CN105119922A - Method and device for access control, and server - Google Patents
Method and device for access control, and server Download PDFInfo
- Publication number
- CN105119922A CN105119922A CN201510542111.XA CN201510542111A CN105119922A CN 105119922 A CN105119922 A CN 105119922A CN 201510542111 A CN201510542111 A CN 201510542111A CN 105119922 A CN105119922 A CN 105119922A
- Authority
- CN
- China
- Prior art keywords
- terminal
- legal
- latitude
- longitude coordinates
- physical address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
Abstract
The invention discloses a method and a device for access control, and a server. The method comprises the following steps of receiving an access request sent by a terminal; obtaining geographical location information of the terminal; judging whether the geographical location information of the terminal is legal; and when the geographical location information of the terminal is legal, allowing the terminal to access. According to the scheme, through judging whether the geographical location information of the terminal is legal, access of the terminal is controlled by utilizing the existing server and a special-purpose server is not required to be deployed, so that the deployment difficulty and the deployment cost can be reduced.
Description
Technical field
The disclosure relates to networking technology area, particularly relates to a kind of access control method, device and server.
Background technology
Along with the develop rapidly of network technology, in enterprise, increasing need of work relies on software application system (hereinafter referred to as system).Wherein, the use of part system may be relevant with the information flow of enterprises, and this part system can only be used by the user of Intranet, with this ensure system cloud gray model fail safe and controllability.
In the access control method of correlation technique, usually adopt VPN (virtual private network) (VirtualPrivateNetwork, VPN) to realize the isolation of Inside and outside network, thus realize only having the user of Intranet can system, the user of outer net cannot access.Above-mentioned access control method needs the double support of software and hardware, and needs to build specially to run and have the particular server of VPN to provide service support, and this will increase deployment difficulty, improves lower deployment cost.
Summary of the invention
For overcoming Problems existing in correlation technique, the disclosure provides a kind of access control method, device and server.
According to the first aspect of disclosure embodiment, a kind of access control method is provided, comprises;
The access request that receiving terminal sends;
Obtain the geographical location information of described terminal;
Judge that whether the geographical location information of described terminal is legal;
When the geographical location information of described terminal is legal, allow described terminal access.
In conjunction with first aspect, in the first possible implementation of first aspect, if geographical location information is latitude and longitude coordinates, then the step of the geographical location information of the described terminal of described acquisition, comprising:
Send latitude and longitude coordinates to described terminal and obtain request, after obtaining local latitude and longitude coordinates to make described terminal, send the latitude and longitude coordinates of carrying described latitude and longitude coordinates and obtain response;
Receive the described latitude and longitude coordinates acquisition response that described terminal sends;
Obtain response from described latitude and longitude coordinates and parse latitude and longitude coordinates, obtain the latitude and longitude coordinates of described terminal.
In conjunction with the first possible implementation of first aspect, in the implementation that the second of first aspect is possible, describedly judge the step whether geographical location information of described terminal is legal, comprising:
Judge the latitude and longitude coordinates of whether preserving described terminal in legal latitude and longitude coordinates set;
When preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of described terminal is legal;
When not preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of described terminal is illegal.
In conjunction with the implementation that the second of first aspect is possible, in the third possible implementation of first aspect, described method also comprises:
Determine legal terminal, obtain the latitude and longitude coordinates of described legal terminal respectively, obtain described legal latitude and longitude coordinates set; Or,
Determine legal terminal, obtain the latitude and longitude coordinates of described legal terminal respectively, calculate the latitude and longitude coordinates scope that described legal terminal defines, obtain described legal latitude and longitude coordinates set.
In conjunction with first aspect, in the 4th kind of possible implementation of first aspect, if geographical location information is physical address, then the step of the geographical location information of the described terminal of described acquisition, comprising:
Send internet protocol address to described terminal and obtain request, after obtaining local IP address to make described terminal, send the IP address acquisition response of carrying described IP address;
Receive the described IP address acquisition response that described terminal sends;
From described IP address acquisition response, parse IP address, obtain the IP address of described terminal;
Determine to obtain the physical address of described terminal by the physical address that the IP address of described terminal is corresponding according to IP address and the corresponding relation of physical address.
In conjunction with the 4th kind of possible implementation of first aspect, in the 5th kind of possible implementation of first aspect, describedly judge the step whether geographical location information of described terminal is legal, comprising:
Judge the physical address whether preserving described terminal in legal physical address set;
When preserving the physical address of described terminal in described legal physical address set, determine that the physical address of described terminal is legal;
When not preserving into the physical address of described terminal in described legal physical address set, determine that the physical address of described terminal is illegal.
In conjunction with the 5th kind of possible implementation of first aspect, in the 6th kind of possible implementation of first aspect, described method also comprises:
Determine legal terminal, obtain the physical address of described legal terminal respectively, obtain described legal physical address set; Or,
Determine legal terminal, obtain the physical address of described legal terminal respectively, calculate the range of physical addresses that described legal terminal defines, obtain described legal physical address set.
In conjunction with first aspect to any one the possible implementation in the 6th kind of possible implementation of first aspect, in the 7th kind of possible implementation of first aspect, described method also comprises:
When the geographical location information of described terminal is illegal, refuse described terminal access.
According to the second aspect of disclosure embodiment, a kind of access control apparatus is provided, comprises:
Receiver module, for the access request that receiving terminal sends;
First acquisition module, for obtaining the geographical location information of described terminal;
Judge module, whether legal for judging the geographical location information of described terminal;
Access modules, for when the geographical location information of described terminal is legal, allows described terminal access.
