention, above-mentioned network access authentication request message comprises: the user logins media interviews control (the Media Access Control of account number, password, client, MAC) address and Internet protocol (Internet Protocol, IP) address etc., wherein can include only MAC Address and IP address one of them; The above-mentioned notification message of reaching the standard grade comprises: the user logins the MAC Address of account number, client and IP address etc.; Described anti-spoofed message is to be used to verify whether described client legal, and this anti-spoofed message can be form arbitrarily, can be character or character string arbitrarily, perhaps is IP address or MAC Address, also can be above multiple possible group and.
As one embodiment of the present of invention, in described step 101, can be decrypted processing to described anti-deception information, adopt and the corresponding decryption method of client encrypt method, with the described anti-spoofed message after the acquisition deciphering, wherein, in the mode that is decrypted, user in the described anti-spoofed message logins account number can be plaintext, and the MAC Address of client and IP address etc. is a ciphertext; Described decryption method can adopt md5-challenge (Message-digest Algorithm 5, method such as MD5).
Perhaps the notification message utilization mode identical with client of reaching the standard grade that receives can also be encrypted, write down the notification message of reaching the standard grade after the described encryption, for example adopt the md5 encryption method.
As one embodiment of the present of invention, after described step 102, also comprise: inequality when the anti-spoofed message of the reach the standard grade notification message and the described client of described client, then send and disconnect the message that described client network connects.
As one embodiment of the present of invention, also comprise in the notification message of reaching the standard grade of the described client in obtaining and write down this network access authentication request message: also obtain and write down the account number state of described client and the attribute information of account; When another client logging in network, before described step 101, receive also to judge whether the corresponding account number state of this client is whether logging status and attribute information have reached maximum usage threshold, if the account number state is logging status and has reached described maximum usage threshold then sent and disconnect the message that described client network links.
The embodiment of the invention is by having judged whether to obtain the anti-spoofed message of client in a predetermined time interval, when the anti-spoofed message that does not get access to client, think that then this client is illegal client, send and disconnect the message that client network connects, thereby prevent that a plurality of users from illegally using the consolidated network account number to land the situation of network, and the anti-spoofed message of reach the standard grade notification message and client of the logging in network client by will storage is made comparisons, can pick out the anti-different client of spoofed message, thereby prevent that illegitimate client from landing network.
Be illustrated in figure 2 as a kind of anti-spoofs services device structural representation of the embodiment of the invention.
Comprise:
Receiving element 201 is used for when the client access network, inquires about the anti-spoofed message that whether receives client at interval at preset time.
Judging unit 202 is used for not receiving the anti-spoofed message of client, thinks that then this client is illegal client, sends to disconnect the message that this client network connects.
The anti-spoofs services device of the embodiment of the invention has been by having judged whether to obtain the anti-spoofed message of client in a predetermined time interval, thereby prevents that a plurality of users from illegally using the consolidated network account number to land the situation of network.
As one embodiment of the present of invention, as shown in Figure 3, comprise receiving element 301, judging unit 302, also comprise:
Record cell 303 is used for obtaining and write down the notification message of reaching the standard grade of the described client of client network access authentication request message.
Comparing unit 304 is used for the anti-spoofed message of the reach the standard grade notification message and the described client of more described client, then sends the message that disconnects described client network link when inequality.
Described record cell 303 also is used to obtain and write down the account number state of described client and the attribute information of account.
Analytic unit 305, be used for receiving and judging whether the corresponding account number state of this client is whether logging status and attribute information arrive maximum usage threshold, if the account number state is logging status and has arrived maximum usage threshold then send the message that disconnects described client network connection.
Decrypting device 306 is used for the anti-spoofed message that described receiving element 301 receives is decrypted, with the described anti-spoofed message after the acquisition deciphering.
As optional with decrypting device 306, can also comprise ciphering unit 307, be used for the notification message of reaching the standard grade of the described client of described client network access authentication request message is carried out encryption, be stored in described record cell 303.
Be illustrated in figure 4 as the structural representation of a kind of fraud system that prevents to surf the Net of the embodiment of the invention.
