CN106375332A - Network safe browsing method and device - Google Patents

Network safe browsing method and device Download PDF

Info

Publication number
CN106375332A
CN106375332A CN201610848242.5A CN201610848242A CN106375332A CN 106375332 A CN106375332 A CN 106375332A CN 201610848242 A CN201610848242 A CN 201610848242A CN 106375332 A CN106375332 A CN 106375332A
Authority
CN
China
Prior art keywords
code
terminal unit
hop router
check code
identification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610848242.5A
Other languages
Chinese (zh)
Inventor
谢荣华
刘峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Giant Turtle Technology Co Ltd
Original Assignee
Beijing Giant Turtle Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Giant Turtle Technology Co Ltd filed Critical Beijing Giant Turtle Technology Co Ltd
Priority to CN201610848242.5A priority Critical patent/CN106375332A/en
Publication of CN106375332A publication Critical patent/CN106375332A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a network safe browsing method and device. The network safe browsing method comprises that a browser obtains a unique identification code of a terminal device to generate a device check code, obtains an identification code of a first-hop router of the terminal device to generate a first-hop router check code and sends an access request including the device check code and the first-hop router check code to a server; and the server compares the first-hop router check code and the device check code with a pre-stored router authorization list and a pre-stored device authorization list to verify the authorization condition of the device and the terminal, and allows the terminal device to visit a webpage after the device and the terminal pass the authorization verification. According to the network safe browsing method and device, the problems of insecurity, high cost and incapability of limiting login devices and places in the existing authorization mode are solved, and the security and efficiency of identity authentication of enterprise websites are improved.

