CN103607372B - Method and apparatus for authentication of a network access - Google Patents

Method and apparatus for authentication of a network access Download PDF

Info

Publication number
CN103607372B
CN103607372B CN201310363032.3A CN201310363032A CN103607372B CN 103607372 B CN103607372 B CN 103607372B CN 201310363032 A CN201310363032 A CN 201310363032A CN 103607372 B CN103607372 B CN 103607372B
Authority
CN
China
Prior art keywords
authentication
user
authentication information
information
access
Prior art date
Application number
CN201310363032.3A
Other languages
Chinese (zh)
Other versions
CN103607372A (en
Inventor
张武健
Original Assignee
深信服网络科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深信服网络科技(深圳)有限公司 filed Critical 深信服网络科技(深圳)有限公司
Priority to CN201310363032.3A priority Critical patent/CN103607372B/en
Publication of CN103607372A publication Critical patent/CN103607372A/en
Application granted granted Critical
Publication of CN103607372B publication Critical patent/CN103607372B/en

Links

Abstract

本发明公开一种网络接入的认证方法及装置,通过接收用户触发的以访客身份访问网络的操作请求;识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息;识别用户输入的认证信息是否合法;在识别用户输入的认证信息合法时,返回验证信息至所述责任人特征信息所指向的终端,供用户输入终端显示的所述验证信息;识别用户输入的所述终端显示的所述验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络;具有简单、快捷地实现访客基于企业终端访问网络的有益效果;同时,设置了访客接入网络的访问权限,提高了企业信息的安全性。 The present invention discloses a method and apparatus for authentication of access network, operation requests as a guest user access to the network by receiving a trigger; identifying the guest identification is not authenticated, the operation request and redirect to an authentication page visitors displaying, based on the guest user input for authentication the authentication information corresponding to the displayed page comprises responsible feature information; authentication information input by the user identifying the legality; when the authentication information input by the user identifying valid, returns the authentication information to the responsible feature point information terminal, the user inputs the authentication information for display of the terminal; when the authentication information is correct, to allow the user access to the network as a guest visitor preset input identifying a user of the display terminal; simple and quickly realized visitor beneficial effect on corporate terminal access to the network; the same time, set access permissions guest access network and improve the security of enterprise information.

Description

网络接入的认证方法及装置 Method and apparatus for authentication of a network access

技术领域 FIELD

[0001]本发明涉及互联网领域,尤其涉及一种网络接入的认证方法及装置。 [0001] The present invention relates to the Internet, and more particularly relates to an authentication method and apparatus for network access.

背景技术 Background technique

[0002]目前企业出于防止内部重要信息泄露等方面的考虑,对于来访人员访问互联网设置了一定的访问权限;比如甲方重要客户、厂商维护人员、应聘者、员工家属等访客进入一个企事业单位办公场所,临时需要上网时,访客需申请上网权限;因为企事业单位基于防止信息泄密等方面的考虑,默认情况下是拒绝外来访客上网的。 [0002] For the current business considerations prevent internal leaks and other important information for visitors who access the Internet to set up certain access rights; such as Party important customer, vendor maintenance personnel, candidates, their family members and other visitors to enter a enterprises when the unit office space, temporary need Internet access, online visitors need to apply for permission; because enterprises based on considerations prevent the leakage of information, etc. the default is to reject foreign visitors to the Internet. 而目前对于访客申请上网权限的流程非常繁琐,比如访客需要内部员工协助,通过企业内部的办公系统申请流程甚至直接到公司的网络管理部门才能申请到上网账号,且网络管理人员也十分担心访客因访问内网服务器而获取到内部机密数据信息的情况发生。 The process is currently for visitors to apply for access rights is very complicated, such as visitors need internal staff assistance, application process through the internal enterprise office systems and even directly to the company's network management departments will be able to apply for the Internet access account, and network managers are also very worried about visitors because access the network server when acquiring the internal information confidential data occurs.

发明内容 SUMMARY

[0003]鉴于此,有必要提供一种网络接入的认证方法及装置,以便捷地解决访客申请上网权限的问题。 [0003] In view of this, it is necessary to provide an authentication method and apparatus for network access problems to solve easily apply for visitor access privileges.

[0004]本发明实施例公开了一种网络接入的认证方法,包括以下步骤: [0004] Example embodiments of the present invention discloses a method for network access authentication, comprising the steps of:

[0005]接收用户触发的以访客身份访问网络的操作请求; [0005] access to the network as a guest operating triggered by receiving a user request;

[0006]识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息; [0006] When the identification is not authenticated as a guest, the guest operation request is redirected to the authentication page displayed for the user to input the authentication information comprising a corresponding responsible feature information based on the guest authentication page displayed;

[0007]识别用户输入的认证信息是否合法; [0007] authentication information for identifying the legality of the user input;

[0008]在识别用户输入的认证信息合法时,返回验证信息至所述责任人特征信息所指向的终端,供用户输入终端显示的所述验证信息; [0008] When the authentication information input by the user identifying valid, returns the authentication information to the responsible feature point information terminal, said input terminal for displaying a user authentication information;

[0009]识别所述验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络。 [0009] When the authentication information is correct recognition, allowing the user to a visitor network according to a preset access permission visitors.

[0010]优选地,所述允许用户以所述访客身份按照预设的访客权限访问网络,包括: [0010] Preferably, the allowing the user to a visitor network according to a preset access permission visitors, comprising:

[0011]允许用户以所述访客身份访问互联网,同时禁止用户以所述访客身份访问局域网。 [0011] allows the user access to the Internet as a guest, to prevent users from accessing the LAN to the guest.

[0012]优选地,所述认证信息包括: [0012] Preferably, the authentication information comprising:

[0013]访客姓名和访客手机号码,以及有权限访问互联网及所述局域网的责任人特征信息;所述责任人特征信息包括责任人姓名和责任人手机号码。 [0013] visitors visitor's name and phone number, as well as have access to the Internet and the local network of persons responsible for the characteristic information; the persons responsible for the characteristic information includes the name of the responsible person and responsible persons cell phone number.

[0014]优选地,所述识别用户输入的认证信息是否合法,包括: [0014] Preferably, the identification information input by the user whether the authentication method, comprising:

[0015]识别是否能够在已存储的白名单中找到所述认证信息中的责任人姓名; Whether [0015] identifying the authentication information can be found in the name of the responsible person in the white list has been stored;

[0016]若能够在已存储的白名单中找到所述认证信息中的责任人姓名,则识别所述认证信息中责任人手机号码与所述白名单中存储的该责任人姓名对应的手机号码是否一致; [0016] When the authentication information can be found in the name of the responsible person in the white list stored in the authentication information identifying the responsible person's phone number and the name of the responsible person in the white list corresponding to the stored phone number are the same;

[0017]若所述认证信息中的责任人手机号码与所述白名单中该责任人姓名对应的手机号码一致,则识别用户输入的所述认证信息合法。 [0017] If the responsible person of the same authentication information and the phone number in the white list associated with the name of the responsible person's phone number, then identifying the authentication information input by the user is legal.

[0018]优选地,所述接收用户触发的以访客身份访问网络的操作请求,之前还包括: [0018] Preferably, the receiving operation is triggered by a user request to a visitor access network, before further comprising:

[0019]部署安全网关,配置用户访问网络的所述访客权限及所述白名单。 [0019] The visitor permission to deploy security gateway, configure user access to the network and the white list.

