CN103139214A - Method and system controlling network logon - Google Patents
Method and system controlling network logon Download PDFInfo
- Publication number
- CN103139214A CN103139214A CN201310049620XA CN201310049620A CN103139214A CN 103139214 A CN103139214 A CN 103139214A CN 201310049620X A CN201310049620X A CN 201310049620XA CN 201310049620 A CN201310049620 A CN 201310049620A CN 103139214 A CN103139214 A CN 103139214A
- Authority
- CN
- China
- Prior art keywords
- smartclient
- network attack
- website
- statistical form
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and a system controlling network logon. The method controlling the network logon includes the following steps: a smart client acquires website information and acquires a logon mechanism provided with the lowest attacking rate and corresponding to websites according to a network attack statistical table; the smart client generates a logon request according to the logon mechanism and sends the logon request to a management center server; and the management center server periodically sends the detected network attack information to the smart client, and the smart client updates the network attack statistical table according to the network attack information and a first strategy.
Description
Technical field
The invention belongs to the network entry field, relate in particular to a kind of method and system of controlling network entry.
Background technology
Along with the development of network technology, some service is specific to the individual, and such as E-mail address, online game, captive portal etc. has certain privacy and confidentiality.When using these network services, the user need to carry out register, confirm user's log-on message at associated server after, just allows the user to enter the corresponding network page.At present, existing network entry method has only been considered the convenience of user's login, does not take into full account the problem of login secure context.
Summary of the invention
The invention provides a kind of method and system of controlling network entry, to address the above problem.
The invention provides a kind of method of controlling network entry.Said method comprises the following steps: SmartClient obtains website information, and obtains the minimum login mechanism of attack rate corresponding to described network address according to the network attack statistical form; SmartClient generates logging request and logging request is sent to management center server according to login mechanism; Wherein, management center server periodically is sent to SmartClient with the network attack information that detects, and SmartClient is according to network attack information and the first policy update network attack statistical form.
The present invention also provides a kind of system that controls network entry, comprises SmartClient and management center server.SmartClient connection management central server.SmartClient obtains website information, and obtains the minimum login mechanism of attack rate corresponding to described network address according to the network attack statistical form.SmartClient generates logging request and logging request is sent to management center server according to login mechanism.Wherein, management center server periodically is sent to SmartClient with the network attack information that detects, and SmartClient is according to network attack information and the first policy update network attack statistical form.
Compared to prior art, method and system according to control network entry provided by the invention, SmartClient obtains the minimum login mechanism of attack rate according to the network attack statistical form, and is sent to management center server according to described login mechanism generation logging request.So, guarantee the fail safe that the user logins.In addition, management center server periodically is sent to SmartClient with the network attack information that detects, and SmartClient is according to network attack information and the first policy update network attack statistical form.So, upgrade the network attack statistical form by the network attack Information Statistics in cycle, not only realized the dynamic security maintenance, and, realize the period allocated of smart client system resource, thereby improved efficient.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Figure 1 shows that the flow chart of the method for the control network entry that preferred embodiment according to the present invention provides;
Figure 2 shows that the schematic diagram of the system of the control network entry that preferred embodiment according to the present invention provides.
Embodiment
Hereinafter also describe in conjunction with the embodiments the present invention in detail with reference to accompanying drawing.Need to prove, in the situation that do not conflict, embodiment and the feature in embodiment in the application can make up mutually.
Figure 1 shows that the flow chart of the method for the control network entry that preferred embodiment according to the present invention provides.As shown in Figure 1, the method for the control network entry that provides of preferred embodiment of the present invention comprises step 101 ~ 102.
In step 101, SmartClient obtains website information, and obtains the minimum login mechanism of attack rate corresponding to described network address according to the network attack statistical form.Particularly, when the user logined some websites by SmartClient, the user inputted the website information of this website in SmartClient.After SmartClient obtains website information, attack statistical form by requester network and obtain the minimum login mechanism of attack rate corresponding to described network address.In addition, the initial network attack statistical form of SmartClient configuration.Wherein, the network attack statistical form comprises web portal security rank, login mechanism, corresponding attack rate and the timeslice distribution degree of login mechanism.Login mechanism comprises user name and password login, fingerprint login, password authentification login etc.Yet the present invention does not limit this.