Description

Network safety browsing method and device
Technical field
The present invention relates to computer and internet arena are and in particular to a kind of network safety browsing method and device.
Background technology
Background management system common identification authentication mode in the Internet has following 2 kinds at present:
Mode based on usemame/password.This is the most unsafe authentication mode of most original, is very easy to because password is let out The reason such as dew or password guess leads to user identity to be forged;
Authentication mode based on usb key.This mode has good safety and effectiveness, but this authentication mode High cost, difficult in maintenance, institute is wide in finance and E-Government application ratio by this way, but in the Internet back-stage management In system, application is fewer.
Content of the invention
The network safety browsing method and the device that there is provided for defect of the prior art, the present invention are it is intended to solve existing Dangerous present in authentication mode, high cost, it is impossible to limit the problem in logging device and place, improves enterprise web site identity and recognizes The safety of card and high efficiency.
In a first aspect, a kind of network safety browsing method that the present invention provides, comprising: browser is according to the body of user input Part information generates proof of identity code, and described browser sends access request to server, and described access request includes described body Part check code;Described proof of identity code is compared by described server with grant column list, obtains the mandate feelings of described proof of identity code Condition, if described proof of identity code is authorized to, allows described user to access webpage, does not otherwise allow described user to access webpage.
Second aspect, a kind of network safety browsing method that the present invention provides, comprising: browser obtains terminal unit only One identification code, encodes to described exclusive identification code, generates UC code, and described exclusive identification code includes hard disk serial number With network interface card serial number;Described browser obtains the identification code of the first hop router of terminal unit, to described first hop router Identification code encoded, generate the first hop router check code;Described browser sends access request, described visit to server Ask that request includes described UC code and described first hop router check code;Described server compares described first jump road By device check code and router grant column list, if described first hop router check code is authorized to, allow described terminal unit Access webpage;If described first hop router check code is uncommitted, compare described UC code and device authorization list In UC code, if described UC code is uncommitted, do not allow described terminal unit to access webpage;If described set Standby check code is authorized to then, then check whether the described terminal unit in device authorization list limits place, if described terminal sets For not limiting place, then described terminal unit is allowed to access webpage;If described terminal unit limits place, compare described first First hop router check code of the described device end in hop router check code and described device authorization list, if described the One hop router check code is authorized to, then allow described terminal unit to access webpage, does not otherwise allow described terminal unit to access Webpage.
Preferably, terminal unit starts browser, the clicking operation of receive user, ejects terminal unit user information Table, described terminal unit user information table is used for filling in the personal information of user;Described browser obtains described terminal unit Exclusive identification code, described exclusive identification code is encoded, generates UC code, described exclusive identification code includes hard disk sequence Row number and network interface card serial number;Described browser obtains the identification code of the first hop router of terminal unit, to the described first jump road Encoded by the identification code of device, generated the first hop router check code;Described browser sends to authorize to described server and asks Ask, described authorization requests include described UC code and described first and jump routing check code, described terminal unit user Information table, described terminal unit user information table includes the authority levels of user's application;Described server receives mandate please Pending notice is sent to empowerment management personnel after asking;Described empowerment management personnel receive described pending notify after under line examination & verification described Authorization requests;Described server receive the examination & verification that described empowerment management personnel submit to by message after, judge user's application Mandate level, if described authority levels be place authorize, described first hop router check code is added to described router In grant column list;If described authority levels are authorization terminal, described UC code is added to described device authorization list In;If described authority levels are equipment+authorization terminal, described UC code and described first hop router check code are added In oil (gas) filling device grant column list.
Preferably, described exclusive identification code also includes cpu row number.
Preferably, described coded system is md5 coding or sha1 coding.