Comprise client 401, aaa server 402, anti-spoofs services device 403, OCS server 404.
Described client 401 is used for initiating the network access authentication request message to described aaa server 402, and sends the anti-spoofed message of this client at interval to described anti-spoofs services device 403 at preset time.
Described aaa server 402 is used to verify described network access authentication request message, and sends the message that allows logging in network or disconnect network to described client 401.
Described anti-spoofs services device 403, be used for when the client access network, inquire about the anti-spoofed message that whether receives client at interval at preset time, when the anti-spoofed message that does not receive client, think that then this client is illegal client, send the message that disconnects described client 401 networks connection to described aaa server 402.
Described OCS server 404 is used for described client is chargeed, and stores the attribute information of described client account number.
Wherein, described anti-spoofs services device 403 is the embodiment shown in Fig. 2 or 3.
Described anti-spoofs services device 403 can also be integrated in the OCS server.
Adopt predetermined protocol to communicate between described client 401 and the described anti-spoofs services device 403, perhaps described client 401 uses predefined cryptographic algorithm to encrypt described anti-spoofed message, for example cover, displacement or XOR processing are done in 48 MAC Address, 32 IP address, (Message-digest Algorithm 5 MD5) encrypts the result who generates by md5-challenge again.
The embodiment of the invention is by adding anti-spoofs services device, realized preventing that a plurality of illegal clients from using same account number logging in network.
Be illustrated in figure 5 as the embodiment of the invention prevent from the to surf the Net data flow diagram of fraud system.
Comprise:
Step 501, under the situation of legitimate client 1 online, client 1 sends the network access authentication request message to aaa server, described network access authentication request message carries medium access control (the Media Access Control of account number, password and this client, MAC) address, Internet protocol (Ihternet Protocol, IP) address.
Step 502, aaa server authenticates account number, password, because client 1 is a validated user, so authentication is passed through.
Step 503, aaa server is issued client with the authentication result response message.
Step 504, can client be determined and be surfed the Net according to response message.Under the legal situation of client 1, client 1 begins online after receiving the response message that authentication passes through.
Step 505, under the situation that aaa server passes through the network access authentication request message authentication of client, the user that aaa server sends in the network access authentication request message reaches the standard grade notification message to anti-spoofs services device, the described user notification message of reaching the standard grade comprises information such as the MAC Address of account number, client and IP address, and wherein MAC Address and IP address can be optional one between the two.
Step 506, described anti-spoofs services device write down the information that above-mentioned user reaches the standard grade and carries in the notification message.As optional step, anti-spoofs services device can also utilize the encryption method identical with client, the described notification message of reaching the standard grade is encrypted, write down the notification message of reaching the standard grade after the described encryption then, for example the MAC Address and the IP address of client are encrypted, for example cover, displacement or XOR processing are done in 48 MAC Address, 32 IP address, (Message-digest Algorithm 5 MD5) encrypts the result of generation by md5-challenge again.
Step 507, described anti-spoofs services device is by control Dimeter agreement (the Dimeter Credit Control that charges, DCC) send credit control request information (Credit Control Request to the OCS server, CCR) to inquire about the attribute information of account, as the maximum permission linking number (maximum usage threshold) of account, account's charge information, and record account state is the state that is in logging in network.
Step 508, OCS server are returned credit control response message, and (Credit Control Answer, CCR) to anti-spoofs services device notice account number attribute information, anti-spoofs services device writes down the account attribute information.
Should be noted in the discussion above that above-mentioned steps 503 to the order of step 508 can be in no particular order.
Step 509, so far, client 1 successful logging in network begins online, and the anti-spoofs services device user that obtained this client notification message of reaching the standard grade.Client according to the embodiment of the invention will regularly send anti-spoofed message to anti-spoofs services device.Described anti-spoofed message comprises information such as the MAC Address of account number, client and IP address, the kind of the described anti-spoofed message notification message kind of should reaching the standard grade with the user on being kept at described anti-spoofs services device is identical, for example anti-spoofs services device has been preserved reach the standard grade IP address in the notification message of user, also comprises the IP address in the so described anti-spoofed message.
Wherein, described client 1 can utilize predefined agreement to transmit described anti-spoofed message, also can encrypt described anti-spoofed message, for example the MAC Address of encipher only client and IP address.