In this, take three website a ~ c as example, initial network attack statistical form example is as shown in table 1.In addition, each data in initial network attack statistical form can pre-set according to actual conditions.The present invention does not limit this.In addition, if during the network attack statistical form of SmartClient storing initial, the attack rate initial configuration value corresponding because of different login mechanism is 0%, and at this moment, SmartClient can be selected corresponding login mechanism at random.
Table 1
In step 102, described SmartClient generates logging request and described logging request is sent to management center server according to described login mechanism.
In this, take the login mechanism of user name and password login as example, SmartClient obtains user name and password, the regeneration logging request, and logging request is sent to management center server.Wherein, logging request has been carried user name and encrypted message.After management center server received logging request, processes said request if the user logins normally, fed back to SmartClient with corresponding Webpage, to be shown to the user.
In the present embodiment, management center server periodically is sent to SmartClient with the network attack information that detects, and described SmartClient is according to described network attack information and the first policy update network attack statistical form.Wherein, the first strategy is: the web portal security rank of corresponding website is higher, and its corresponding timeslice distribution degree is lower.
In this, the information that network attack information is carried comprises the number of times of attack of the different login mechanism of the general offensive number of times of corresponding website in the cycle and corresponding website.Wherein, if the user that management center server detects certain IP address at short notice the number of times of repeat logon website surpass preset times, management center server assert that this website is attacked once.Yet the present invention does not limit this.Other website attack patterns of the prior art all belong to the attack that the present embodiment is mentioned.
In the present embodiment, the SmartClient storage security rank table of comparisons, example is as shown in table 2.
Table 2
In table 2, cycle T can arrange according to actual needs.In addition, the first preset times in table 2 is greater than the second preset times, and the second preset times can arrange according to actual needs.For example, the first preset times is for example 10000 times, and the second preset times is for example 5000 times.In addition, in table 2, the web portal security rank is followed successively by from high to low: first level, second level, third level.Yet the present invention does not limit this.In practical application, two or more other web portal security ranks of level can be set as required.
In the present embodiment, the network attack information of SmartClient in the management center server receiving cycle T, and according to the general offensive number of times of each website in network attack information, and with reference to table 2, determine the web portal security rank of each website.In this, describe as an example of three website a, b, c and three kinds of login mechanism 1 ~ 3 example.Wherein, each website is all to there being three kinds of login mechanism 1 ~ 3.
For example, the general offensive number of times of website a in cycle T is 12000 times, the general offensive number of times of website b in cycle T is 6000 times, the general offensive number of times of website c in cycle T is 3000 times, thus with reference to table 1 as can be known, the web portal security rank of website a is third level, and the web portal security rank of website b is second level, and the web portal security rank of website c is first level.Simultaneously, the number of times of attack of the different login mechanism that SmartClient is corresponding according to each website that the network attack information in the cycle T that receives is carried is determined the attack rate of the different login mechanism that each website is corresponding, and is determined timeslice distribution degree according to the first strategy.Wherein, attack rate corresponding to each login mechanism of each website is the ratio of the general offensive number of times of the number of times of attack of described login mechanism of this website and this website.In this, SmartClient is as shown in table 3 according to the network attack statistical form example of the renewal of the network attack acquisition of information in cycle T.
Table 3
In this, can be set as according to actual needs at the timeslice distribution degree shown in table 3 other numerical value ratios that satisfy the first strategy.The present invention does not limit this.
In the present embodiment, when described SmartClient upgrades described network attack statistical form in next cycle, according to definite time distribution degree and the vacant timeslice total amount of current system of described network attack statistical form that the last cycle obtains, determine that current described SmartClient upgrades the time sendout of different web sites in described network attack statistical form.