The third aspect, a kind of safe network browsing device of the present invention, comprising: client checks code generation module, for clear Device of looking at obtains the exclusive identification code of terminal unit, and described exclusive identification code is encoded, and generates UC code, described unique Identification code includes hard disk serial number and network interface card serial number;Described browser obtains the mark of the first hop router of terminal unit Code, encodes to the identification code of described first hop router, generates the first hop router check code;Described browser is to service Device sends access request, and described access request includes described UC code and described first hop router check code;Authorize Authentication module, compares described first hop router check code and router grant column list for described server, if described first Hop router check code is authorized to, then allow described terminal unit to access webpage;If described first hop router check code not by Authorize, then compare the UC code in described UC code and device authorization list, if described UC code is not awarded Quan Ze does not allow described terminal unit to access webpage;If described UC code is authorized to, check in device authorization list Described terminal unit whether limit place, if described terminal unit does not limit place, allow described terminal unit to access net Page;If described terminal unit limits place, compare in described first hop router check code and described device authorization list First hop router check code of described device end, if described first hop router check code is authorized to, allows described end End equipment accesses webpage, does not otherwise allow described terminal unit to access webpage.
Preferably, also include grant column list generation module, be used for: terminal unit starts browser, the click of receive user Operation, ejects terminal unit user information table, and described terminal unit user information table is used for filling in the personal information of user; Described browser obtains the exclusive identification code of described terminal unit, and described exclusive identification code is encoded, and generates UC Code, described exclusive identification code includes hard disk serial number and network interface card serial number;Described browser obtains the first jump road of terminal unit By the identification code of device, the identification code of described first hop router is encoded, generate the first hop router check code;Described clear Device of looking at sends authorization requests to described server, and described authorization requests include described UC code and described first and jump route Check code, described terminal unit user information table, described terminal unit user information table includes the mandate of user's application Rank;Described server sends pending notice to empowerment management personnel after receiving authorization requests;Described empowerment management personnel receive Described authorization requests are audited under line after described pending notice;Described server receives the examination & verification that described empowerment management personnel submit to By message after, judge user application mandate level, if described authority levels be place authorize, will described first jump route Device check code is added in described router grant column list;If described authority levels are authorization terminal, by described UC Code is added in described device authorization list;If described authority levels are equipment+authorization terminal, by described UC code and Described first hop router check code adds in device authorization list.
Preferably, described exclusive identification code also includes cpu serial number.
Preferably, described coded system is md5 coding or sha1 coding.
Brief description
Fig. 1 is the flow chart of network safety browsing method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of network safety browsing method provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with accompanying drawing, the embodiment of technical solution of the present invention is described in detail.Following examples are only used for Clearly technical scheme is described, is therefore intended only as example, and the protection of the present invention can not be limited with this Scope.
It should be noted that unless otherwise stated, technical term used in this application or scientific terminology should be this The ordinary meaning that bright one of ordinary skill in the art are understood.
Embodiment one
A kind of network safety browsing method that the present invention provides, comprising:
Step s1, browser generates proof of identity code according to the identity information of user input, and browser sends to server Access request, access request includes proof of identity code.
Step s2, proof of identity code and grant column list are compared by server, obtain the authorization conditions of proof of identity code, if body Part check code is authorized to, then allow user to access webpage, does not otherwise allow user to access webpage.
Embodiment two
Network safety browsing method provided in an embodiment of the present invention and device are mainly used in the Internet background management system, Internal staff needs different mandates when processing website back-end data, and such as common employee limits it in corporate office, that is, Limit the field of employment of this terminal unit, but for the higher supervisor of rank, manager etc., its office may be not limited to public affairs Department, is therefore unable to the field of employment of limiting terminal equipment, can only be by authorizing to terminal unit.
In order to be smoothly through browser access enterprise web site, terminal unit first needs to obtain and authorizes.Specifically eventually End equipment obtains the step authorizing and includes:
Terminal unit starts browser, and user clicks on and obtains authorization message button, the clicking operation of browser receive user, Eject terminal unit user information table, terminal unit user information table is used for filling in the personal information of user, and user is at end The identity information of user is inserted in end equipment user information table;Meanwhile, browser obtains the exclusive identification code of terminal unit, right Exclusive identification code is encoded, and generates UC code, and exclusive identification code includes hard disk serial number and network interface card serial number;Browser Obtain the identification code of the first hop router of terminal unit, the identification code of the first hop router is encoded, generate the first jump Router check code;After user completes the information in terminal unit user information table, click on and initiate to authorize, browser will Send authorization requests to server, authorization requests include UC code and first and jump routing check code, terminal unit use Person's information table, terminal unit user information table includes the authority levels of user's application.After server receives authorization requests Send pending notice to empowerment management personnel;Empowerment management personnel receive examination & verification authorization requests under pending line after notifying;Server Receive empowerment management personnel submission examination & verification by information after, judge user apply for authority levels, if authority levels are Place authorizes, then the first hop router check code is added in router grant column list;If authority levels are authorization terminal, UC code is added in device authorization list;If authority levels are equipment+authorization terminal, by UC code and the One hop router check code adds in device authorization list.