[0020]本发明实施例还公开一种网络接入的认证装置,包括: [0020] The authentication apparatus of an embodiment of the present invention also discloses a network access, comprising:

[0021]请求获取模块,用于接收用户触发的以访客身份访问网络的操作请求; [0021] The request acquiring means for requesting the operation to access the network as a guest receiving a user trigger;

[0022]身份认证模块,用于识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息;识别用户输入的认证信息是否合法;在识别用户输入的认证信息合法时,返回验证信息至所述责任人特征信息所指向的终端,供用户输入终端显示的所述验证信息;并识别所述验证信息的正确性; [0022] authentication module for identifying when the guest is not authenticated identity, the operation request is redirected to the authentication page visitors and displayed for the user to enter the corresponding feature comprising responsible visitor authentication information based on the displayed page authentication information; authentication information input by the user identifying the legality; when the authentication information input by the user identifying valid, returns the authentication information to the responsible feature point information terminal, said input terminal for displaying a user authentication information; and verify the correctness of the identification information;

[0023]网络接入模块,用于识别所述验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络。 [0023] The network access module for identifying when the authentication information is correct, allowing the user to a visitor network according to a preset access permission visitors.

[0024]优选地,所述网络接入模块用于: [0024] Preferably, the network access module is configured to:

[0025]允许用户以所述访客身份访问互联网,同时禁止用户以所述访客身份访问局域网。 [0025] allows the user access to the Internet as a guest, to prevent users from accessing the LAN to the guest.

[0026]优选地,所述认证信息包括: [0026] Preferably, the authentication information comprising:

[0027]访客姓名和访客手机号码,以及有权限访问互联网及所述局域网的责任人特征信息;所述责任人特征信息包括责任人姓名和责任人手机号码。 [0027] visitors visitor's name and phone number, as well as have access to the Internet and the local network of persons responsible for the characteristic information; the persons responsible for the characteristic information includes the name of the responsible person and responsible persons cell phone number.

[0028]优选地,所述身份认证模块用于: [0028] Preferably, the authentication module is configured to:

[0029]识别是否能够在已存储的白名单中找到所述认证信息中的责任人姓名; Whether [0029] identifying the authentication information can be found in the name of the responsible person in the white list has been stored;

[0030]若能够在已存储的白名单中找到所述认证信息中的责任人姓名,则识别所述认证信息中责任人手机号码与所述白名单中存储的该责任人姓名对应的手机号码是否一致; [0030] When the authentication information can be found in the name of the responsible person in the white list stored in the authentication information identifying the responsible person's phone number and the name of the responsible person in the white list corresponding to the stored phone number are the same;

[0031]若所述认证信息中的责任人手机号码与所述白名单中该责任人姓名对应的手机号码一致,则识别用户输入的所述认证信息合法。 [0031] If the responsible person of the same authentication information and the phone number in the white list associated with the name of the responsible person's phone number, then identifying the authentication information input by the user is legal.

[0032]优选地,本发明实施例网络接入的认证装置还包括: [0032] Preferably, the network access authentication apparatus according to embodiments of the present invention further comprises:

[0033]信息配置模块,用于部署安全网关,配置用户访问网络的所述访客权限及所述白名单。 [0033] The module configuration information, permission for the deployment of the guest security gateway, configure user access network and the white list.

[0034]本发明实施例接收用户触发的以访客身份访问网络的操作请求;识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息;识别用户输入的认证信息是否合法;在识别用户输入的认证信息合法时,返回验证信息至所述责任人特征信息所指向的终端,供用户输入终端显示的所述验证信息;识别用户输入的所述终端显示的所述验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络;相较于现有技术中,需要对访客进行一系列的繁琐手续才能允许访客访问网络,本发明实施例具有简单、快捷地实现访客基于企业终端访问网络的有益效果;同时,设置了访客接入网络的访问权限,提高了企业信息的安全性;进一步地,由于访客基于企业内部 When the visitor identity of the identified not authenticated, the operation request is redirected to the authentication page visitors and displayed for the user based on the display; the operation request to a visitor access network according to the received user trigger embodiment [0034] of the present invention said guest page corresponding to the input authentication information containing responsible person authentication feature information; authentication information input by the user identifying the legality; when the authentication information input by the user identifying valid, returns the authentication information to the responsible feature point information terminal, for the user terminal displays the input verification information; terminal identification of the user when the entered authentication information is correct displayed, allowing the user to preset a visitor visitor access network; compared to the prior art, visitors need to conduct a series of red tape to allow visitors access to the network, the embodiment has a simple and quickly achieve a beneficial effect on visitors to access the network enterprise terminal of the present invention; the same time, set access permissions guest access network, improve the enterprise information security; further, due to the visitor based on internal business 责任人访问网络,因此具备了责任具体到个人的制度,提高了企业内部信息的防范强度;即使后续出现信息泄露的情况,也做到了有根可寻,更进一步地提高了企业内部信息的安全。 Responsible for access to the network, and therefore have a responsibility specific to the individual institutions to improve the strength of the enterprise to prevent internal information; even if the information leaked subsequent appearance, also has roots do to be found, further improve the security of enterprise information .

附图说明 BRIEF DESCRIPTION

[0035]图1是本发明网络接入的认证方法第一实施例流程示意图; [0035] FIG. 1 is a schematic diagram of the network access authentication method of the first embodiment of the process of the present invention;

[0036]图2是本发明网络接入的认证方法中显示的认证页面一实施例UI界面示意图; [0036] FIG. 2 is an authentication page displayed network access authentication method of the present invention in a schematic diagram of a UI interface embodiment;

[0037]图3是本发明网络接入的认证方法第二实施例流程示意图; [0037] FIG. 3 is a schematic flowchart of a network access authentication method of a second embodiment of the present invention;

[0038]图4是本发明网络接入的认证方法中白名单一实施例UI界面示意图; [0038] FIG. 4 is a network access authentication method of the present invention in Example whitelist diagram of a UI interface;

[0039]图5是本发明网络接入的认证方法一具体应用环境中硬件部署结构示意图; [0039] FIG. 5 is a schematic structural diagram of a network access authentication method of the present invention, a particular application environment deployment hardware;

[0040]图6是本发明网络接入的认证装置第一实施例功能模块示意图; [0040] FIG. 6 is a functional block schematic diagram of the network access authentication device of a first embodiment of the present invention;

[0041]图7是本发明网络接入的认证装置第二实施例功能模块示意图。 [0041] FIG. 7 is a network access authentication apparatus of a second embodiment of the present invention is embodiment a schematic functional block.

[0042]本发明实施例目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。 Example of embodiment achieve the object of the [0042] present invention, features and advantages of the embodiments in conjunction with embodiments, with reference to the drawings further described.

具体实施方式 Detailed ways

[0043]以下结合说明书附图及具体实施例进一步说明本发明的技术方案。 [0043] The following further illustrate the technical solutions in conjunction with the accompanying drawings of the present invention and embodiments. 应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。 It should be understood that the specific embodiments described herein are only intended to illustrate the present invention and are not intended to limit the present invention.

[0044]图1是本发明网络接入的认证方法第一实施例流程示意图;如图1所示,本发明网络接入的认证方法包括以下步骤: [0044] FIG. 1 is a schematic diagram of the network access authentication method of the first embodiment of the process of the present invention; FIG. 1, the network access authentication method of the present invention comprises the steps of:

[0045]步骤S01、接收用户触发的以访客身份访问网络的操作请求; [0045] Step S01, access to the network as a guest receives operation request triggered by the user;

[0046]安全网关接收用户基于终端发送的接入网络的操作请求时,识别发送该操作请求的用户身份。 When [0046] The security gateway receives a user operation requesting access network based on the transmitted terminal, the identity of the sending user identification request operation. 以企业内部署的服务器为例,当识别发送接入网络的操作请求为员工身份且识别该员工身份合法时,允许该员工访问对应权限的网络。 Server-deployed within enterprises, for example, when the operator identifies the access network to send a request for the employee identification and recognition of the legal status of employees, which allow employees to access the corresponding network privileges. 当识别发送接入网络的操作请求为访客时,对该用户的访客身份进行认证。 When the operation of transmitting the identification request is a visitor access network, the visitor identity of the user authentication. 比如,当某企业的访客需要临时上网时,接入到该企业的公司网络,打开浏览器,输入任何网址时,安全网关先判断该用户的访客身份是否已得到认证。 For example, when a company needs temporary visitor access, access to the company's corporate network, open the browser, input any URL, first determine whether the security gateway as a guest of the user has been authenticated.