In conjunction with second aspect, in the first possible implementation of second aspect, if geographical location information is latitude and longitude coordinates, then described first acquisition module, comprising:
First sends submodule, obtains request for sending latitude and longitude coordinates to described terminal, after obtaining local latitude and longitude coordinates, sends the latitude and longitude coordinates of carrying described latitude and longitude coordinates and obtains response to make described terminal;
First receives submodule, and the described latitude and longitude coordinates sent for receiving described terminal obtains response;
First analyzing sub-module, parsing latitude and longitude coordinates for obtaining in response from described latitude and longitude coordinates, obtaining the latitude and longitude coordinates of described terminal.
In conjunction with the first possible implementation of second aspect, in the implementation that the second of second aspect is possible, described judge module, comprising:
First judges submodule, for judging the latitude and longitude coordinates of whether preserving described terminal in legal latitude and longitude coordinates set;
First determines submodule, during for preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determines that the latitude and longitude coordinates of described terminal is legal; When not preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of described terminal is illegal.
In conjunction with the implementation that the second of second aspect is possible, in the third possible implementation of second aspect, described device also comprises:
First determination module, for determining legal terminal; Second acquisition module, for obtaining the latitude and longitude coordinates of described legal terminal respectively, obtains described legal latitude and longitude coordinates set; Or,
Second determination module, for determining legal terminal; 3rd acquisition module, for obtaining the latitude and longitude coordinates of described legal terminal respectively; First computing module, for calculating the latitude and longitude coordinates scope that described legal terminal defines, obtains described legal latitude and longitude coordinates set.
In conjunction with second aspect, in the 4th kind of possible implementation of second aspect, if geographical location information is physical address, then described first acquisition module, comprising:
Second sends submodule, obtains request for sending internet protocol address to described terminal, after obtaining local IP address, sends the IP address acquisition response of carrying described IP address to make described terminal;
Second receives submodule, for receiving the described IP address acquisition response that described terminal sends;
Second analyzing sub-module, for parsing IP address from described IP address acquisition response, obtains the IP address of described terminal;
Second determines submodule, obtains the physical address of described terminal by the physical address that the IP address of described terminal is corresponding for determining according to IP address and the corresponding relation of physical address.
In conjunction with the 4th kind of possible implementation of second aspect, in the 5th kind of possible implementation of second aspect, described judge module, comprising:
Second judges submodule, for judging the physical address whether preserving described terminal in legal physical address set;
3rd determines submodule, during for preserving the physical address of described terminal in described legal physical address set, determines that the physical address of described terminal is legal; When not preserving into the physical address of described terminal in described legal physical address set, determine that the physical address of described terminal is illegal.
In conjunction with the 5th kind of possible implementation of second aspect, in the 6th kind of possible implementation of second aspect, described device also comprises:
3rd determination module, for determining legal terminal; 4th acquisition module, for obtaining the physical address of described legal terminal respectively, obtains described legal physical address set; Or,
4th determination module, for determining legal terminal; 5th acquisition module, for obtaining the physical address of described legal terminal respectively; Second computing module, for calculating the range of physical addresses that described legal terminal defines, obtains described legal physical address set.
In conjunction with second aspect to any one the possible implementation in the 6th kind of possible implementation of second aspect, in the 7th kind of possible implementation of second aspect, described device also comprises:
Refusal module, for when the geographical location information of described terminal is illegal, refuses described terminal access.
According to the third aspect of disclosure embodiment, a kind of server is provided, comprises:
Processor;
For the memory of storage of processor executable instruction;
Wherein, described processor is configured to:
The access request that receiving terminal sends;
Obtain the geographical location information of described terminal;
Judge that whether the geographical location information of described terminal is legal;
When the geographical location information of described terminal is legal, allow described terminal access.
The technical scheme that embodiment of the present disclosure provides can comprise following beneficial effect: the access request that receiving terminal sends; Obtain the geographical location information of described terminal; Judge that whether the geographical location information of described terminal is legal; When the geographical location information of described terminal is legal, allow described terminal access.The program can control according to the whether legal access to terminal of the geographical location information of terminal, uses existing server to realize, without the need to special deployment server, thus can reduce deployment difficulty, reduces lower deployment cost.
Should be understood that, it is only exemplary and explanatory that above general description and details hereinafter describe, and can not limit the disclosure.
Accompanying drawing explanation
Accompanying drawing to be herein merged in specification and to form the part of this specification, shows embodiment according to the invention, and is used from specification one and explains principle of the present invention.
Fig. 1 is the flow chart of a kind of access control method according to an exemplary embodiment.
Fig. 2 is the flow chart of S12 in a kind of access control method according to an exemplary embodiment.
Fig. 3 is the flow chart of S13 in a kind of access control method according to an exemplary embodiment.
Fig. 4 is the flow chart of the another kind of access control method according to an exemplary embodiment.
Fig. 5 is the flow chart of S12 in a kind of access control method according to an exemplary embodiment.
Fig. 6 is the flow chart of S13 in a kind of access control method according to an exemplary embodiment.
Fig. 7 is the flow chart of another access control method according to an exemplary embodiment.
Fig. 8 is the block diagram of a kind of access control apparatus according to an exemplary embodiment.
Fig. 9 is the block diagram of the first acquisition module in a kind of access control apparatus according to an exemplary embodiment.
Figure 10 is the block diagram of judge module in a kind of access control apparatus according to an exemplary embodiment.
Figure 11 is the block diagram of the another kind of access control apparatus according to an exemplary embodiment.