Wherein, exclusive identification code refers to the mark that terminal unit is different from other terminal units.Hard disk is the core of terminal unit Center portion part, network interface card serial number just has determined when dispatching from the factory and is unique, and therefore, the exclusive identification code of equipment preferably employs The hard disk serial number of terminal unit and network interface card serial number, so can ensure that the UC code that every station terminal equipment generates is only One.In order to further improve the safety of device authentication, can also be from cpu serial number, hard disk serial number and network interface card sequence Row number combination producing UC code.
Wherein, the identification code of the first hop router includes the mac address of router.The mark of the preferably first hop router Code includes the mac address of router and the ip address of router.
Wherein, the personal information inserted in terminal unit user information table includes: the name/id of user, password, user The authority levels of application, optionally plus the name of terminal unit director, post, the management of this equipment of enterprises Information etc..
Wherein, authority levels are divided into authorization terminal, place mandate, terminal+place to authorize.Authorization terminal is to need for frequent Want the user setup of mobile office, only need in certification whether the UC code of certification terminal unit is authorized to, do not limit The network that terminal unit is connected, the place that is, limiting terminal equipment does not log in, as long as user passes through the terminal unit of this mandate Just can smoothly log in enterprise web site, further be operated.It is that network is authorized that place authorizes, and passes through in certification Verify whether the identification code of the first hop router is authorized to, to differentiate whether network is authorized to, if network is authorized to, by being somebody's turn to do The equipment of network connection can log in enterprise web site.Place authorizes and typically the router of enterprises is authorized, this Sample only needs a sub-authorization, and in-company equipment all can smoothly log in enterprise web site by the network of enterprise, and every equipment need not Individually authorized.It is the combination that authorization terminal and place authorize that terminal+place authorizes, during authentication authorization and accounting, the equipment of terminal unit Check code and the first hop router check code will be authorized to ability access enterprise networks page, and security performance is higher.
It is possible to pass through the terminal device logs website authorizing, concrete login authentication step such as Fig. 2 after user is authorized Shown, a kind of network safety browsing method provided in an embodiment of the present invention includes:
Step s10, browser obtains the exclusive identification code of terminal unit, and exclusive identification code is encoded, and generates equipment Check code, exclusive identification code includes hard disk serial number and network interface card serial number;Browser obtains the first hop router of terminal unit Identification code, the identification code of the first hop router is encoded, generate the first hop router check code;Browser is to server Send access request, access request includes UC code and the first hop router check code.
Wherein, browser can obtain the congener serial number with certification phase and generate UC code, adopt when such as authorizing Cpu serial number, hard disk serial number and network interface card serial number generate UC code, then during certification, browser obtains terminal unit Cpu serial number, hard disk serial number and network interface card serial number generate UC code.
Step s20, server compares the first hop router check code and router grant column list, if the first hop router school Test code to be authorized to, then allow terminal unit to access webpage;If the first hop router check code is uncommitted, compare UC Code with device authorization list in UC code, if UC code is uncommitted, do not allow terminal unit access webpage; If UC code is authorized to, check whether the terminal unit in device authorization list limits place, if terminal unit is not Limit place, then allow terminal unit to access webpage;If terminal unit limit place, compare the first hop router check code with First hop router check code of the device end in device authorization list, if the first hop router check code is authorized to, permits Permitted terminal unit and accessed webpage, otherwise do not allow terminal unit to access webpage.
Wherein, there is the first hop router check code of all authorized routers in router grant column list, if Compare identical the first hop router check code in router grant column list, then show that corresponding router is authorized to.
Wherein, in device authorization list every station terminal equipment all correspond to have two storage positions, first storage position is used for depositing Store up the UC code of this terminal unit, the second storage position is used for storing the first jump route when obtaining mandate for this device end Device check code.If the Permission Levels of terminal unit are authorization terminal, in device authorization list, only there are all authorized ends The UC code of end equipment;If the Permission Levels of terminal unit are terminal+place authorizing, except depositing in device authorization list There is UC code, also have this device end and obtaining the first hop router verification when authorizing.