[0047]步骤S02、识别访客身份未得到认证时,将操作请求重定向至访客认证页面并显不O [0047] step S02, the identifying visitor identification is not authenticated, the operation request is redirected to the authentication page visitors and is not significantly O

[0048]在安全网关识别所述访客身份没有得到认证时,安全网关将用户发送的访问网络的操作请求重定向至认证页面,并基于用户发送访问网络操作请求的终端上将该认证页面进行显示,供用户基于显示的所述访客认证页面输入对应的认证信息。 [0048] When the security gateway identifies a visitor has not been authenticated, the security gateway to access the network operation request sent by the user is redirected to the authentication page, and the user authentication page displayed on the terminal transmits the operation request to access the network for the user based on input authentication information corresponding to the guest authentication page displayed. 本实施例中,所述认证信息包括访客姓名和访客手机号码,以及有权限访问互联网及所述局域网的责任人姓名和责任人手机号码。 In this embodiment, the authentication information includes a visitor's name and phone number of visitors, as well as have access to the Internet and the local network of persons responsible for the name and phone number of the responsible person. 本实施例中,所述责任人可以理解为企业内部的员工,或者其他具有一定权限的管理人员。 In this embodiment, the responsible person can be understood as internal employees, management or other personnel with certain privileges.

[0049]在一优选的实施例中,所述认证页面提供以下两个选项供用户选择:“我是员工”和“我是访客”。 [0049] In a preferred embodiment, the authentication page providing the following two options for the user to select: "I employee" and "I am Visitors." 当用户点击“我是访客”时,安全网关显示访客认证页面并显示。 When the user clicks the "I am Visitors", the security gateway authentication page and show visitors to display. 图2是本发明网络接入的认证方法中显示的认证页面一实施例UI界面示意图;在图2所示的访客认证界面上,用户需在手机号码输入框中,输入自己有效的手机号码;如图2所示的访客认证界面上,若只有一个“用户名”输入框,则只需输入责任人的姓名即可;若访客认证界面上有两个姓名输入框“用户名”、“访客名”,则用户需在用户名输入框中,输入责任人的姓名后,对应在访客名输入框中,再输入自己的姓名;同时,用户需在“担保人手机号码”输入框,输入责任人的有效手机号码;在用户完成上述认证信息的输入后,点击“获取验证码”控件,等待接收安全网关返回的验证码信息。 FIG 2 is an authentication page displayed network access authentication method of the present invention in a schematic diagram of a UI interface embodiment; on a visitor authentication interface shown in FIG. 2, the user needs to enter the phone number in the box, their input a valid phone number; on the screen shown in Figure 2 visitors certification, if only a "user name" input box, simply enter the name of the responsible person can; if there are two names on the guest authentication interface input box "user name", "visitors name ", the user needs to enter in the username box, enter the name of the responsible person, the name of the corresponding input in the guest box, then enter their names; at the same time, users need the" guarantor phone number "input box, enter the responsibility people effective mobile phone number; after the user has finished entering the authentication information, click the "get code" control, wait for a verification code to receive information returned by the security gateway.

[0050]步骤S03、识别用户输入的认证信息是否合法;若是,则执行步骤S04;若否,则执行步骤S05; [0050] step S03, the user inputs authentication information for identifying the legality; if yes, step S04 is performed; if not, step S05 is executed;

[0051]步骤S04、返回验证信息至责任人特征信息所指向的终端;并继续执行步骤S06; [0051] step S04, the terminal returns the authentication information to the responsible feature information is directed; and proceed to step S06;

[0052]步骤S05、发出认证信息错误的提示信息; [0052] Step S05, an authentication error message information;

[0053]步骤S06、允许用户以访客身份按照预设的访客权限访问网络。 [0053] Step S06, to allow a guest user to access the network according to the preset visitor privileges.

[0054]在安全网关接收到用户基于图2显示的UI界面点击“获取验证码”控件所触发的操作指令时,验证用户输入的认证信息是否合法。 When the [0054] receiving a user clicks an operation instruction "get codes" control triggered based on a UI screen displayed on the security gateway 2, verifies the authentication information input by the user is legitimate. 在安全网关验证用户输入的认证信息合法时,随机生成验证码作为验证信息发送至责任人特征信息所指向的终端;用户获取所述终端显示的验证信息,并将所述验证信息输入图2所示的“输入收到的短信验证码”的信息输入框,点击“登录”控件;安全网关识别用户输入的验证信息与自身发出的验证信息是否一致,若二者一致,则允许用户以访客身份按照预设的访客权限访问网络。 When security gateway the authentication information input by the user authentication method, a randomly generated terminal authentication code as the authentication information to the responsible feature information is directed; obtaining user authentication information of the terminal display and enter the authentication information 2 shows "input received SMS verification code," the message input box, click on the "Login" control; verify to verify the information entered by the user to identify the security gateway itself issued a unanimous, if the two match, the allow the user as a guest access to the network according to a preset visitor privileges. 若安全网络识别用户输入的验证信息与自身发出的验证信息不一致,则提示用户重新输入。 If verification is inconsistent information security authentication information entered by the user and network identification issued by itself, the user is prompted to re-enter. 在一优选的实施例中,若安全网关检测到在预设时长(如60秒)内,用户仍未输入正确的验证信息或者未输入任何验证信息,则本次发送的验证信息自动失效;同时,安全网关允许认证信息合法的用户再次获取验证码,并再次输入获取到的验证码。 In a preferred embodiment, the security gateway detects when a predetermined length (e.g., 60 seconds), the user has not input the correct authentication information is not input or any authentication information, the authentication information is automatically transmitted this time failure; while , security gateway allows users to access legitimate authentication information verification code again, and get to enter the verification code again.

[0055]若安全网关验证用户输入的认证信息不合法,则发出认证信息错误的提示信息,以提示用户输入的认证信息不正确;此时,用户可选择重新输入认证信息。 [0055] If the security gateway verifies the authentication information entered by the user is not legitimate, authenticated information about the error message is issued to prompt the user to enter authentication information is not correct; this time, the user can choose to re-enter authentication information.

[0056]在一优选的实施例中,安全网关识别用户输入的验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络,包括:仅允许用户以合法的所述访客身份访问企业外网,同时禁止用户访问企业局域网即企业内网。 [0056] In a preferred embodiment, when the security gateway authentication information input by the user to identify the correct, allowing the user to preset a visitor visitor access network, comprising: allowing only the legitimate user to a visitor access the extranet, while prohibiting users from accessing the corporate LAN that is, within the enterprise network.

[0057]在一优选的实施例中,安全网关识别用户输入的认证信息是否合法,包括: [0057] In a preferred embodiment, the authentication information input by the user to identify the security gateway is legitimate, comprising:

[0058]在安全网络接收到用户基于认证页面输入的认证信息时,查找预先存储的责任人白名单;识别是否能够在已存储的白名单中找到所述认证信息中的责任人姓名及对应的责任人手机号码;若能够在白名单中找到所述认证信息中的责任人姓名和对应的责任人手机号码,则识别用户输入的认证信息合法。 [0058] When receiving the secure network based on the user authentication information input page, look responsible whitelist stored in advance; identifying whether persons responsible to find the name of the authentication information stored in the white list and the corresponding responsible mobile phone number; if it can find the persons responsible for the authentication information corresponding to the name and phone number of the responsible person in the white list, the identification authentication information entered by the user is legitimate.