Figure 12 is the block diagram of another access control apparatus according to an exemplary embodiment.
Figure 13 is the block diagram of the first acquisition module in a kind of access control apparatus according to an exemplary embodiment.
Figure 14 is the block diagram of judge module in a kind of access control apparatus according to an exemplary embodiment.
Figure 15 is the block diagram of another access control apparatus according to an exemplary embodiment.
Figure 16 is the block diagram of another access control apparatus according to an exemplary embodiment.
Figure 17 is the block diagram of another access control apparatus according to an exemplary embodiment.
Figure 18 is the block diagram of a kind of server according to an exemplary embodiment.
Embodiment
Here will be described exemplary embodiment in detail, its sample table shows in the accompanying drawings.When description below relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawing represents same or analogous key element.Execution mode described in following exemplary embodiment does not represent all execution modes consistent with the present invention.On the contrary, they only with as in appended claims describe in detail, the example of apparatus and method that aspects more of the present invention are consistent.
Fig. 1 is the flow chart of a kind of access control method according to an exemplary embodiment, and as shown in Figure 1, access control method is used for, in server, comprising the following steps.
In step s 11, the access request of receiving terminal transmission.
At present, the framework that system is commonly used is client (Client, C)/server (Server, S) structure and browser (Browser, B)/server (Server, S) structure, access control method in the present embodiment is all applicable under C/S and B/S two kinds of structures, when user needs to access this system, can send access request by client that terminal is arranged or browser to server, server receives this access request.
In step s 12, the geographical location information of terminal is obtained.
After server receives the access request of terminal transmission, can obtain the geographical location information of this terminal, geographical location information can be, but not limited to be latitude and longitude coordinates, physical address etc. information.
In step s 13, judge that whether the geographical location information of terminal is legal.
When the geographical location information of terminal is legal, in step S14, allow terminal access.
When the geographical location information of terminal is illegal, in step S15, refusal terminal access.
Can determine to allow terminal access or refusal terminal access according to whether the geographical location information of terminal is legal, when the geographical location information of terminal is legal, allow terminal access, user can use system by terminal, when the geographical location information of terminal is illegal, refusal terminal access, user does not use system by terminal.
The program can control according to the whether legal access to terminal of the geographical location information of terminal, uses existing server to realize, without the need to special deployment server, thus can reduce deployment difficulty, reduces lower deployment cost.
Geographical location information in step S12 can be latitude and longitude coordinates, physical address etc. various ways, when geographical location information is different, in access control method, the specific implementation process of each step also may be different, are described respectively below for latitude and longitude coordinates and these two kinds of geographical location information of physical address.
If geographical location information is latitude and longitude coordinates, then obtain the flow process of the geographical location information of terminal in step S12, as shown in Figure 2, comprise the following steps.
In step S1211, send latitude and longitude coordinates to terminal and obtain request, after obtaining local latitude and longitude coordinates to make terminal, send the latitude and longitude coordinates of carrying latitude and longitude coordinates and obtain response.
Latitude and longitude coordinates is usually used in mark geographical position, usually can be designated as (east longitude 115 °, north latitude 39 °), (77 °, west longitude, north latitude 38 °) etc.When server needs the latitude and longitude coordinates obtaining terminal, latitude and longitude coordinates can be sent to terminal and obtain request, under C/S and B/S two kinds of structures, the mode that server obtains is different, be described for B/S framework below, if geolocation interface supported by browser, server can obtain the latitude and longitude coordinates of terminal by this interface.
After terminal receives the latitude and longitude coordinates acquisition request of server transmission, first can search and whether preserve local latitude and longitude coordinates, if terminal is preserved local latitude and longitude coordinates, terminal can directly obtain, if terminal is not preserved local latitude and longitude coordinates, can obtain from third party's (map software), then the latitude and longitude coordinates got is carried in latitude and longitude coordinates acquisition response and send to server.
In step S1212, the latitude and longitude coordinates that receiving terminal sends obtains response.
In step S1213, obtain response from latitude and longitude coordinates and parse latitude and longitude coordinates, obtain the latitude and longitude coordinates of terminal.
The latitude and longitude coordinates that server parses terminal sends obtains response, thus obtain the latitude and longitude coordinates of terminal, according to this latitude and longitude coordinates, subsequent server can be determined whether terminal has permission and conduct interviews, control without the need to arranging the access of server to terminal specially in the present embodiment, thus deployment difficulty can be reduced, reduce lower deployment cost.
Wherein, judge in step S13 as shown in Figure 3, to comprise the flow process whether geographical location information of terminal is legal:
In step S1311, obtain legal latitude and longitude coordinates set.
Legal latitude and longitude coordinates set can be set up according to the latitude and longitude coordinates of legal terminal in advance, follow-up just can be whether legal according to the latitude and longitude coordinates of this legal latitude and longitude coordinates set determination terminal.
Legal latitude and longitude coordinates set can be the set of discrete point, also can be the set in region, introduces the method for building up of legal latitude and longitude coordinates set under these two kinds of modes below respectively.
First kind of way, determines legal terminal, obtains the latitude and longitude coordinates of legal terminal respectively, obtains legal latitude and longitude coordinates set.
When initial deployment system, it is legal for usually setting which terminal, and these terminals are as the legal terminal of this system of access, and the latitude and longitude coordinates that server directly can obtain legal terminal is carried out combination and obtained legal latitude and longitude coordinates set.The latitude and longitude coordinates of legal terminal can obtain from the legal terminal of correspondence, also can obtain from third party's (map software).