Step 510, anti-spoofs services device receives after the anti-spoofed message of client transmission, its account number of carrying, MAC, IP address and anti-spoofs services device are checked at the user of the step 506 record notification message of reaching the standard grade, thought that in the two consistent situation this client online is legal.
Step 511 can continue normal online by the back client 1 of checking of above-mentioned steps 510.
In addition, when client 1 rolled off the production line, AAA sent the user offline notification message to anti-spoofs services device, and this message also carries the account number, MAC, IP address of client 1 etc., anti-spoofs services device upgrades the state information of account according to this message, is updated to down status from logging status.
Step 512, attempt online after having an illegitimate client 2 to steal the account number of legitimate client 1, password, here be divided into two kinds may: the one, the account number state of legitimate client 1 during for login illegitimate client 2 attempt online, the 2nd, be that line illegitimate client of following time 2 is attempted online at the account number state of legitimate client 1.
Under the situation that illegitimate client 2 attempts to surf the Net when the account number state of client 1 is login, illegitimate client 2 adopts other pppoe client internet software according to account number, the password stolen.Its same network access authentication request message that sends is to aaa server, and this network access authentication request message carries MAC Address, the IP address of account number, password and login terminal.
Step 513, aaa server authenticates account number, password.Because illegitimate client 2 has been stolen the account number and the password of legitimate client, so the authentication of aaa server is passed through equally at this moment.
Step 514, aaa server will authenticate the response message that passes through and issue illegitimate client 2.
Step 515, illegitimate client 2 begin online after receiving the response message that authentication passes through.
Step 516, the same with the situation of the step 505 of legitimate client, under the situation that aaa server passes through the authentication of illegitimate client 2, aaa server sends the user and reaches the standard grade notification message to anti-spoofs services device, and this user notification message of reaching the standard grade carries MAC, the IP address that the user logins account number, client.
Step 517, described anti-spoofs services device is consulted the attribute information of the account that obtains in the above-mentioned steps 508, with account number state information in this anti-spoofs services device storage, find that this user account number only allows single online (maximum usage threshold is 1), and there has been legitimate client 1 to be in logging status, therefore, anti-spoofs services device thinks that logging on client 2 is for illegal.
Step 518, for the client of illegal online, anti-spoofs services device initiatively sends to aaa server and cuts off illegal connection message.
Step 519, aaa server send to illegitimate client 2 and cut off illegal connection message, and illegitimate client 2 online are interrupted.
Step 520, aaa server sends the result that above-mentioned interruption illegitimate client is surfed the Net, i.e. response message to anti-spoofs services device.。
Fail to steal the correct account number and the situation of password as for illegitimate client, obviously, it just can't not have the chance of networking by account number, the cipher authentication of aaa server in step 502 or step 513.Therefore this paper is not described in detail this situation.
In addition, according to the embodiment of the invention, even in legitimate client 1 not in when online, illegitimate client 2 also can't be surfed the Net.
In step 517, described anti-spoofs services device is consulted the attribute information of the account that obtains in the above-mentioned steps 508, with account number state information in this anti-spoofs services device storage, find that this user account number only allows single online, and legitimate client 1 is not in logging status, so can not send and cut off illegal connection message at once to aaa server, but after waiting for a predetermined time interval, judge whether to receive the anti-spoofed message that illegitimate client 2 sends, as one embodiment of the present of invention, predetermined time interval can be 3 minutes, if do not receive anti-spoofed message then think that logging on client 2 is for illegal.
As optional embodiment, in above-mentioned steps 517, anti-spoofs services device receives after this anti-spoofed message, and the user that the account number that it can also be carried, MAC, IP address and anti-spoofs services device write down in step 506 notification message of reaching the standard grade is checked.Think that in the two consistent situation this client online is legal, this moment, this client can continue online.Wherein, anti-spoofs services device is decrypted the anti-spoofed message that receives, obtain account number, MAC, IP address, check, if unanimity the then whether online of this client is legal with the corresponding information that the user who is stored in this anti-spoofs services device reaches the standard grade in the notification message; As optional embodiment, anti-spoofs services device can also think that in the two consistent situation this client online is legal with described comparing through the anti-spoofed message of encryption and the notification message of reaching the standard grade through encrypting of described storage of receiving.