Therefore, check that the method whether terminal unit in device authorization list limits place can be to check device authorization Whether the second storage position of the terminal unit in list is empty, if the second storage position is sky, the power of terminal unit terminal unit Limit rank is authorization terminal, if the second storage position is not empty, the Permission Levels of terminal unit terminal unit are awarded for terminal+place Power.It is of course also possible to just be separately provided whether marker bit limits field for labelling terminal unit when generating device authorization list Institute;When checking whether the terminal unit in device authorization list limits place, only need to check corresponding marker bit.
Embodiment of the present invention network safety browsing method, can make the business datum being positioned on the Internet be in effective pipe Under control, for having Information Security Risk but having to be positioned over the internet system of outer net, business datum can be greatly reduced The risk leaking and security control cost.
Wherein, the coded system in licensing process and verification process is preferably md5 coding or sha1 coding.The full name of md5 It is message-digest algorithm 5 it is simply that the meaning of informative abstract, but this informative abstract is not information content Abbreviation, but according to disclosed md5 algorithm, prime information is carried out with the feature of 128 (bit) obtaining after mathematic(al) manipulation Code.The practical application of md5 is to produce fingerprint (fingerprint) to one section of message (byte serial), can prevent information quilt " distorting ", improves the safety of information transmission between terminal unit and server.Sha-1 is a kind of DEA, this calculation The thought of method is to receive one section of plaintext, is then irreversibly converted into one section of (generally less) ciphertext with one kind, Can simply be interpreted as taking a string input code (referred to as preliminary mapping or information), and they are converted into length is shorter, digit is solid Fixed output sequence is the process of hashed value (also referred to as informative abstract or message authentication codes), and sha-1 coded system is difficult to be subject to Cryptanalytic attack.
Embodiment three
Conceive identical inventive concept based on above-mentioned network safety browsing method, the embodiment of the present invention additionally provides one kind Safe network browsing device, comprising: client checks code generation module, obtains the exclusive identification code of terminal unit for browser, Exclusive identification code is encoded, generates UC code, exclusive identification code includes hard disk serial number and network interface card serial number;Browse Device obtains the identification code of the first hop router of terminal unit, and the identification code of the first hop router is encoded, and generates first Hop router check code;Browser sends access request to server, and access request includes UC code and the first jump road By device check code;First hop router check code is compared with grant column list by authority checking module for server, obtains first The authorization conditions of hop router check code, if the first hop router check code is authorized to, allow terminal unit to access webpage, if The uncommitted mandate feelings then UC code being contrasted with grant column list, obtaining UC code of first hop router check code Condition, if UC code is authorized to, allows terminal unit to access webpage, if UC code is uncommitted, does not allow terminal Equipment accesses webpage.
Preferably, also include grant column list generation module, be used for: terminal unit starts browser, awarded by clicking on acquisition Power information, ejects terminal unit user information table, and terminal unit user information table is used for filling in the personal information of user;Clear Device of looking at obtains the exclusive identification code of terminal unit, and exclusive identification code is encoded, and generates UC code, exclusive identification code bag Include hard disk serial number and network interface card serial number;Browser obtains the identification code of the first hop router of terminal unit, to the first jump road Encoded by the identification code of device, generated the first hop router check code;Browser sends authorization requests to server, and authorizing please Ask and include UC code and the first jump routing check code, terminal unit user information table;Server is according to terminal unit Position level in user information table judges authority levels, according to terminal unit user information table, UC code, first Jump routing check code, authority levels generate grant column list, and transfer to personnel's examination & verification under line, if examination & verification is by come into force mandate row Table.
Preferably, exclusive identification code also includes cpu sequence.
Preferably, coded system is md5 coding or sha1 coding.
Embodiment of the present invention safe network browsing device, can make the business datum being positioned on the Internet be in effective pipe Under control, for having Information Security Risk but having to be positioned over the internet system of outer net, business datum can be greatly reduced The risk leaking and security control cost.
Finally it is noted that various embodiments above, only in order to technical scheme to be described, is not intended to limit;To the greatest extent Pipe has been described in detail to the present invention with reference to foregoing embodiments, it will be understood by those within the art that: its according to So the technical scheme described in foregoing embodiments can be modified, or wherein some or all of technical characteristic is entered Row equivalent;And these modifications or replacement, do not make the essence of appropriate technical solution depart from various embodiments of the present invention technology The scope of scheme, it all should be covered in the middle of the claim of the present invention and the scope of description.