The second way, determines legal terminal, obtains the latitude and longitude coordinates of legal terminal respectively, calculates the latitude and longitude coordinates scope that legal terminal defines, obtains legal latitude and longitude coordinates set.
First kind of way is that the latitude and longitude coordinates of the directly all legal terminal of combination is as legal latitude and longitude coordinates set, certainly, can also after the latitude and longitude coordinates obtaining legal terminal, using the border of these latitude and longitude coordinates as a region, calculate the latitude and longitude coordinates scope that these legal terminal define, thus obtaining legal latitude and longitude coordinates set, the latitude and longitude coordinates scope that legal terminal defines can be a continuum, also can be the zonule of multiple dispersion.
In step S1312, judge the latitude and longitude coordinates of whether preserving terminal in legal latitude and longitude coordinates set.
For the first kind of way in step 1311, the latitude and longitude coordinates of whether preserving terminal in legal latitude and longitude coordinates set directly can be determined; For the second way in step S1311, the latitude and longitude coordinates of terminal can be substituted in legal latitude and longitude coordinates set and determine.
When preserving the latitude and longitude coordinates of terminal in legal latitude and longitude coordinates set, in step S1313, determine that the latitude and longitude coordinates of terminal is legal.
When not preserving the latitude and longitude coordinates of terminal in legal latitude and longitude coordinates set, in step S1314, determine that the latitude and longitude coordinates of terminal is illegal.
Can determine that whether the latitude and longitude coordinates of terminal is legal by step S1311-S1314, determine whether so that follow-up to allow terminal access system.
Fig. 4 is the flow chart of the another kind of access control method according to an exemplary embodiment, and as shown in Figure 4, access control method is applied in server under C/S and B/S two kinds of structures and terminal, comprises the following steps.
In step S41, terminal to server sends access request.
When user needs access system, terminal can send request to server.
In step S42, after the access request that server receiving terminal sends, send latitude and longitude coordinates to terminal and obtain request.
In step S43, after terminal obtains local latitude and longitude coordinates, send the latitude and longitude coordinates of carrying latitude and longitude coordinates to server and obtain response.
After terminal receives the latitude and longitude coordinates acquisition request of server transmission, first can search and whether preserve local latitude and longitude coordinates, if terminal is preserved local latitude and longitude coordinates, terminal can directly obtain, if terminal is not preserved local latitude and longitude coordinates, can obtain from third party's (map software), then the latitude and longitude coordinates got is carried in latitude and longitude coordinates acquisition response and send to server.
In step S44, the latitude and longitude coordinates that server receiving terminal sends obtains response, obtains response and parses latitude and longitude coordinates, obtain the latitude and longitude coordinates of terminal from latitude and longitude coordinates.
In step S45, server obtains legal latitude and longitude coordinates set, judges the latitude and longitude coordinates of whether preserving terminal in legal latitude and longitude coordinates set.
Legal latitude and longitude coordinates set can be kept at server this locality, also can be kept in other database server.
When preserving the latitude and longitude coordinates of terminal in legal latitude and longitude coordinates set, in step S46, the latitude and longitude coordinates of server determination terminal is legal, allows terminal access.
When not preserving the latitude and longitude coordinates of terminal in legal latitude and longitude coordinates set, in step S47, the latitude and longitude coordinates of server determination terminal is illegal, refusal terminal access.
Server can be determined to allow terminal access or refusal terminal access according to whether the latitude and longitude coordinates of terminal is legal, when the latitude and longitude coordinates of terminal is legal, allow terminal access, user can use system by terminal, when the latitude and longitude coordinates of terminal is illegal, refusal terminal access, user does not use system by terminal.In the program, server can control according to the whether legal access to terminal of the latitude and longitude coordinates of terminal, uses existing server to realize, without the need to special deployment server, thus can reduce deployment difficulty, reduces lower deployment cost.
When to be described above geographical location information be latitude and longitude coordinates, the implementation procedure of each step in above-mentioned access control method, when to introduce geographical location information be below physical address, the implementation procedure of each step in above-mentioned access control method.
If geographical location information is physical address, then the flow process of the geographical location information of the acquisition terminal in step S12, as shown in Figure 5, comprises the following steps:
In step S1221, send the request of Internet protocol (InternetProtocol, IP) address acquisition to terminal, after obtaining local IP address to make terminal, send the IP address acquisition response of carrying IP address.
In step S1222, the IP address acquisition response that receiving terminal sends.
In step S1223, secondary IP address obtains in response and parses IP address, obtains the IP address of terminal.
In step S1224, the physical address corresponding with the IP address of the corresponding relation determination terminal of physical address according to IP address, obtains the physical address of terminal.
IP address is a kind of unified address format that IP agreement provides, and it is each terminal distribution logical address on network, shields the difference of physical address with this.Therefore, the IP address of terminal is corresponding with its physical address, and Virtual network operator can set up the corresponding relation of IP address and physical address to preserve IP address and the physical address of each terminal.When server needs to obtain the physical address of terminal, the request of IP address acquisition can be sent to terminal, and then physical address corresponding to the IP address of terminal can be carried out according to IP address and the corresponding relation of physical address, obtain the physical address of terminal.
Wherein, judge in step S13 as shown in Figure 6, to comprise the following steps the flow process whether geographical location information of terminal is legal:
In step S1321, obtain legal physical address set.
Can set up legal physical address set according to the physical address of legal terminal in advance, whether the follow-up physical address according to this legal physical address set determination terminal is legal.
Legal physical address set can be the set of discrete point, also can be the set in region, introduces the method for building up of legal physical address set under these two kinds of modes below respectively.