As mentioned above, by state information and the attribute information that obtains account number, can prevent that illegal a plurality of users from using same account number logging in network.
Be illustrated in figure 6 as the embodiment of the invention prevent to surf the Net another data flow diagram of fraud system.
In the present embodiment, step 601 to 611 with above-mentioned step 501 embodiment illustrated in fig. 5 to 511 identical, do not repeat them here.
In the process of legitimate client 1 online, illegitimate client 2 also begins online.
Step 612, client 2 sends the network access authentication request message to aaa server, and this network access authentication request message carries MAC Address, the IP address of account number, password and client 2.
Step 613, aaa server authenticates account number, password and passes through.
Step 614, aaa server will authenticate the response message that passes through and issue client 2.
Step 615, client 2 begin online after receiving the response message that authentication passes through.
Step 616, simultaneously, aaa server sends the user and reaches the standard grade notification message to anti-spoofs services device, and this message is carried MAC Address, the IP address of account number, client.
Step 617, described anti-spoofs services device is consulted the attribute information of the account that obtains in the above-mentioned steps 608, with account number state information in this anti-spoofs services device storage, at this moment, different with the situation of Fig. 5, anti-spoofs services device supports many people to share according to the account number attribute information discovery account that receives in step 608, and do not reach maximum number of connections (promptly not reaching maximum usage threshold), therefore, anti-spoofs services device writes down reach the standard grade notification message and be updated in the connection number of account on the anti-spoofs services device of this user, existing account number connects on the number and adds 1 on the number, allows this user to continue online, and the wait client software sends anti-spoofed message.
Step 618, client 2 in a predetermined time interval (as 3 minutes) send anti-spoofed message.
Step 619, anti-spoofs services device receives this anti-spoofed message, thinks that this client 2 belongs to validated user.
Step 620, client 2 can continue online.
In another kind of situation, if in step 617, anti-spoofs services device finds that the attribute information of account number has reached maximum link number, thinks that then this client 2 is illegitimate client, sends to aaa server and cuts off illegal connection message.
Simultaneously, even an account's number of users reaches its maximum linking number that allows as yet, not authorized user also can't be only surfs the Net with the account number cipher stealing or use.This is because not authorized user client can't be as the client of the embodiment of the invention, according to the anti-spoofed message of anti-swindle predetermined protocol timed sending.Anti-spoofs services device can in step 617 according to whether in a scheduled time (as 3 minutes) receive anti-spoofed message, judge thus whether this client is illegal, send the illegal connection message of cut-out to stop the illegitimate client online to aaa server if do not receive then can pass through.
Be illustrated in figure 7 as embodiment of the invention client prevent from the to surf the Net method flow diagram of deception.
Comprise:
Step 701 sends the network access authentication request message to network side, with the request logging in network.
Step 702 behind successful logging in network, sends anti-spoofed message to network side at interval according to preset time.
As one embodiment of the present of invention, in described step 702, adopt predetermined protocol to encapsulate to described anti-spoofed message.
As one embodiment of the present of invention, in described step 702, can also be to the encryption of described anti-spoofed message row, wherein, in the mode of encrypting, user in the anti-spoofed message logins account number can be plaintext, and the MAC Address of client and IP address etc. is a ciphertext, for example adopts the md5 encryption method.
Comprise the described notification message of reaching the standard grade in the described network access authentication request message.
By the foregoing description, judge whether to have obtained the anti-spoofed message of client in the predetermined time interval, thereby prevent that a plurality of users from illegally using the consolidated network account number to land the situation of network.
Be illustrated in figure 8 as the structural representation of client of the present invention.
Comprise transmitting element 801, be used for sending the network access authentication request message, with the described network of request login to network side.
Timed sending unit 802 is used for behind successful logging in network, sends anti-spoofed message to network side at interval according to preset time.
Also comprise ciphering unit 803, be used to encrypt described anti-spoofed message.
Beneficial effect as the embodiment of the invention is, by judging at the fixed time whether received anti-spoofed message in the interval, whether distinguish is legitimate client, under the situation of multi-user shared account, be convenient to system's control and share the charging of account number, even someone uses account number, password, client and brings in the loss that online can not cause operator to charge yet, thereby has strengthened internet security.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, can instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above-described embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is the specific embodiment of the present invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (17)