[0059]进一步地,为了保证信息的安全性,防止用户随意输入的责任人姓名和随意输入的手机号码恰好在白名单中一起出现,但二者不是配对的,即该责任人姓名对应的手机号码并非白名单中存储的该责任人对应的手机号码;在验证用户输入的认证信息是否合法时,安全网关还可以采用下述方式: [0059] Further, in order to guarantee the security of information, to prevent persons responsible for the user to freely enter the name and optionally enter a phone number just appear together in the white list, but they are not paired, that is the name of the persons responsible for the corresponding phone number is not stored in the white list of the persons responsible for the corresponding phone number; whether in the authentication information to validate user input legal, security gateway also can be used in the following manner:

[0060]在已存储的白名单中能够找到所述认证信息中的责任人姓名时,同时识别所述认证信息中责任人手机号码与所述白名单中存储的该责任人姓名对应的手机号码是否一致;若所述认证信息中的责任人手机号码与所述白名单中该责任人姓名对应的手机号码一致,则识别用户输入的所述认证信息合法。 When the [0060] authentication information to find the name responsible in the whitelist stored while identifying the responsible person authentication information and the phone number stored in the white list associated with the name of the responsible person's phone number it is the same; the same authentication information if the responsible person in the cell phone number of the white list of the names of persons responsible for the corresponding phone number, identifying the authentication information entered by the user is legitimate. 这样,降低了用户随机输入信息的巧合性,提高了对认证信息进行验证的准确性。 In this way, reducing the random coincidence of the user input information to improve the accuracy of authentication information for authentication.

[0061 ]基于本实施例的描述,步骤S04、返回验证信息至责任人特征信息所指向的终端,其中,责任人特征信息所指向的终端可以理解为责任人手机号码所对应的终端,即安全网关在验证用户输入的认证信息合法时,将随机生成的验证信息发送至认证信息中责任人的手机号码对应的终端上;用户可以向责任人索取该验证信息,并输入获取的验证信息,以访问网络。 [0061] Based on the description of the present embodiment, step S04, the return authentication information to the terminal responsible feature information is directed, wherein responsible feature information pointed to the terminal can be understood as the responsible person's phone number corresponding to the terminal, i.e., safety the gateway when the authentication information to verify the user input method, a randomly generated authentication information to the phone number corresponding to the terminal authentication information responsible person; user can obtain the authentication information to the responsible person, and enter the acquired information to access to the network.

[0062]本发明实施例接收用户触发的以访客身份访问网络的操作请求;识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息;识别用户输入的认证信息是否合法;在识别用户输入的认证信息合法时,返回验证信息至责任人特征信息所指向的终端,供用户输入终端显示的所述验证信息;识别用户输入的所述终端显示的所述验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络;具有简单、快捷地实现访客基于企业终端访问网络的有益效果;同时,设置了访客接入网络的访问权限,提高了企业信息的安全性;进一步地,由于访客基于企业内部责任人访问网络,因此具备了责任具体到个人的制度,提高了企业内部信息的防范强度;即使后续 When the visitor identity of the identified not authenticated, the operation request is redirected to the authentication page visitors and displayed for the user based on the display; the operation request to a visitor access network according to the received user trigger embodiment [0062] of the present invention said visitor authentication page corresponding to the input authentication information including the responsible feature information; authentication information for identifying the user input is legitimate; when the authentication information for identifying a user input valid, returns the authentication information to the terminal responsible feature information is directed, for user input the terminal displays the verification information; terminal identification of the user when the entered authentication information is correct displayed, allowing the user to preset a visitor visitor access to the network; a simple, quickly realized based company terminal guest the beneficial effects of access to the network; the same time, set access permissions guest access network, improving the security of corporate information; further, due to the guest access network based on internal corporate responsibility people, hence, have a responsibility specific to the individual institutions to improve the strength to prevent internal information; even if the follow-up 出现信息泄露的情况,也做到了有根可寻,更进一步地提高了企业内部信息的安全。 Case of information leakage occurs, also do have roots to be found, further improve the security of enterprise information.

[0063]图3是本发明网络接入的认证方法第二实施例流程示意图;本实施例与图1所述实施例的区别是,在步骤S01、接收用户触发的以访客身份访问网络的操作请求,之前增加了: [0063] FIG. 3 is a network access authentication method of the present invention is a schematic diagram of a second embodiment process; embodiment differs from the embodiment of FIG 1 the present embodiment, in step S01, a visitor access network operable to receive a user-triggered request, before the increase:

[0064]步骤S11、部署安全网关,配置用户访问网络的访客权限及白名单。 [0064] step S11, the visitor permission to deploy security gateway, configure user access to the network and whitelist.

[0065]本实施例仅对步骤Sll进行具体描述,有关本发明网络接入的认证方法所涉及的其它步骤请参照相关实施例的具体描述,在此不再赘述。 [0065] The present embodiment only the step Sll will be specifically described, other steps related to a network access authentication method according to the present invention, please refer to the detailed description related embodiments not described herein again.

[0066]在网络管理员部署完成安全网关后,安全网关设置用户访问网络的访客权限,同时设置白名单。 [0066] After the network administrator deployed security gateways, security gateways set up guest users access to the network, and set the white list. 图4是本发明网络接入的认证方法中白名单一实施例UI界面示意图;本实施例中,设置的白名单包括:责任人姓名、责任人的有效手机号码及责任人所在部门。 FIG 4 is a network access authentication method of the present invention in a white list interface UI schematic embodiment; the present embodiment, a whitelist is provided comprising: a mobile phone number and valid department responsible where responsibility name, responsible person. 本实施例中,所述责任人即企业内部员工。 In this embodiment, the internal staff that is responsible.

[0067]本实施例中,在网络出口处部署安全网关装置,部署安全网关可以以路由或者网桥的方式进行部署。 [0067] In this embodiment, the deployment of the security gateway devices in the network outlet, the deployment of the security gateway may be deployed to bridge or routing mode. 如图5所示,图5是本发明网络接入的认证方法一具体应用环境中硬件部署结构示意图;本实施例中,将涉密内网服务器放置于安全网关的DMZ(DemilitarizedZone,隔离区),同时配置访客身份的用户组不能访问DMZ区,且认证通过的访客身份的用户只能访问外网权限,然后在安全网关上配置企业信任的且有资格有能力为外来访客申请上网权限的内部员工名单即白名单,白名单需包含该内部员工姓名、所在部门和手机号(如图4所示)。 5, FIG. 5 is a schematic view of a hardware architecture deployed network access authentication method of the present invention, a particular application environment; embodiment according to the present embodiment, the server is placed in the classified network gateway in the DMZ (DemilitarizedZone, isolation region) inside, configure a guest user group can not access the DMZ, and certified by a guest user can only access the external network permissions, and then configure the business trust on the security gateway and are eligible to apply for the foreign visitors have the ability to access rights staff list and white list, white list must include the employee's name inside, where the department and phone number (Figure 4). 然后外来访客需要上网时接入内网,无内网服务器访问权限,输入任何外网网页均会重定向到认证页面(如图2所示);外来访客基于图2所示的认证界面输入自己的用户名和手机号与担保人的用户名和手机号之后,安全网关判断该担保人在系统预先设置的白名单中,则会将短信验证码发到担保人手机中,访客找担保人获取验证码,正确输入后即可上网。 Then foreign visitors need access to network within the Internet, no network access server, enter any external web pages will be redirected to the authentication page (Figure 2); foreign visitors to enter their authentication based interface shown in Figure 2 after the user name and phone number and the guarantor of the user name and phone number, the security gateway determines that the guarantor in the white list system set in advance, it will be a verification code sent to the mobile phone text messages guarantor, surety visitors looking to get a verification code , you can access the correct input.