First kind of way, determines legal terminal, obtains the physical address of legal terminal respectively, obtains legal physical address set.
When initial deployment system, it is legal for usually setting which terminal, and these terminals are as the legal terminal of this system of access, and the physical address combination that server directly can obtain legal terminal obtains legal physical address set.The physical address of legal terminal can be, but not limited to obtain from Virtual network operator.
The second way, determines legal terminal, obtains the physical address of legal terminal respectively, calculates the range of physical addresses that legal terminal defines, obtains legal physical address set.
First kind of way is that the physical address of the directly all legal terminal of combination is as legal physical address set, certainly, can also after the physical address obtaining legal terminal, using the border of these physical addresss as a region, calculate the range of physical addresses that these legal terminal define, thus obtaining legal physical address set, the range of physical addresses that legal terminal defines can be a continuum, also can be the zonule of multiple dispersion.
In step S1322, judge the physical address whether preserving terminal in legal physical address set.
For the first kind of way in step 1321, the physical address whether preserving terminal in legal physical address set directly can be determined; For the second way in step S1311, the physical address of terminal can be substituted in legal physical address set and determine.
When preserving the physical address of terminal in legal physical address set, in step S1323, determine that the physical address of terminal is legal.
When not preserving into the physical address of terminal in legal physical address set, in step S1324, determine that the physical address of terminal is illegal.
Can determine that whether the physical address of terminal is legal by step S1321-S1324, determine whether so that follow-up to allow terminal access system.
Fig. 7 is the flow chart of another access control method according to an exemplary embodiment, and as shown in Figure 7, access control method is applied in server under C/S and B/S two kinds of structures and terminal, comprises the following steps.
In step S71, terminal to server sends access request.
When user needs access system, terminal can send request to server.
In step S72, the access request that server receiving terminal sends, sends the request of IP address acquisition to terminal.
In step S73, after terminal obtains local IP address, send the IP address acquisition response of carrying IP address to server.
In step S74, the IP address acquisition response that server receiving terminal sends, secondary IP address obtains in response and parses IP address, obtains the IP address of terminal.
In step S75, the physical address that server is corresponding with the IP address of the corresponding relation determination terminal of physical address according to IP address, obtains the physical address of terminal.
Server can be, but not limited to the corresponding relation obtaining IP address and physical address from Virtual network operator.
In step S76, server obtains legal physical address set, judges the physical address whether preserving terminal in legal physical address set.
When preserving the physical address of terminal in legal physical address set, in step S77, the physical address of server determination terminal is legal, allows terminal access.
When not preserving into the physical address of terminal in legal physical address set, in step S78, the physical address of server determination terminal is illegal, refusal terminal access.
Can determine to allow terminal access or refusal terminal access according to whether the physical address of terminal is legal, when the physical address of terminal is legal, allow terminal access, user can use system by terminal, when the physical address of terminal is illegal, refusal terminal access, user does not use system by terminal.The program can control according to the whether legal access to terminal of the physical address of terminal, uses existing server to realize, without the need to special deployment server, thus can reduce deployment difficulty, reduces lower deployment cost.
Fig. 8 is a kind of access control apparatus block diagram according to an exemplary embodiment.With reference to Fig. 8, this device comprises receiver module 81, first acquisition module 82, judge module 83 and access modules 84.
This receiver module 81 is configured to, the access request that receiving terminal sends;
This first acquisition module 82 is configured to, and obtains the geographical location information of terminal;
This judge module 83 is configured to, and judges that whether the geographical location information of terminal is legal;
This access modules 84 is configured to, and when the geographical location information of terminal is legal, allows terminal access.
The program can control according to the whether legal access to terminal of the geographical location information of terminal, uses existing server to realize, without the need to special deployment server, thus can reduce deployment difficulty, reduces lower deployment cost.
About the device in above-described embodiment, wherein the concrete mode of modules executable operations has been described in detail in about the embodiment of the method, will not elaborate explanation herein.
Geographical location information can be latitude and longitude coordinates, physical address etc. various ways, when geographical location information is different, in access control method, the specific implementation process of each step also may be different, are described respectively below for latitude and longitude coordinates and these two kinds of geographical location information of physical address.
If geographical location information is latitude and longitude coordinates, the structure of the first acquisition module 82 as shown in Figure 9, comprises the first transmission submodule 8211, first and receives submodule 8212 and the first analyzing sub-module 8213.
This first transmission submodule 8211 is configured to, and sends latitude and longitude coordinates obtain request to terminal, after obtaining the latitude and longitude coordinates of this locality, sends the latitude and longitude coordinates of carrying latitude and longitude coordinates and obtains response to make terminal;
This first reception submodule 8212 is configured to, and the latitude and longitude coordinates that receiving terminal sends obtains response;
This first analyzing sub-module 8213 is configured to, and obtains response and parses latitude and longitude coordinates, obtain the latitude and longitude coordinates of terminal from latitude and longitude coordinates.
Wherein, the structure of judge module 83 as shown in Figure 10, comprises the first judgement submodule 8311 and first and determines submodule 8312.
This first judges that submodule 8311 is configured to, and judges the latitude and longitude coordinates of whether preserving terminal in legal latitude and longitude coordinates set;
This first determines that submodule 8312 is configured to, and when preserving the latitude and longitude coordinates of terminal in legal latitude and longitude coordinates set, determines that the latitude and longitude coordinates of terminal is legal; When not preserving the latitude and longitude coordinates of terminal in legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of terminal is illegal.