1. method of deception that prevents to surf the Net is characterized in that comprising:
When the client access network, inquire about the anti-spoofed message that whether receives client at interval at preset time;
When the anti-spoofed message that does not receive client, think that then this client is illegal client, send the message that disconnects this client network connection.
2. method according to claim 1, it is characterized in that, when the client access network time, inquire about at interval in the anti-spoofed message that whether receives client at preset time and to comprise, obtain the network access authentication request message that client sends, verify described network access authentication request message, after by described checking, obtain and write down the notification message of reaching the standard grade of the described client in this network access authentication request message.
3. method according to claim 2 is characterized in that, described network access authentication request message comprises: the user logins account number, password, also comprises at least a in the MAC Address of client and the IP address; The described notification message of reaching the standard grade comprises: the user logins account number, also comprises at least a in the MAC Address of client and the IP address; Described anti-spoofed message is to be used to verify that described client access network is legal.
4. method according to claim 2 is characterized in that, also comprises in the anti-spoofed message of the described client of preset time interval acquiring, deciphers described anti-spoofed message, perhaps encrypts and store the described notification message of reaching the standard grade.
5. method according to claim 4, it is characterized in that, after the anti-spoofed message of the described client of preset time interval acquiring, also comprising: inequality when the anti-spoofed message of the reach the standard grade notification message and the described client of described client, then send and disconnect the message that described client network connects.
6. method according to claim 2 is characterized in that, also comprises in the notification message of reaching the standard grade of the described client in obtaining and write down this network access authentication request message: the attribute information that also obtains and write down described account number; When another client logging in network, receive and judge this client the attribute information of corresponding account number whether reached maximum usage threshold, if reached described maximum usage threshold then sent the message that disconnects described client network link.
7. anti-spoofs services device is characterized in that comprising:
Receiving element is used for when the client access network, inquires about the anti-spoofed message that whether receives client at interval at preset time;
Judging unit is used for not receiving the anti-spoofed message of client, thinks that then this client is illegal client, sends to disconnect the message that this client network connects.
8. device according to claim 7 is characterized in that, also comprises:
Record cell is used for obtaining and write down the notification message of reaching the standard grade of the described client of client network access authentication request message;
Comparing unit is used for the anti-spoofed message of the reach the standard grade notification message and the described client of more described client, then sends the message that disconnects described client network link when inequality.
9. device according to claim 7 is characterized in that, also comprises record cell and analytic unit;
Described record cell is used to obtain and write down the account number state of described client and the attribute information of account;
Described analytic unit, be used for receiving and judging whether the corresponding account number state of this client is whether logging status and attribute information arrive maximum usage threshold, if the account number state is logging status and has arrived maximum usage threshold then send the message that disconnects described client network connection.
10. device according to claim 8 is characterized in that, comprises decrypting device, is used for described anti-spoofed message is decrypted;
Described anti-spoofed message after described comparing unit will be deciphered and the described notification message of reaching the standard grade compare;
Perhaps, comprise ciphering unit, be used for the described notification message of reaching the standard grade is carried out encryption, be stored in described record cell;
Reach the standard grade notification message and described anti-spoofed message of described after described comparing unit will be encrypted compares.
11. one kind prevents the fraud system of surfing the Net, and it is characterized in that comprising:
Client, network access authentication server A AA server, anti-spoofs services device;
Described client is used for initiating the network access authentication request message to described aaa server, and sends the anti-spoofed message of this client at interval to described anti-spoofs services device at preset time;
Described aaa server is used to verify described network access authentication request message, and sends the message that allows logging in network or disconnect network to described client;
Described anti-spoofs services device, be used for inquiring about the anti-spoofed message that whether receives described client at interval at preset time, when not receiving the anti-spoofed message of described client, think that then this client is illegal client, send the message that disconnects described client network connection to described aaa server.
12. system according to claim 10 is characterized in that described anti-spoofs services device comprises:
Receiving element is used for the anti-spoofed message in the described client of preset time interval acquiring;
Judging unit is used to judge whether to get access to the anti-spoofed message of described client, does not disconnect the message that described client network connects if get access to the anti-spoofed message of described client then send.
13. system according to claim 10 is characterized in that described anti-spoofs services device is integrated in Online Charging System OCS server.
14. the method that client prevents to surf the Net and cheat is characterized in that comprising:
Send the network access authentication request message to network side, with the request logging in network;
After successfully logining described network, send anti-spoofed message to network side at interval according to preset time.
15. method according to claim 14 is characterized in that, after successfully logining described network, sends in the anti-spoofed message to network side at interval according to preset time, and described anti-spoofed message is carried out encryption.
16. a client is characterized in that comprising:
Transmitting element is used for sending the network access authentication request message to network side, with the request logging in network;
The timed sending unit is used for after successfully logining described network, sends anti-spoofed message to network side at interval according to preset time.
17. client according to claim 16 is characterized in that, also comprises ciphering unit, is used to encrypt described anti-spoofed message.
CN200910174618.9A 2009-09-18 2009-09-18 Method, device and system for preventing Internet deception Active CN102025526B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910174618.9A CN102025526B (en) 2009-09-18 2009-09-18 Method, device and system for preventing Internet deception