[0068]本实施例中,所述DMZ可以理解为是一个过滤的子网,DMZ在内部网络和外部网络之间构造了一个安全地带。 [0068] In this embodiment, the DMZ can be understood as a filter subnet, DMZ between the internal network and external network to construct a safety zone. DMZ区则是为了解决安装防火墙后外部网络不能访问内部网络服务器的问题,而设立的一个非安全系统与安全系统之间的缓冲区,这个缓冲区位于企业内部网络和外部网络之间的小网络区域内。 DMZ area to solve the problem is the external network can not access the internal network server after installing a firewall, a buffer zone between the non-safety systems and security systems established, this buffer is located in a small network between the internal network and external networks within the area. DMZ防火墙方案为要保护的内部网络增加了一道安全防线,通常认为是非常安全的。 DMZ firewall program to protect the internal network adds extra layer of security, generally considered to be very safe. 同时它提供了一个区域放置公共服务器,从而又能有效地避免一些互联应用需要公开而与内部安全策略相矛盾的情况发生。 At the same time it provides a public area to place a server, thus can effectively avoid some Internet applications need to open and cases with internal security policies contradict occur.

[0069]本实施例部署安全网关并设置访客的访问权限和白名单,为访客提供了便捷的访问通道。 [0069] Example embodiment of the present deployment set access permissions and security gateway whitelist visitors and provide an easy access to passage of visitors.

[0070]图6是本发明网络接入的认证装置第一实施例功能模块示意图;如图6所示,本发明网络接入的认证装置包括:请求获取模块01、身份认证模块02和网络接入模块03。 [0070] FIG. 6 is a functional block schematic diagram of the network access authentication device of a first embodiment of the present invention; FIG. 6, the network access authentication apparatus of the present invention comprises: a request obtaining module 01, authentication module 02 and network interface the module 03.

[0071]请求获取模块01接收用户基于终端发送的接入网络的操作请求时,识别发送该操作请求的用户身份。 When [0071] The acquisition module 01 receives a user request based on the operation request sent by the terminal to access the network, identifying the identity of the sending user operation request. 以企业内部署的服务器为例,当请求获取模块01识别发送接入网络的操作请求为员工身份且识别该员工身份合法时,允许该员工访问对应权限的网络。 Server-deployed within enterprises, for example, when a request to obtain recognition module 01 sends an access request to the network operations staff to identify the identity and legal status of employees, which allow employees to access the corresponding network privileges. 当请求获取模块01识别发送接入网络的操作请求为访客时,对该用户的访客身份进行认证。 When the request acquisition module 01 sends an access network identification operation request for visitors, the guest user identity authentication. 比如,当某企业的访客需要临时上网时,接入到该企业的公司网络,打开浏览器,输入任何网址时,请求获取模块01先判断该用户的访客身份是否已得到认证。 For example, when a company needs temporary visitor access, access to the company's corporate network, open the browser, input any URL, the request obtaining module 01 first determines whether or not a guest of the user has been authenticated.

[0072]在请求获取模块01识别所述访客身份没有得到认证时,身份认证模块02将用户发送的访问网络的操作请求重定向至认证页面,并基于用户发送访问网络操作请求的终端上将该认证页面进行显示,供用户基于显示的所述访客认证页面输入对应的认证信息。 [0072] When requested to identify the guest identification obtaining module 01 is not authenticated, the authentication module 02 of the user operating the network access request sent redirected to the authentication page, and transmits the user terminal based on the network access the requested operation authentication page displayed for the user to input the authentication information corresponding to the guest authentication based on the displayed page. 本实施例中,所述认证信息包括访客姓名和访客手机号码,以及有权限访问互联网及所述局域网的责任人姓名和责任人手机号码。 In this embodiment, the authentication information includes a visitor's name and phone number of visitors, as well as have access to the Internet and the local network of persons responsible for the name and phone number of the responsible person. 本实施例中,所述责任人可以理解为企业内部的员工,或者其他具有一定权限的管理人员。 In this embodiment, the responsible person can be understood as internal employees, management or other personnel with certain privileges.

[0073]在一优选的实施例中,所述认证页面提供以下两个选项供用户选择:“我是员工”和“我是访客”。 [0073] In a preferred embodiment, the authentication page providing the following two options for the user to select: "I employee" and "I am Visitors." 当用户点击“我是访客”时,身份认证模块02显示访客认证页面并显示。 When the user clicks the "I am Visitors", the authentication module 02 displays the authentication page and display visitors. 在图2所示的访客认证界面上,用户需在手机号码输入框中,输入自己有效的手机号码;如图2所示的访客认证界面上,若只有一个“用户名”输入框,则只需输入责任人的姓名即可;若访客认证界面上有两个姓名输入框“用户名”、“访客名”,则用户需在用户名输入框中,输入责任人的姓名后,对应在访客名输入框中,再输入自己的姓名;同时,用户需在“担保人手机号码”输入框,输入责任人的有效手机号码;在用户完成上述认证信息的输入后,点击“获取验证码”控件,等待接收身份认证模块02返回的验证码信息。 On a visitor authentication screen shown in FIG. 2, the user needs to enter the phone number in the box, their input a valid phone number; the visitor authentication interface shown in FIG. 2, if there is only one "user name" input box, only need to enter the name of the responsible person can; if there are two names on the guest authentication interface input box "user name", "Guest name", the user needs to enter in the username box, enter the name of the responsible person, in the corresponding visitor name input box, and then enter their names; at the same time, users need the "guarantor phone number" input box, enter a valid mobile phone number of the responsible person; after the user has finished entering the authentication information, click the "get code" control waiting to receive authentication module verifies the information returned 02 yards.

[0074]在身份认证模块02接收到用户基于图2显示的UI界面点击“获取验证码”控件所触发的操作指令时,验证用户输入的认证信息是否合法。 When [0074] In the authentication module 02 receives the user clicks on "Get codes" operation instruction control triggered based UI interface 2 shown in FIG, verifies the authentication information input by the user is legitimate. 在身份认证模块02验证用户输入的认证信息合法时,随机生成验证码作为验证信息发送至责任人特征信息所指向的终端;用户获取所述终端显示的验证信息,并将所述验证信息输入图2所示的“输入收到的短信验证码”的信息输入框,点击“登录”控件;身份认证模块02识别用户输入的验证信息与自身发出的验证信息是否一致,若二者一致,则允许用户以访客身份按照预设的访客权限访问网络。 When the authentication module 02 authentication information input by the user authentication method, a randomly generated codes as the authentication information to the information terminal responsible feature points; obtaining user authentication information of the terminal display and enter the authentication information "input received SMS verification code" shown in box 2 enter information, click on the "Login" control; verify to verify the identity authentication information input by the user module 02 identifies itself with the issue of consistency, if the two match, the allow as a guest user network access in accordance with preset visitors authority. 若身份认证模块02识别用户输入的验证信息与自身发出的验证信息不一致,则提示用户重新输入。 If the verification information to verify identity authentication information input by the user module 02 identifies itself with the issue of inconsistency, the user is prompted to re-enter. 在一优选的实施例中,若身份认证模块02检测到在预设时长(如60秒)内,用户仍未输入正确的验证信息或者未输入任何验证信息,则本次发送的验证信息自动失效;同时,身份认证模块02允许认证信息合法的用户再次获取验证码,并再次输入获取到的验证码。 In a preferred embodiment, if the authentication module 02 detects the length (e.g., 60 seconds), the user has not input the correct authentication information is not input or a preset time any authentication information, the authentication information is automatically transmitted this time failure ; at the same time, the authentication module 02 allows the user to obtain authentication information legitimate verification code again, and get to enter the verification code again.

[0075]若身份认证模块02验证用户输入的认证信息不合法,则发出认证信息错误的提示信息,以提示用户输入的认证信息不正确;此时,用户可选择重新输入认证信息。 [0075] If the authentication information authentication module 02 to validate user input is not legitimate, the authentication information sent the wrong message to prompt the user to enter authentication information is not correct; this time, the user can choose to re-enter authentication information.