Figure 11 is the another kind of access control apparatus block diagram according to an exemplary embodiment.With reference to Figure 11, on the basis of the device shown in Fig. 8, also comprise the first determination module 85 and the second acquisition module 86.
This first determination module 85 is configured to, and determines legal terminal.
This second acquisition module 86 is configured to, and obtains the latitude and longitude coordinates of legal terminal respectively, obtains legal latitude and longitude coordinates set.
Figure 12 is another the access control apparatus block diagram according to an exemplary embodiment.With reference to Figure 12, on the basis of the device shown in Fig. 8, also comprise the second determination module 87, the 3rd acquisition module 88 and the first computing module 89.
This second determination module 87 is configured to, and determines legal terminal.
3rd acquisition module 88 is configured to, and obtains the latitude and longitude coordinates of legal terminal respectively.
This first computing module 89 is configured to, and calculates the latitude and longitude coordinates scope that legal terminal defines, obtains legal latitude and longitude coordinates set.
If geographical location information is physical address, the structure of the first acquisition module 82 as shown in figure 13, comprises the second transmission submodule 8221, second reception submodule 8222, second analyzing sub-module 8223 and second and determines submodule 8224.
This second transmission submodule 8221 is configured to, and sends the request of IP address acquisition to terminal, after obtaining local IP address, sends the IP address acquisition carrying IP address and responds to make terminal.
This second reception submodule 8222 is configured to, the IP address acquisition response that receiving terminal sends.
This second analyzing sub-module 8223 is configured to, and secondary IP address obtains in response and parses IP address, obtains the IP address of terminal.
This second determines that submodule 8224 is configured to, and the physical address corresponding with the IP address of the corresponding relation determination terminal of physical address according to IP address, obtains the physical address of terminal.
Wherein, the structure of judge module 83 as shown in figure 14, comprises the second judgement submodule 8321 and the 3rd and determines submodule 8322.
This second judges that submodule 8321 is configured to, and judges the physical address whether preserving terminal in legal physical address set.
3rd determines that submodule 8322 is configured to, and when preserving the physical address of terminal in legal physical address set, determines that the physical address of terminal is legal; When not preserving into the physical address of terminal in legal physical address set, determine that the physical address of terminal is illegal.
Figure 15 is another the access control apparatus block diagram according to an exemplary embodiment.With reference to Figure 15, on the basis of the device shown in Fig. 8, also comprise the 3rd determination module 90 and the 4th acquisition module 91.
3rd determination module 90 is configured to, and determines legal terminal.
4th acquisition module 91 is configured to, and obtains the physical address of legal terminal respectively, obtains legal physical address set.
Figure 16 is another the access control apparatus block diagram according to an exemplary embodiment.With reference to Figure 16, on the basis of the device shown in Fig. 8, also comprise the 4th determination module 92, the 5th acquisition module 93 and the second computing module 94.
4th determination module 92 is configured to, and determines legal terminal.
5th acquisition module 93 is configured to, and obtains the physical address of legal terminal respectively.
This second computing module 94 is configured to, and calculates the range of physical addresses that legal terminal defines, obtains legal physical address set.
Figure 17 is another the access control apparatus block diagram according to an exemplary embodiment.With reference to Figure 17, on the basis of the device shown in Fig. 8, also comprise refusal module 95.
This refusal module 95 is configured to, when the geographical location information of terminal is illegal, and refusal terminal access.
Figure 18 is the block diagram of a kind of device 1800 for access control according to an exemplary embodiment.Such as, device 1800 may be provided in a server.With reference to Figure 18, device 1800 comprises processing components 1822, and it comprises one or more processor further, and the memory resource representated by memory 1832, can such as, by the instruction of the execution of processing components 1822, application program for storing.The application program stored in memory 1832 can comprise each module corresponding to one group of instruction one or more.In addition, processing components 1822 is configured to perform instruction, and to perform above-mentioned access control method, the method comprises:
The access request that receiving terminal sends;
Obtain the geographical location information of described terminal;
Judge that whether the geographical location information of described terminal is legal;
When the geographical location information of described terminal is legal, allow described terminal access.
Device 1800 can also comprise the power management that a power supply module 1826 is configured to final controlling element 1800, and a wired or wireless network interface 1850 is configured to device 1800 to be connected to network, and input and output (I/O) interface 1858.Device 1800 can operate the operating system based on being stored in memory 1832, such as WindowsServerTM, MacOSXTM, UnixTM, LinuxTM, FreeBSDTM or similar.
Those skilled in the art, at consideration specification and after putting into practice invention disclosed herein, will easily expect other embodiment of the present invention.The application is intended to contain any modification of the present invention, purposes or adaptations, and these modification, purposes or adaptations are followed general principle of the present invention and comprised the undocumented common practise in the art of the disclosure or conventional techniques means.Specification and embodiment are only regarded as exemplary, and true scope of the present invention and spirit are pointed out by claim below.
Should be understood that, the present invention is not limited to precision architecture described above and illustrated in the accompanying drawings, and can carry out various amendment and change not departing from its scope.Scope of the present invention is only limited by appended claim.
Claims (17)
1. an access control method, application in the server, is characterized in that, comprising:
The access request that receiving terminal sends;
Obtain the geographical location information of described terminal;
Judge that whether the geographical location information of described terminal is legal;
When the geographical location information of described terminal is legal, allow described terminal access.