In this, attack statistical form as table 1 take the initial network of SmartClient setting, it is that table 3 is example that SmartClient upgrades in first cycle T the network attack statistical form that obtains, during data corresponding to SmartClient website a, b, c in updating form 3, meeting determines that according to the vacant timeslice total amount of current system of initial time distribution degree and the SmartClient of website a, b, c in table 1 current SmartClient upgrades the time sendout of website a, b, c.Take the vacant timeslice total amount of the current system of SmartClient as A as example, according to table 1 as can be known, the current time sendout to website a, b, c of SmartClient is 0.3A.At this moment, SmartClient according to the time sendout of website a, b, c (namely, be 0.3A) respectively website a, b, c are upgraded, thus obtain the latest data of attack rate corresponding to website a, b in table 3, the web portal security rank of c, login mechanism, login mechanism.Afterwards, SmartClient is determined the timeslice distribution degree (as shown in table 3) of each website again according to the latest data of each website of upgrading according to the first strategy.In this, the timeslice distribution degree of website a, the b that SmartClient obtains in table 3, c can use when next cycle T SmartClient upgrades the data of each website.
In the present embodiment, after SmartClient upgraded the network attack statistical form, the network attack statistical form that SmartClient can be inquired about renewal obtained the minimum login mechanism of attack rate corresponding to corresponding network address.
Figure 2 shows that the schematic diagram of the system of the control network entry that preferred embodiment according to the present invention provides.As shown in Figure 2, the system of the control network entry that provides of preferred embodiment of the present invention comprises SmartClient 10 and management center server 12.SmartClient 10 connection management central servers 12.
In the present embodiment, SmartClient 10 obtains website information, and obtains the minimum login mechanism of attack rate corresponding to described network address according to the network attack statistical form.SmartClient 10 generates logging request and logging request is sent to management center server 12 according to login mechanism.Wherein, management center server 12 periodically is sent to SmartClient 10 with the network attack information that detects, and SmartClient 10 is according to network attack information and the first policy update network attack statistical form.Specific operation process about described system is described with above-mentioned method, therefore repeat no more in this.
In sum, the method and system of the control network entry that preferred embodiment provides according to the present invention, SmartClient obtains the minimum login mechanism of attack rate according to the network attack statistical form, and is sent to management center server according to described login mechanism generation logging request.So, guarantee the fail safe that the user logins.In addition, management center server periodically is sent to SmartClient with the network attack information that detects, and SmartClient is according to network attack information and the first policy update network attack statistical form.So, upgrade the network attack statistical form by the network attack Information Statistics in cycle, not only realized the dynamic security maintenance, and, realize the period allocated of smart client system resource, thereby improved efficient.
The above is only the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a method of controlling network entry, is characterized in that, comprises the following steps:
SmartClient obtains website information, and obtains the minimum login mechanism of attack rate corresponding to described network address according to the network attack statistical form;
Described SmartClient generates logging request and described logging request is sent to management center server according to described login mechanism;
Wherein, described management center server periodically is sent to described SmartClient with the network attack information that detects, and described SmartClient is according to described network attack information and the described network attack statistical form of the first policy update.
2. method according to claim 1, is characterized in that, the initial network attack statistical form of described SmartClient configuration.
3. method according to claim 1, is characterized in that, described network attack statistical form comprises web portal security rank, login mechanism, corresponding attack rate and the timeslice distribution degree of login mechanism.
4. method according to claim 3, is characterized in that, described the first strategy is: the web portal security rank of corresponding website is higher, and its corresponding timeslice distribution degree is lower.
5. method according to claim 3, is characterized in that, attack rate corresponding to each login mechanism of each website is the ratio of the general offensive number of times of the number of times of attack of described login mechanism of this website and this website.
6. method according to claim 1, is characterized in that, described login mechanism comprises user name and password login, fingerprint login, password authentification login etc.
7. method according to claim 1, it is characterized in that, when described SmartClient upgrades described network attack statistical form in next cycle, according to definite time distribution degree and the vacant timeslice total amount of current system of described network attack statistical form that the last cycle obtains, determine that current described SmartClient upgrades the time sendout of different web sites in described network attack statistical form.