[0076]在一优选的实施例中,身份认证模块02识别用户输入的验证信息正确时,网络接入模块03允许用户以所述访客身份按照预设的访客权限访问网络,包括:仅允许用户以合法的所述访客身份访问企业外网,同时禁止用户访问企业局域网即企业内网。 [0076] In a preferred embodiment, the authentication verifying information input by the user identification module 02 is correct, the network access module 03 allows the user to preset the visitor identity of the visitor access network, comprising: allowing the user to only extranet access to legal identity of the visitor, while prohibiting users from accessing the corporate LAN that is, within the enterprise network.

[0077]在一优选的实施例中,身份认证模块02识别用户输入的认证信息是否合法,包括: [0077] In a preferred embodiment, the authentication module 02 authentication information input by the user is legitimate identification, comprising:

[0078]在身份认证模块02接收到用户基于认证页面输入的认证信息时,查找预先存储的责任人白名单;识别是否能够在已存储的白名单中找到所述认证信息中的责任人姓名及对应的责任人手机号码;若能够在白名单中找到所述认证信息中的责任人姓名和对应的责任人手机号码,身份认证模块02则识别用户输入的认证信息合法。 [0078] When the authentication module 02 receives the user based on the authentication information input page and look for those responsible whitelist stored in advance; whether recognition can to find those responsible in the name of the authentication information stored in the white list and in corresponding responsible mobile phone number; if it can find the persons responsible for the authentication information corresponding to the name and phone number of the responsible person in the white list, the authentication information authentication module 02 identifies the user to enter legally.

[0079]进一步地,为了保证信息的安全性,防止用户随意输入的责任人姓名和随意输入的手机号码恰好在白名单中一起出现,但二者不是配对的,即该责任人姓名对应的手机号码并非白名单中存储的该责任人对应的手机号码;在验证用户输入的认证信息是否合法时,身份认证模块02还可以采用下述方式: [0079] Further, in order to guarantee the security of information, to prevent persons responsible for the user to freely enter the name and optionally enter a phone number just appear together in the white list, but they are not paired, that is the name of the persons responsible for the corresponding phone number is not stored in the white list of the persons responsible for the corresponding phone number; whether in the authentication information to validate user input legal, the authentication module 02 also can be used in the following manner:

[0080]在已存储的白名单中能够找到所述认证信息中的责任人姓名时,同时识别所述认证信息中责任人手机号码与所述白名单中存储的该责任人姓名对应的手机号码是否一致;若所述认证信息中的责任人手机号码与所述白名单中该责任人姓名对应的手机号码一致,则识别用户输入的所述认证信息合法。 When the [0080] authentication information to find the name responsible in the whitelist stored while identifying the responsible person authentication information and the phone number stored in the white list associated with the name of the responsible person's phone number it is the same; the same authentication information if the responsible person in the cell phone number of the white list of the names of persons responsible for the corresponding phone number, identifying the authentication information entered by the user is legitimate. 这样,降低了用户随机输入信息的巧合性,提高了对认证信息进行验证的准确性。 In this way, reducing the random coincidence of the user input information to improve the accuracy of authentication information for authentication.

[0081]基于本实施例的描述,身份认证模块02返回验证信息至责任人特征信息所指向的终端,其中,责任人特征信息所指向的终端可以理解为责任人手机号码所对应的终端,即身份认证模块02在验证用户输入的认证信息合法时,将随机生成的验证信息发送至认证信息中责任人的手机号码对应的终端上;用户可以向责任人索取该验证信息,并输入获取的验证信息,以访问网络。 [0081] Based on the description of the present embodiment, authentication module 02 returns the authentication information to the terminal responsible feature information is directed, wherein responsible feature information pointed to the terminal can be understood as the responsible person's phone number corresponding to the terminal, i.e., authentication module 02 when verifying the authentication information entered by the user legitimate, randomly generated authentication information is sent to the phone number corresponding to the terminal authentication information of the responsible person; the user can obtain the authentication information from the responsible person, and enter the obtained verification information to access the network.

[0082]本发明实施例接收用户触发的以访客身份访问网络的操作请求;识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息;识别用户输入的认证信息是否合法;在识别用户输入的认证信息合法时,返回验证信息至责任人特征信息所指向的终端,供用户输入终端显示的所述验证信息;识别用户输入的所述终端显示的所述验证信息正确时,允许用户以所述访客身份按照预设的访客权限访问网络;具有简单、快捷地实现访客基于企业终端访问网络的有益效果;同时,设置了访客接入网络的访问权限,提高了企业信息的安全性;进一步地,由于访客基于企业内部责任人访问网络,因此具备了责任具体到个人的制度,提高了企业内部信息的防范强度;即使后续 When the visitor identity of the identified not authenticated, the operation request is redirected to the authentication page visitors and displayed for the user based on the display; the operation request to a visitor access network according to the received user trigger embodiment [0082] of the present invention said visitor authentication page corresponding to the input authentication information including the responsible feature information; authentication information for identifying the user input is legitimate; when the authentication information for identifying a user input valid, returns the authentication information to the terminal responsible feature information is directed, for user input the terminal displays the verification information; terminal identification of the user when the entered authentication information is correct displayed, allowing the user to preset a visitor visitor access to the network; a simple, quickly realized based company terminal guest the beneficial effects of access to the network; the same time, set access permissions guest access network, improving the security of corporate information; further, due to the guest access network based on internal corporate responsibility people, hence, have a responsibility specific to the individual institutions to improve the strength to prevent internal information; even if the follow-up 出现信息泄露的情况,也做到了有根可寻,更进一步地提高了企业内部信息的安全。 Case of information leakage occurs, also do have roots to be found, further improve the security of enterprise information.

[0083]图7是本发明网络接入的认证装置第二实施例功能模块示意图。 [0083] FIG. 7 is a network access authentication apparatus of a second embodiment of the present invention is embodiment a schematic functional block. 本实施例与图6所述实施例的区别是,增加了信息配置模块04;本实施例仅对信息配置模块04进行具体描述,有关本发明网络接入的认证装置所涉及的其他模块请参照相关实施例的具体描述,在此不再赘述。 This embodiment differs from the embodiment of FIG. 6 of the present embodiment, the configuration module 04 adds the information; embodiment according to the present embodiment only the information configuration module 04 will be specifically described, other modules of the network access authentication device related to the present invention, refer to DETAILED dESCRIPTION oF RELATED embodiments, not described herein again.

[0084] 如图7所示,本发明网络接入的认证装置还包括: [0084] As shown in FIG 7, the network access authentication apparatus of the present invention further comprises:

[0085]信息配置模块04,用于部署安全网关,配置用户访问网络的访客权限及白名单。 [0085] Configuration module 04, visitors permission for the deployment of security gateways, configure user access to the network and whitelist.

[0086]在信息配置模块04基于网络管理员的操作指令部署完成安全网关后,信息配置模块04设置用户访问网络的访客权限,同时设置白名单,设置白名单的界面如图4所示。 [0086] After the configuration information based on operational instruction module 04 is deployed in the network security gateway administrator, the configuration information module 04 is provided to access the network visitor permission, white list, whitelist interface shown in Fig. 本实施例中,信息配置模块04设置的白名单包括:责任人姓名、责任人的有效手机号码及责任人所在部门。 In this embodiment, the whitelist configuration module 04 settings include: effective and responsible phone number where the department responsible person's name, responsible person. 本实施例中,所述责任人即企业内部员工。 In this embodiment, the internal staff that is responsible.