2. method according to claim 1, is characterized in that, if geographical location information is latitude and longitude coordinates, then the step of the geographical location information of the described terminal of described acquisition, comprising:
Send latitude and longitude coordinates to described terminal and obtain request, after obtaining local latitude and longitude coordinates to make described terminal, send the latitude and longitude coordinates of carrying described latitude and longitude coordinates and obtain response;
Receive the described latitude and longitude coordinates acquisition response that described terminal sends;
Obtain response from described latitude and longitude coordinates and parse latitude and longitude coordinates, obtain the latitude and longitude coordinates of described terminal.
3. method according to claim 2, is characterized in that, describedly judges the step whether geographical location information of described terminal is legal, comprising:
Judge the latitude and longitude coordinates of whether preserving described terminal in legal latitude and longitude coordinates set;
When preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of described terminal is legal;
When not preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of described terminal is illegal.
4. method according to claim 3, is characterized in that, described method also comprises:
Determine legal terminal, obtain the latitude and longitude coordinates of described legal terminal respectively, obtain described legal latitude and longitude coordinates set; Or,
Determine legal terminal, obtain the latitude and longitude coordinates of described legal terminal respectively, calculate the latitude and longitude coordinates scope that described legal terminal defines, obtain described legal latitude and longitude coordinates set.
5. method according to claim 1, is characterized in that, if geographical location information is physical address, then the step of the geographical location information of the described terminal of described acquisition, comprising:
Send internet protocol address to described terminal and obtain request, after obtaining local IP address to make described terminal, send the IP address acquisition response of carrying described IP address;
Receive the described IP address acquisition response that described terminal sends;
From described IP address acquisition response, parse IP address, obtain the IP address of described terminal;
Determine to obtain the physical address of described terminal by the physical address that the IP address of described terminal is corresponding according to IP address and the corresponding relation of physical address.
6. method according to claim 5, is characterized in that, describedly judges the step whether geographical location information of described terminal is legal, comprising:
Judge the physical address whether preserving described terminal in legal physical address set;
When preserving the physical address of described terminal in described legal physical address set, determine that the physical address of described terminal is legal;
When not preserving into the physical address of described terminal in described legal physical address set, determine that the physical address of described terminal is illegal.
7. method according to claim 6, is characterized in that, described method also comprises:
Determine legal terminal, obtain the physical address of described legal terminal respectively, obtain described legal physical address set; Or,
Determine legal terminal, obtain the physical address of described legal terminal respectively, calculate the range of physical addresses that described legal terminal defines, obtain described legal physical address set.
8., according to the arbitrary described method of claim 1-7, it is characterized in that, described method also comprises:
When the geographical location information of described terminal is illegal, refuse described terminal access.
9. an access control apparatus, is characterized in that, comprising:
Receiver module, for the access request that receiving terminal sends;
First acquisition module, for obtaining the geographical location information of described terminal;
Judge module, whether legal for judging the geographical location information of described terminal;
Access modules, for when the geographical location information of described terminal is legal, allows described terminal access.
10. device according to claim 9, is characterized in that, if geographical location information is latitude and longitude coordinates, then described first acquisition module, comprising:
First sends submodule, obtains request for sending latitude and longitude coordinates to described terminal, after obtaining local latitude and longitude coordinates, sends the latitude and longitude coordinates of carrying described latitude and longitude coordinates and obtains response to make described terminal;
First receives submodule, and the described latitude and longitude coordinates sent for receiving described terminal obtains response;
First analyzing sub-module, parsing latitude and longitude coordinates for obtaining in response from described latitude and longitude coordinates, obtaining the latitude and longitude coordinates of described terminal.
11. devices according to claim 10, is characterized in that, described judge module, comprising:
First judges submodule, for judging the latitude and longitude coordinates of whether preserving described terminal in legal latitude and longitude coordinates set;
First determines submodule, during for preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determines that the latitude and longitude coordinates of described terminal is legal; When not preserving the latitude and longitude coordinates of described terminal in described legal latitude and longitude coordinates set, determine that the latitude and longitude coordinates of described terminal is illegal.
12. devices according to claim 11, is characterized in that, described device also comprises:
First determination module, for determining legal terminal; Second acquisition module, for obtaining the latitude and longitude coordinates of described legal terminal respectively, obtains described legal latitude and longitude coordinates set; Or,
Second determination module, for determining legal terminal; 3rd acquisition module, for obtaining the latitude and longitude coordinates of described legal terminal respectively; First computing module, for calculating the latitude and longitude coordinates scope that described legal terminal defines, obtains described legal latitude and longitude coordinates set.
13. devices according to claim 9, is characterized in that, if geographical location information is physical address, then described first acquisition module, comprising:
Second sends submodule, obtains request for sending internet protocol address to described terminal, after obtaining local IP address, sends the IP address acquisition response of carrying described IP address to make described terminal;
Second receives submodule, for receiving the described IP address acquisition response that described terminal sends;
Second analyzing sub-module, for parsing IP address from described IP address acquisition response, obtains the IP address of described terminal;
Second determines submodule, obtains the physical address of described terminal by the physical address that the IP address of described terminal is corresponding for determining according to IP address and the corresponding relation of physical address.
14. devices according to claim 13, is characterized in that, described judge module, comprising:
Second judges submodule, for judging the physical address whether preserving described terminal in legal physical address set;
3rd determines submodule, during for preserving the physical address of described terminal in described legal physical address set, determines that the physical address of described terminal is legal; When not preserving into the physical address of described terminal in described legal physical address set, determine that the physical address of described terminal is illegal.
15. devices according to claim 14, is characterized in that, described device also comprises:
3rd determination module, for determining legal terminal; 4th acquisition module, for obtaining the physical address of described legal terminal respectively, obtains described legal physical address set; Or,
4th determination module, for determining legal terminal; 5th acquisition module, for obtaining the physical address of described legal terminal respectively; Second computing module, for calculating the range of physical addresses that described legal terminal defines, obtains described legal physical address set.