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910174618.9A CN102025526B (en) 2009-09-18 2009-09-18 Method, device and system for preventing Internet deception

Publications (2)

Publication Number Publication Date
CN102025526A true CN102025526A (en) 2011-04-20
CN102025526B CN102025526B (en) 2014-06-11

Family

ID=43866420

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910174618.9A Active CN102025526B (en) 2009-09-18 2009-09-18 Method, device and system for preventing Internet deception

Country Status (1)

Country Link
CN (1) CN102025526B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588878A (en) * 2004-08-05 2005-03-02 Ut斯达康通讯有限公司 Method for detecting illegally cut-in point in radio cocal network
US20060079320A1 (en) * 2004-10-01 2006-04-13 Erickson Robert P Communication control for progressive game controller to prevent near-concurrent wins
CN101159630A (en) * 2007-11-09 2008-04-09 华为技术有限公司 Flux monitoring method, system and broadband accessing server
CN101184046A (en) * 2007-12-07 2008-05-21 中兴通讯股份有限公司 Method and system of limiting account linking number
CN101272387A (en) * 2008-04-24 2008-09-24 深圳华为通信技术有限公司 Method and terminal unit for launching re-authentication answering to network side equipment
CN101436934A (en) * 2008-10-20 2009-05-20 福建星网锐捷网络有限公司 Method, system and equipment for controlling user upper wire

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588878A (en) * 2004-08-05 2005-03-02 Ut斯达康通讯有限公司 Method for detecting illegally cut-in point in radio cocal network
US20060079320A1 (en) * 2004-10-01 2006-04-13 Erickson Robert P Communication control for progressive game controller to prevent near-concurrent wins
CN101159630A (en) * 2007-11-09 2008-04-09 华为技术有限公司 Flux monitoring method, system and broadband accessing server
CN101184046A (en) * 2007-12-07 2008-05-21 中兴通讯股份有限公司 Method and system of limiting account linking number
CN101272387A (en) * 2008-04-24 2008-09-24 深圳华为通信技术有限公司 Method and terminal unit for launching re-authentication answering to network side equipment
CN101436934A (en) * 2008-10-20 2009-05-20 福建星网锐捷网络有限公司 Method, system and equipment for controlling user upper wire

Also Published As

Publication number Publication date
CN102025526B (en) 2014-06-11

Similar Documents

Publication Publication Date Title
CN101510877B (en) Single-point logging-on method and system, communication apparatus
US8763097B2 (en) System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication
US7231526B2 (en) System and method for validating a network session
CN108769007B (en) Gateway security authentication method, server and gateway
US20080276309A1 (en) System and Method for Securing Software Applications
CN102572815B (en) Method, system and device for processing terminal application request
CN101772024B (en) User identification method, device and system
CN101335615B (en) Method used in key consultation of USB KEY audio ciphering and deciphering device
CN103001976A (en) Safe network information transmission method
CN103455763A (en) Internet surfing log recording system and method capable of protecting personal privacies of users
CN113285803B (en) Mail transmission system and transmission method based on quantum security key
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
CN107483429B (en) A kind of data ciphering method and device
CN102164033A (en) Method, device and system for preventing services from being attacked
CN109525565B (en) Defense method and system for short message interception attack
CN101150406A (en) Network device authentication method and system and relay forward device based on 802.1x protocol
CN103701792A (en) Credibility authorization method, system, credibility security management center and server
CN113346995A (en) Quantum security key-based method and system for preventing mail from being tampered in transmission process
CN104796399B (en) A kind of cryptographic key negotiation method of Data Encryption Transmission
CN116743470A (en) Service data encryption processing method and device
CN103152326A (en) Distributed authentication method and authentication system
CN114466353A (en) App user ID information protection device and method, electronic equipment and storage medium
CN108400967A (en) A kind of method for authenticating and right discriminating system
CN102025526B (en) Method, device and system for preventing Internet deception
CN101772025B (en) User identification method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20180427

Address after: California, USA

Patentee after: Global innovation polymerization LLC

Address before: London, England

Patentee before: GW partnership Co.,Ltd.

Effective date of registration: 20180427

Address after: London, England

Patentee after: GW partnership Co.,Ltd.

Address before: 518129 office building, Bantian headquarters, HUAWEI District, Longgang, Shenzhen, Guangdong

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.