Claims (9)

1. a kind of network safety browsing method is it is characterised in that include:
Browser generates proof of identity code according to the identity information of user input, and described browser sends to access to server and asks Ask, described access request includes described proof of identity code;
Described proof of identity code is compared by described server with grant column list, obtains the authorization conditions of described proof of identity code, if Described proof of identity code is authorized to, then allow described user to access webpage, does not otherwise allow described user to access webpage.
2. a kind of network safety browsing method is it is characterised in that include:
Browser obtains the exclusive identification code of terminal unit, and described exclusive identification code is encoded, and generates UC code, institute State exclusive identification code and include hard disk serial number and network interface card serial number;Described browser obtains the first hop router of terminal unit Identification code, encodes to the identification code of described first hop router, generates the first hop router check code;Described browser to Server sends access request, and described access request includes described UC code and described first hop router check code;
Described server compares described first hop router check code and router grant column list, if described first hop router school Test code to be authorized to, then allow described terminal unit to access webpage;If described first hop router check code is uncommitted, compare UC code in described UC code and device authorization list, if described UC code is uncommitted, does not allow institute State terminal unit and access webpage;If described UC code is authorized to, check that the described terminal in device authorization list sets For whether limiting place, if described terminal unit does not limit place, described terminal unit is allowed to access webpage;If described terminal Equipment limits place, then compare described device end in described first hop router check code and described device authorization list First hop router check code, if described first hop router check code is authorized to, allows described terminal unit to access webpage, Described terminal unit is not otherwise allowed to access webpage.
3. method according to claim 2 is it is characterised in that the step of described generation grant column list includes:
Terminal unit starts browser, the clicking operation of receive user, ejects terminal unit user information table, and described terminal sets Standby user information table is used for filling in the personal information of user;Described browser obtains the exclusive identification code of described terminal unit, Described exclusive identification code is encoded, generates UC code, described exclusive identification code includes hard disk serial number and network interface card sequence Row number;Described browser obtains the identification code of the first hop router of terminal unit, the identification code to described first hop router Encoded, generated the first hop router check code;Described browser sends authorization requests to described server, and described mandate please Ask and include described UC code and described first jump routing check code, described terminal unit user information table, described end End equipment user information table includes the authority levels of user's application;
Described server sends pending notice to empowerment management personnel after receiving authorization requests;Described empowerment management personnel receive institute Described authorization requests are audited under line after stating pending notice;The examination & verification that described server receives described empowerment management personnel submission is led to After the message crossed, judge the mandate level of user's application, if described authority levels authorize for place, by described first hop router Check code is added in described router grant column list;If described authority levels are authorization terminal, by described UC code It is added in described device authorization list;If described authority levels are equipment+authorization terminal, by described UC code and institute State the first hop router check code to add in device authorization list.
4. method according to claim 3 is it is characterised in that described exclusive identification code also includes cpu serial number.
5. method according to claim 2 is it is characterised in that described coded system is md5 coding or sha1 coding.
6. a kind of safe network browsing device is it is characterised in that include:
Client checks code generation module, obtains the exclusive identification code of terminal unit, described exclusive identification code is entered for browser Row coding, generates UC code, and described exclusive identification code includes hard disk serial number and network interface card serial number;Described browser obtains The identification code of the first hop router of terminal unit, encodes to the identification code of described first hop router, generates the first jump Router check code;Described browser sends access request to server, and described access request includes described UC code With described first hop router check code;
Authority checking module, compares described first hop router check code and router grant column list for described server, if Described first hop router check code is authorized to, then allow described terminal unit to access webpage;If described first hop router school Test that code is uncommitted, then compare the UC code in described UC code and device authorization list, if described UC Code is uncommitted, does not allow described terminal unit to access webpage;If described UC code is authorized to, the equipment of checking is awarded Whether the described terminal unit in power list limits place, if described terminal unit does not limit place, allows described terminal to set Standby access webpage;If described terminal unit limits place, compare described first hop router check code and described device authorization First hop router check code of the described device end in list, if described first hop router check code is authorized to, permits Permitted described terminal unit and accessed webpage, otherwise do not allow described terminal unit to access webpage.
7. device according to claim 6, it is characterised in that also including grant column list generation module, is used for:
Terminal unit starts browser, the clicking operation of receive user, ejects terminal unit user information table, and described terminal sets Standby user information table is used for filling in the personal information of user;Described browser obtains the exclusive identification code of described terminal unit, Described exclusive identification code is encoded, generates UC code, described exclusive identification code includes hard disk serial number and network interface card sequence Row number;Described browser obtains the identification code of the first hop router of terminal unit, the identification code to described first hop router Encoded, generated the first hop router check code;Described browser sends authorization requests to described server, and described mandate please Ask and include described UC code and described first jump routing check code, described terminal unit user information table, described end End equipment user information table includes the authority levels of user's application;
Described server sends pending notice to empowerment management personnel after receiving authorization requests;Described empowerment management personnel receive institute Described authorization requests are audited under line after stating pending notice;The examination & verification that described server receives described empowerment management personnel submission is led to After the message crossed, judge the mandate level of user's application, if described authority levels authorize for place, by described first hop router Check code is added in described router grant column list;If described authority levels are authorization terminal, by described UC code It is added in described device authorization list;If described authority levels are equipment+authorization terminal, by described UC code and institute State the first hop router check code to add in device authorization list.
8. device according to claim 7 is it is characterised in that described exclusive identification code also includes cpu serial number.
9. device according to claim 6 is it is characterised in that described coded system is md5 coding or sha1 coding.
CN201610848242.5A 2016-09-23 2016-09-23 Network safe browsing method and device Pending CN106375332A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610848242.5A CN106375332A (en) 2016-09-23 2016-09-23 Network safe browsing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610848242.5A CN106375332A (en) 2016-09-23 2016-09-23 Network safe browsing method and device