16. according to the arbitrary described device of claim 9-15, and it is characterized in that, described device also comprises:
Refusal module, for when the geographical location information of described terminal is illegal, refuses described terminal access.
17. 1 kinds of servers, is characterized in that, comprising:
Processor;
For the memory of storage of processor executable instruction;
Wherein, described processor is configured to:
The access request that receiving terminal sends;
Obtain the geographical location information of described terminal;
Judge that whether the geographical location information of described terminal is legal;
When the geographical location information of described terminal is legal, allow described terminal access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510542111.XA CN105119922A (en) | 2015-08-28 | 2015-08-28 | Method and device for access control, and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510542111.XA CN105119922A (en) | 2015-08-28 | 2015-08-28 | Method and device for access control, and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105119922A true CN105119922A (en) | 2015-12-02 |
Family
ID=54667810
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510542111.XA Pending CN105119922A (en) | 2015-08-28 | 2015-08-28 | Method and device for access control, and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105119922A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656995A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Device control method and device |
| CN115622809A (en) * | 2022-12-14 | 2023-01-17 | 浙江中电远为科技有限公司 | Internal and external network safety isolation system for application scene of secret cabinet |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212713A (en) * | 2006-12-26 | 2008-07-02 | 环达电脑(上海)有限公司 | AGPS based position chat service system and method |
| CN101374249A (en) * | 2007-08-21 | 2009-02-25 | 彭亮 | Method for obtaining terminal real time accurate geographic position based on the mobile terminal IP address |
| CN102325300A (en) * | 2011-07-20 | 2012-01-18 | 中兴通讯股份有限公司 | Positioning method and system |
| CN102904974A (en) * | 2012-09-28 | 2013-01-30 | 腾讯科技(深圳)有限公司 | Method for obtaining location of terminal, related device and system |
| CN103874021A (en) * | 2014-04-02 | 2014-06-18 | 上海坤士合生信息科技有限公司 | Safe region recognition method and device, and user terminal |
| CN104581728A (en) * | 2014-12-02 | 2015-04-29 | 东莞宇龙通信科技有限公司 | Mobile terminal access control method and server |
-
2015
- 2015-08-28 CN CN201510542111.XA patent/CN105119922A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212713A (en) * | 2006-12-26 | 2008-07-02 | 环达电脑(上海)有限公司 | AGPS based position chat service system and method |
| CN101374249A (en) * | 2007-08-21 | 2009-02-25 | 彭亮 | Method for obtaining terminal real time accurate geographic position based on the mobile terminal IP address |
| CN102325300A (en) * | 2011-07-20 | 2012-01-18 | 中兴通讯股份有限公司 | Positioning method and system |
| CN102904974A (en) * | 2012-09-28 | 2013-01-30 | 腾讯科技(深圳)有限公司 | Method for obtaining location of terminal, related device and system |
| CN103874021A (en) * | 2014-04-02 | 2014-06-18 | 上海坤士合生信息科技有限公司 | Safe region recognition method and device, and user terminal |
| CN104581728A (en) * | 2014-12-02 | 2015-04-29 | 东莞宇龙通信科技有限公司 | Mobile terminal access control method and server |
Non-Patent Citations (1)
| Title |
|---|
| 俞朝晖等: "《系统防护黑客实用与网络安全攻防宝典》", 28 February 2013 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656995A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Device control method and device |
| CN115622809A (en) * | 2022-12-14 | 2023-01-17 | 浙江中电远为科技有限公司 | Internal and external network safety isolation system for application scene of secret cabinet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104079543B (en) | The acquisition methods of intelligent domestic system supervision authority, device and system | |
| CN107360064B (en) | Intelligent device sharing method and device and computer readable storage medium | |
| CN103369009B (en) | A kind of online answering method, equipment and system | |
| CN105743822A (en) | Method and apparatus for processing message | |
| US9832614B2 (en) | Method, server and terminal for information interaction | |
| CN104333552A (en) | Authentication determination method and accessing equipment | |
| CN104468327B (en) | A kind of group Adding Way, Apparatus and system | |
| CN104980920A (en) | Method and device for establishing communication connection of intelligent terminal | |
| CN105530683A (en) | Network connection method and apparatus | |
| RU2018108582A (en) | SYSTEM AND METHOD FOR DETERMINING LOCATION WITH APPLICATION OF CELLULAR ROUTING | |
| CN105827658A (en) | Method and device for multi-application synchronization login | |
| RU2651159C1 (en) | Method and device for marking unknown number | |
| CN103581179A (en) | Data access control system based on position, server and method | |
| CN106453349B (en) | Account login method and device | |
| CN104869123A (en) | Network access control method and server | |
| CN106130980A (en) | A kind of vulnerability scanning method and device | |
| CN105635073A (en) | Access control method and device and network access equipment | |
| CN104967572B (en) | Network Access Method, device and equipment | |
| KR20140020332A (en) | Method and system for acquiring user content | |
| CN105072015A (en) | Voice information processing method, server, and terminal | |
| CN105119922A (en) | Method and device for access control, and server | |
| CN105099874A (en) | Method and device for group establishment | |
| CN104807461A (en) | Indoor navigation method and device | |
| CN104506405B (en) | The method and device of cross-domain access | |
| CN104539752B (en) | Access method and system between multilevel field platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151202 |
|
| RJ01 | Rejection of invention patent application after publication |