[0087]本实施例中,信息配置模块04在网络出口处部署安全网关装置,信息配置模块04部署安全网关可以以路由或者网桥的方式进行部署。 [0087] In this embodiment, the configuration information module 04 to deploy the security gateway devices in the network outlet, deployment information to configure the security gateway module 04 can be deployed to route or bridge mode. 如图5所示,本实施例中,信息配置模块04将涉密内网服务器放置于安全网关的DMZ,同时配置访客身份的用户组不能访问DMZ区,且认证通过的访客身份的用户只能访问外网权限,然后在安全网关上配置企业信任的且有资格有能力为外来访客申请上网权限的内部员工名单即白名单,白名单需包含该内部员工姓名、所在部门和手机号(如图4所示)。 5, the user group according to the present embodiment, the configuration module 04 to the information classified network server placed in the DMZ security gateway, configure visitor identity can not access the DMZ, and the visitor identity authentication by a user only internal staff access to external network rights list, and then configure the business trust on the security gateway and be eligible to have the ability to apply for access rights for foreign visitors or white list, white list must include the employee's name inside, where the department and phone number (Figure FIG. 4). 然后外来访客需要上网时接入内网,无内网服务器访问权限,输入任何外网网页均会重定向到认证页面(如图2所示);外来访客基于图2所示的认证界面输入自己的用户名和手机号与担保人的用户名和手机号之后,身份认证模块02判断该担保人在系统预先设置的白名单中,则会将短信验证码发到担保人手机中,访客找担保人获取验证码,正确输入后即可上网。 Then foreign visitors need access to network within the Internet, no network access server, enter any external web pages will be redirected to the authentication page (Figure 2); foreign visitors to enter their authentication based interface shown in Figure 2 after the user name and phone number and the guarantor of the user name and phone number, the authentication module 02 determines that the guarantor in the white list system set in advance, it will be a guarantor SMS verification code sent to your phone, visitors get to find a guarantor verification code, you can access the correct input. 有关DMZ区的具体描述请参照上述相关实施例的具体描述,在此不再赘述。 For detailed description, refer to the DMZ detailed description of the above-described related examples, which are not repeated herein.

[0088]在一优选的实施例中,信息配置模块04可以实时或者定时更新已存储的白名单,以保证责任人及该责任人对应的手机号码保持最新且有效。 [0088] In a preferred embodiment, the configuration information in real time or the timing module 04 can update whitelist stored, and to ensure that the responsible person responsible for the corresponding phone number and valid date.

[0089]本实施例部署安全网关并设置访客的访问权限和白名单,为访客提供了便捷的访问通道。 [0089] Example embodiment of the present deployment set access permissions and security gateway whitelist visitors and provide an easy access to passage of visitors.

[0090]需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。 [0090] Incidentally, herein, the terms "comprises", "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises not only the article those elements, but also other elements not explicitly listed, or further includes elements of the process, method, article, or apparatus inherent. 在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。 Without more constraints, by the wording "include a ......" defining element does not exclude the existence of additional identical elements in the element comprising a process, method, article, or apparatus.

[0091]上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。 Embodiment [0091] The present invention No. merely for description, the embodiments do not represent the merits embodiment.

[0092]以上所述仅为本发明的优选实施例,并非因此限制其专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。 [0092] The above are only preferred embodiments of the present invention, not intended to limit the scope of their patent, any use of the specification and drawings of the present invention taken equivalent structures or equivalent process, directly or indirectly, to other related BACKGROUND shall also fall within the scope of protection of the present invention.

Claims (6)

1.一种网络接入的认证方法,其特征在于,包括以下步骤: 接收用户触发的以访客身份访问网络的操作请求; 识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息以供进行上网认证,其中,所述责任人特征信息包括责任人姓名和责任人手机号码; 识别用户输入的认证信息是否合法,其中,所述识别用户输入的认证信息是否合法包括:识别是否能够在已存储的白名单中找到所述认证信息中的责任人姓名;若能够在已存储的白名单中找到所述认证信息中的责任人姓名,则识别所述认证信息中责任人手机号码与所述白名单中存储的该责任人姓名对应的手机号码是否一致;若所述认证信息中的责任人手机号码与所述白名单中该责任人姓名对应的手机号码 A network access authentication method, characterized by comprising the steps of: operating a request to access the network as a guest receiving a user trigger; identifying the guest identification is not authenticated, the operation request to redirect visitors authentication page and displayed for the user to enter authentication information corresponding to the characteristic information includes persons responsible for the visitor based authentication page displayed for authentication to access the Internet, in which the persons responsible for the characteristic information includes the name of the responsible person and responsible persons cell phone number; authentication information identifying the user input is legitimate, wherein the identification authentication information entered by the user is legitimate include: identifying whether the authentication information can be found in the name of the responsible person in the white list has been stored; if it can already be stored in the whitelist find the authentication information in the name of the responsible person is identified whether the authentication information to the persons responsible for the phone number and the name of the responsible person in the white list stored in the corresponding phone number matches; if the authentication information the persons responsible for the phone number of the white list of the names of persons responsible for the corresponding phone number 致,则识别用户输入的所述认证信息合法; 在识别用户输入的认证信息合法时,根据所述责任人手机号码,以短信方式返回验证信息至所述责任人特征信息所指向的终端,供用户在所述访客认证页面上输入在所述责任人特征信息所指向的终端显示的所述验证信息,若用户输入的验证信息与以短信方式返回的验证信息相同,则确定验证信息识别正确; 识别所述验证信息正确时,允许用户以所述访客身份访问互联网,同时禁止用户以所述访客身份访问局域网。 Induced, then identifying the authentication information input by the user is legal; when the authentication information input by the user identifying method, according to the responsible mobile phone number, text message information to the verification return responsible feature point information terminal, for guest user authentication on said verification page, enter the responsible feature information of the point information display terminal, when the authentication information input by the user authentication information in a text message returned by the same, it is determined that correct authentication information identification; when the information is correct to identify the authentication, allowing users to access the Internet to a guest, to prevent users from accessing the LAN to the guest.
2.如权利要求1所述的方法,其特征在于,所述认证信息包括: 访客姓名和访客手机号码,以及有权限访问互联网及所述局域网的责任人特征信息。 2. The method according to claim 1, wherein the authentication information comprises: Guest's name and phone number visitors, as well as have access to the Internet and the persons responsible for the LAN feature information.
3.如权利要求1所述的方法,其特征在于,所述接收用户触发的以访客身份访问网络的操作请求,之前还包括: 部署安全网关,配置用户访问网络的所述访客权限及白名单。 3. The method according to claim 1, wherein the operation of receiving a request to access the network as a guest user triggered until further comprising: deploying the guest privilege security gateway, configure user access network and a whitelist .
4.一种网络接入的认证装置,其特征在于,包括: 请求获取模块,用于接收用户触发的以访客身份访问网络的操作请求; 身份认证模块,用于识别所述访客身份未得到认证时,将所述操作请求重定向至访客认证页面并显示,供用户基于显示的所述访客认证页面输入对应包含责任人特征信息的认证信息以供进行上网认证,其中,所述责任人特征信息包括责任人姓名和责任人手机号码;识别用户输入的认证信息是否合法;在识别用户输入的认证信息合法时,根据所述责任人手机号码,以短信方式返回验证信息至所述责任人特征信息所指向的终端,供用户在所述访客认证页面上输入在所述责任人特征信息所指向的终端显示的所述验证信息;并识别所述验证信息的正确性,若用户输入的验证信息与以短信方式返回的验证信息相同,则确定验证信息识别正确; A network access authentication apparatus comprising: request obtaining means for requesting the operation to access the network as a guest user receives the trigger; authentication module for identifying the guest identification is not authenticated when the operation request is redirected to the visitors and the authentication page displayed for a user input corresponding to the guest authentication page displayed based on the authentication information including the characteristic information responsible for authentication to access the Internet, wherein said responsible feature information including liability name and phone number responsible; authentication information input by the user identifying the legality; when the authentication information input by the user identifying method, according to the responsible mobile phone number, text message information to the verification return responsible feature information pointed terminal, authentication information for the user to enter the responsible feature point information on the terminal display of the guest authentication page; identify and verify the accuracy of the information, if the authentication information input by the user same text message verification information is returned, it is determined that correct authentication information identification; 中,所述身份认证模块还用于:识别是否能够在已存储的白名单中找到所述认证信息中的责任人姓名;若能够在已存储的白名单中找到所述认证信息中的责任人姓名,则识别所述认证信息中责任人手机号码与所述白名单中存储的该责任人姓名对应的手机号码是否一致;若所述认证信息中的责任人手机号码与所述白名单中该责任人姓名对应的手机号码一致,则识别用户输入的所述认证信息合法; 网络接入模块,用于识别所述验证信息正确时,允许用户以所述访客身份访问互联网,同时禁止用户以所述访客身份访问局域网。 , The authentication module is further configured to: identify whether the authentication information can be found in the name of the responsible person in the white list has been stored; if it can be found in the white list stored in the persons responsible for the authentication information name, the authentication information identifies whether the persons responsible for the mobile phone number and the name of the responsible person in the white list corresponding to the stored phone number coincidence; if the responsible person's phone number and the authentication information of the whitelist consistent with the responsibility of names corresponding phone number, identifying the authentication information input by the user lawful; network access module for identifying when the authentication information is correct, allowing users to access the Internet identity of the guest, while prohibiting the user to said a guest access to the LAN.
5.如权利要求4所述的装置,其特征在于,所述认证信息包括:访客姓名和访客手机号码,以及有权限访问互联网及所述局域网的责任人特征信息。 5. The apparatus according to claim 4, wherein the authentication information comprises: Guest Guest name and phone number, as well as access to the Internet and local area network responsible for the characteristic information.
6.如权利要求4所述的装置,其特征在于,还包括:信息配置模块,用于部署安全网关,配置用户访问网络的所述访客权限及白名单。 6. The apparatus as claimed in claim 4, characterized in that, further comprising: a module configuration information, permission for the deployment of the guest security gateway, configure user access network and a whitelist.
CN201310363032.3A 2013-08-19 2013-08-19 Method and apparatus for authentication of a network access CN103607372B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310363032.3A CN103607372B (en) 2013-08-19 2013-08-19 Method and apparatus for authentication of a network access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310363032.3A CN103607372B (en) 2013-08-19 2013-08-19 Method and apparatus for authentication of a network access