Publications (1)

Publication Number Publication Date
CN106375332A true CN106375332A (en) 2017-02-01

Family

ID=57897284

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610848242.5A Pending CN106375332A (en) 2016-09-23 2016-09-23 Network safe browsing method and device

Country Status (1)

Country Link
CN (1) CN106375332A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064731A (en) * 2019-12-23 2020-04-24 北京神州绿盟信息安全科技股份有限公司 Identification method and identification device for access authority of browser request and terminal
CN111885006A (en) * 2020-06-29 2020-11-03 上海巧房信息科技有限公司 Page access and authorized access method and device
CN112395604A (en) * 2019-08-15 2021-02-23 奇安信安全技术(珠海)有限公司 System monitoring login protection method, client, server and storage medium
CN114422179A (en) * 2021-12-10 2022-04-29 北京升明科技有限公司 Login method and device for terminal equipment browser

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140026161A1 (en) * 2012-07-17 2014-01-23 Mstar Semiconductor, Inc. Authorization method and system for smart tv and smart tv applying the same
US20150113290A1 (en) * 2009-11-16 2015-04-23 Rahul V. Auradkar Containerless data for trustworthy computing and data services
CN104717223A (en) * 2015-03-26 2015-06-17 小米科技有限责任公司 Data access method and device
CN105101209A (en) * 2015-08-24 2015-11-25 山西朗众信息技术有限公司 Wireless router access method and wireless router access system
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device
CN105848287A (en) * 2016-05-26 2016-08-10 北京小米移动软件有限公司 Method, device and system for processing terminal positioning and router

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150113290A1 (en) * 2009-11-16 2015-04-23 Rahul V. Auradkar Containerless data for trustworthy computing and data services
US20140026161A1 (en) * 2012-07-17 2014-01-23 Mstar Semiconductor, Inc. Authorization method and system for smart tv and smart tv applying the same
CN104717223A (en) * 2015-03-26 2015-06-17 小米科技有限责任公司 Data access method and device
CN105101209A (en) * 2015-08-24 2015-11-25 山西朗众信息技术有限公司 Wireless router access method and wireless router access system
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device
CN105848287A (en) * 2016-05-26 2016-08-10 北京小米移动软件有限公司 Method, device and system for processing terminal positioning and router

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112395604A (en) * 2019-08-15 2021-02-23 奇安信安全技术(珠海)有限公司 System monitoring login protection method, client, server and storage medium
CN111064731A (en) * 2019-12-23 2020-04-24 北京神州绿盟信息安全科技股份有限公司 Identification method and identification device for access authority of browser request and terminal
CN111064731B (en) * 2019-12-23 2022-02-15 绿盟科技集团股份有限公司 Identification method and identification device for access authority of browser request and terminal
CN111885006A (en) * 2020-06-29 2020-11-03 上海巧房信息科技有限公司 Page access and authorized access method and device
CN114422179A (en) * 2021-12-10 2022-04-29 北京升明科技有限公司 Login method and device for terminal equipment browser
CN114422179B (en) * 2021-12-10 2023-11-21 北京升明科技有限公司 Login method and device of terminal equipment browser

Similar Documents

Publication Publication Date Title
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
CN103414562B (en) User authority control method and device based on URL fingerprint techniques
US10754826B2 (en) Techniques for securely sharing files from a cloud storage
CN101166091B (en) A dynamic password authentication method and service end system
CN102077208B (en) The method and system of the licence of protected content is provided to application program collection
CN103581105B (en) Login validation method and login authentication system
CN110149328A (en) Interface method for authenticating, device, equipment and computer readable storage medium
US20050015601A1 (en) Methods, systems, and media to authenticate a user
CN102469075A (en) Integrated authentication method based on WEB single sign-on
CN102377756B (en) Service access method and system, authentication method and system, client and authentication server
CN105430014B (en) A kind of single-point logging method and its system
CN102571873B (en) Bidirectional security audit method and device in distributed system
CN113132404B (en) Identity authentication method, terminal and storage medium
US20080270571A1 (en) Method and system of verifying permission for a remote computer system to access a web page
CN106375332A (en) Network safe browsing method and device
CN106161348A (en) A kind of method of single-sign-on, system and terminal
CN109756446A (en) A kind of access method and system of mobile unit
CN107786343A (en) A kind of access method and system in privately owned mirror image warehouse
CN1588853A (en) Uniform identication method and system based on network
CN103986734B (en) Authentication management method and authentication management system applicable to high-security service system
CN106101054A (en) The single-point logging method of a kind of multisystem and centralized management system
CN102571874B (en) On-line audit method and device in distributed system
CN103024706A (en) Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication
CN105354482A (en) Single sign-on method and device
JP2007280393A (en) Device and method for controlling computer login

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170201