8. a system that controls network entry, is characterized in that, comprises SmartClient and management center server, and described SmartClient connects described management center server,
Described SmartClient obtains website information, and obtains the minimum login mechanism of attack rate corresponding to described network address according to the network attack statistical form,
Described SmartClient generates logging request and described logging request is sent to described management center server according to described login mechanism,
Wherein, described management center server periodically is sent to described SmartClient with the network attack information that detects, and described SmartClient is according to described network attack information and the described network attack statistical form of the first policy update.
9. system according to claim 8, is characterized in that, described network attack statistical form comprises web portal security rank, login mechanism, corresponding attack rate and the timeslice distribution degree of login mechanism.
10. system according to claim 9, is characterized in that, described the first strategy is: the web portal security rank of corresponding website is higher, and its corresponding timeslice distribution degree is lower.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310049620XA CN103139214A (en) | 2013-02-07 | 2013-02-07 | Method and system controlling network logon |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310049620XA CN103139214A (en) | 2013-02-07 | 2013-02-07 | Method and system controlling network logon |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103139214A true CN103139214A (en) | 2013-06-05 |
Family
ID=48498520
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310049620XA Pending CN103139214A (en) | 2013-02-07 | 2013-02-07 | Method and system controlling network logon |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103139214A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070226783A1 (en) * | 2006-03-16 | 2007-09-27 | Rabbit's Foot Security, Inc. (A California Corporation) | User-administered single sign-on with automatic password management for web server authentication |
| CN101764689A (en) * | 2008-11-27 | 2010-06-30 | 上海网环信息科技有限公司 | Method of system for controlling logging-in mode of user |
| CN102055768A (en) * | 2010-12-31 | 2011-05-11 | 奇智软件(北京)有限公司 | Network logon method and system |
-
2013
- 2013-02-07 CN CN201310049620XA patent/CN103139214A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070226783A1 (en) * | 2006-03-16 | 2007-09-27 | Rabbit's Foot Security, Inc. (A California Corporation) | User-administered single sign-on with automatic password management for web server authentication |
| CN101764689A (en) * | 2008-11-27 | 2010-06-30 | 上海网环信息科技有限公司 | Method of system for controlling logging-in mode of user |
| CN102055768A (en) * | 2010-12-31 | 2011-05-11 | 奇智软件(北京)有限公司 | Network logon method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101286845B (en) | Control system for access between domains based on roles | |
| US8910254B2 (en) | System and methods for profiling client devices | |
| CN102916946B (en) | Connection control method and system | |
| CN106844111B (en) | Access method of cloud storage network file system | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN101594232B (en) | Authentication method for dynamic password, system and corresponding authentication device | |
| US9635024B2 (en) | Methods for facilitating improved user authentication using persistent data and devices thereof | |
| CN105099986A (en) | Network game data sharing method and server | |
| CN111736853A (en) | Gray scale distribution method, device, equipment and storage medium | |
| CN106301772A (en) | Cipher set-up method, device and for arranging the device of password | |
| CN101404575B (en) | Method and system for updating indorsement algorithm | |
| CN110826052A (en) | Method and device for protecting server password security | |
| CN112764913A (en) | Service fusing method and device, storage medium and electronic equipment | |
| EP2808820A1 (en) | Method of changing password in an industrial automation and control system | |
| CN104994086A (en) | Database cluster authority control method and device | |
| CN103200171A (en) | Method and system of network security register | |
| CN103309986A (en) | Control method and system for webpage access | |
| CN103139214A (en) | Method and system controlling network logon | |
| US20170041964A1 (en) | Community-based communication network services | |
| CN103139215A (en) | Method and system for achieving network logon | |
| CN105636031A (en) | Packet communication management method, apparatus and system | |
| CN103139213A (en) | Method for treating network logging and system | |
| CN104009846A (en) | Single sign-on device and method | |
| CN102946559A (en) | Upgrading method of digital television terminal, digital television terminal, digital television server and upgrading system of digital television terminal | |
| CN102195983A (en) | Network terminal encryption authentication method and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130605 |