Publications (2)

Publication Number Publication Date
CN103607372A CN103607372A (en) 2014-02-26
CN103607372B true CN103607372B (en) 2016-12-28

Family

ID=50125572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310363032.3A CN103607372B (en) 2013-08-19 2013-08-19 Method and apparatus for authentication of a network access

Country Status (1)

Country Link
CN (1) CN103607372B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9525664B2 (en) * 2014-02-28 2016-12-20 Symantec Corporation Systems and methods for providing secure access to local network devices
CN105429998A (en) * 2015-01-06 2016-03-23 李先志 Network security area login method and device
CN106385397A (en) * 2015-07-31 2017-02-08 腾讯科技(深圳)有限公司 Network access equipment access control and type configuration method and apparatus thereof
CN105227561A (en) * 2015-10-14 2016-01-06 上海斐讯数据通信技术有限公司 Unauthorized access prevention method and device for internet access authentication
CN105592461A (en) * 2015-11-19 2016-05-18 湖北睛彩视讯科技有限公司 WiFi user identification authentication method and system
CN105516085B (en) * 2015-11-26 2018-11-30 北京京东尚科信息技术有限公司 A kind of system and method managing the interim internet behavior of visitor
CN106211160A (en) * 2016-09-27 2016-12-07 北京小米移动软件有限公司 Network access method and apparatus
CN106888456A (en) * 2017-03-21 2017-06-23 上海斐讯数据通信技术有限公司 WIFI proxy authentication method and system
CN107070947A (en) * 2017-05-19 2017-08-18 上海斐讯数据通信技术有限公司 Network access method and system based on access authentication
CN107155185A (en) * 2017-06-30 2017-09-12 迈普通信技术股份有限公司 Method, device and system for authentication of WLAN (Wireless Local Area Network) access

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423452A (en) * 2001-12-05 2003-06-11 上海卓扬科技有限公司 Broad access network user identifying method
CN1700638A (en) * 2004-05-18 2005-11-23 江苏省电力公司 Enterprise network security access method by means of security authentication gateway
CN101299694A (en) * 2007-04-30 2008-11-05 华为技术有限公司 Method and system for managing caller in household network, household gateway
CN101582769A (en) * 2009-07-03 2009-11-18 杭州华三通信技术有限公司 Authority setting method of user access network and equipment
CN101662771A (en) * 2009-10-14 2010-03-03 中国电信股份有限公司 Method for realizing automatic certification of wireless access short message and system thereof
CN102006684A (en) * 2010-12-03 2011-04-06 成都飞鱼星科技开发有限公司 Wireless router with guest network function and implementation method thereof
CN202261807U (en) * 2011-09-28 2012-05-30 辽宁国兴科技有限公司 Network security wireless router
US8225103B2 (en) * 2006-10-24 2012-07-17 Avatier Corporation Controlling access to a protected network
US8290877B2 (en) * 2009-10-30 2012-10-16 Ncr Corporation Techniques for temporary access to enterprise networks

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1423452A (en) * 2001-12-05 2003-06-11 上海卓扬科技有限公司 Broad access network user identifying method
CN1700638A (en) * 2004-05-18 2005-11-23 江苏省电力公司 Enterprise network security access method by means of security authentication gateway
US8225103B2 (en) * 2006-10-24 2012-07-17 Avatier Corporation Controlling access to a protected network
CN101299694A (en) * 2007-04-30 2008-11-05 华为技术有限公司 Method and system for managing caller in household network, household gateway
CN101582769A (en) * 2009-07-03 2009-11-18 杭州华三通信技术有限公司 Authority setting method of user access network and equipment
CN101662771A (en) * 2009-10-14 2010-03-03 中国电信股份有限公司 Method for realizing automatic certification of wireless access short message and system thereof
US8290877B2 (en) * 2009-10-30 2012-10-16 Ncr Corporation Techniques for temporary access to enterprise networks
CN102006684A (en) * 2010-12-03 2011-04-06 成都飞鱼星科技开发有限公司 Wireless router with guest network function and implementation method thereof
CN202261807U (en) * 2011-09-28 2012-05-30 辽宁国兴科技有限公司 Network security wireless router

Also Published As

Publication number Publication date
CN103607372A (en) 2014-02-26

Similar Documents

Publication Publication Date Title
US9787659B2 (en) Techniques for secure access management in virtual environments
JP5129148B2 (en) Access control system and access control method
US9762576B2 (en) Enhanced multi factor authentication
US20070186099A1 (en) Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method
CN102598577B (en) Devices and systems for authentication using authentication cloud
Almulla et al. Cloud computing security management
JP6207697B2 (en) Safe mobile framework
US8418238B2 (en) System, method, and apparatus for managing access to resources across a network
CN102685106B (en) A secure authentication method and apparatus
US8881227B2 (en) Secure web container for a secure online user environment
US8893251B2 (en) System and method for embedded authentication
US8464320B2 (en) System and method for providing authentication continuity
WO2014105263A1 (en) Multi-factor authentication and comprehensive login system for client-server networks
WO2010075768A1 (en) Method, device and system for implementing resource sharing
BRPI0520139B1 (en) Method and apparatus for secure anonymous wireless lan (wlan) access
US9240977B2 (en) Techniques for protecting mobile applications
KR20130085472A (en) Security system for cloud computing service
EP2770662A1 (en) Centralized security management method and system for third party application and corresponding communication system
JP5843941B2 (en) Flexible quasi-out-of-band authentication structure
CN102281286A (en) Endpoint compliance for flexible mix of distributed enterprise and strong authentication
CN105074713A (en) Systems and methods for identifying a secure application when connecting to a network
US9152781B2 (en) Secure mobile client with assertions for access to service provider applications
US9729514B2 (en) Method and system of a secure access gateway
CN102045337A (en) Apparatus and methods for managing network resources
CN105303670A (en) Access control management method, device and system

Legal Events

Date Code Title Description
C06 Publication
C14 Grant of patent or utility model