CN108270742A - A kind of method that VPN safety certifications are carried out using bill - Google Patents

A kind of method that VPN safety certifications are carried out using bill Download PDF

Info

Publication number
CN108270742A
CN108270742A CN201611265621.8A CN201611265621A CN108270742A CN 108270742 A CN108270742 A CN 108270742A CN 201611265621 A CN201611265621 A CN 201611265621A CN 108270742 A CN108270742 A CN 108270742A
Authority
CN
China
Prior art keywords
server
vpn
ticket
client
bill
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611265621.8A
Other languages
Chinese (zh)
Inventor
郝振旺
刘瑞
杨文山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GEER SOFTWARE CO Ltd SHANGHAI
Original Assignee
GEER SOFTWARE CO Ltd SHANGHAI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GEER SOFTWARE CO Ltd SHANGHAI filed Critical GEER SOFTWARE CO Ltd SHANGHAI
Priority to CN201611265621.8A priority Critical patent/CN108270742A/en
Publication of CN108270742A publication Critical patent/CN108270742A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A kind of method that VPN safety certifications are carried out using bill disclosed by the invention, is included the following steps:Step 1, client sends bill data request to ticket server;Step 2, ticket server generation bill data;Step 3, client sends connection request and bill data to vpn server;Step 4, vpn server sends verification ticket requests bill data to ticket server and sends;Step 5, ticket server carries out legitimate verification, and verification result is back to vpn server to the bill data got;Step 6, vpn server acquisition judges the verification result got, if it is determined that verification result is successfully, then VPN secure tunnels is established between vpn server and client.The present invention can be under the premise of safety not be influenced, and client only needs certification that can once log in more vpn servers, realizes the function of single-sign-on, effectively improves the overall performance of vpn server.

Description

A kind of method that VPN safety certifications are carried out using bill
Technical field
The present invention relates to VPN technical field of security authentication more particularly to a kind of sides that VPN safety certifications are carried out using bill Method.
Background technology
In VPN application environments, user will connect application server, first have to be connected to vpn server, vpn server Safety certification is carried out to the user of connection, VPN secure tunnels are established in certification after, and then user terminal passes through this secure tunnel Application server is connected, the data transmission between user terminal and server ensure that use by this secure tunnel encrypted transmission The safety of user data.
In the process, vpn server is generally authenticated client identity using digital certificate mode, VPN services The work of the device not only work to the encryption/decryption for transmitting data, further includes the work being authenticated to client identity, visitor Family end, which often logs in, to be once required for verifying again once, as deployment N (N in system>1) during platform vpn server, every VPN service Device will authenticate once, and the wherein certification work of N-1 times is to repeat, and generally increase the work load of vpn server, drop The low whole work efficiency of vpn server.
For this purpose, applicant carried out beneficial exploration and trial, result of the above problems is had found, will be detailed below being situated between The technical solution to continue generates in this background.
Invention content
The technical problems to be solved by the invention:It is provided a kind of using bill progress VPN peaces for prior art deficiency The method of full certification, this method can be under the premise of safety not be influenced, and client only needs certification that can once log in more Vpn server realizes the function of single-sign-on, effectively improves the overall performance of vpn server.
Following technical scheme may be used to realize in technical problem solved by the invention:
A kind of method that VPN safety certifications are carried out using bill, is included the following steps:
Step S1, client are established with ticket server and are connected, and send bill data request to ticket server;
Step S2, ticket server test bill data request after receiving the bill data request of client transmission Card, to the new bill data that requests to generate after being verified, and is back to client by new bill data;
Step S3, client get ticket server return bill data after to vpn server send connection request And bill data;
Step S4, vpn server are built after getting the connection request and bill data of client transmission with ticket server Vertical connection, and verification ticket requests are sent, while the bill data got is sent to bill data device to ticket server;
Step S5, after ticket server gets the verification ticket requests and bill data of vpn server transmission, to obtaining The bill data arrived carries out legitimate verification, and verification result is back to vpn server;
Step S6, after vpn server gets the verification result of ticket server return, to the verification result that gets into Row judgement, if it is determined that verification result is successfully, then establishes VPN secure tunnels between vpn server and client, otherwise refuses Client request.
As a result of technical solution as above, the beneficial effects of the present invention are:The method of the present invention can not influence Under the premise of safety, client only needs certification that can once log in more vpn servers, realizes the function of single-sign-on, Effectively improve the overall performance of vpn server.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention, for those of ordinary skill in the art, without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the system deployment figure of the present invention.
Fig. 2 is the system sequence figure of the present invention.
Fig. 3 is the work flow diagram of the present invention.
Fig. 4 is the system construction drawing of the present invention.
Specific embodiment
In order to be easy to understand the technical means, the creative features, the aims and the efficiencies achieved by the present invention, tie below Conjunction is specifically illustrating, and the present invention is further explained.
The method that VPN safety certifications are carried out using bill of the present invention is to be based on to verify client body in vpn server The work stripping of part, ticket server complete the work of user's checking, user management, and vpn server is connected using bill data, To improve the efficiency of encryption/decryption of VPN transmission data, improve vpn server overall performance.Bill in the present invention is The characteristics of authority of client legal identity, bill data, includes randomness, uniqueness and timeliness.Bill data is to produce at random Raw, be not in identical bill data.Bill data is unique, and a bill has corresponded to a unique terminal and used Family;Bill data has certain life cycle, such as 1 minute, and user must use the bill within 1 minute, otherwise bill It will fail, and increase the safety of bill.
Bill data is generated by ticket server, and ticket server groundwork includes client identity verification, Yong Huhe Bill data management when users log on, is firstly connected to ticket server and obtains bill, then taken using ticket requests VPN Business device establishes tunnel, and vpn server to ticket server verifies bill legitimacy, is verified rear vpn tunneling and establishes completion.
Based on above-mentioned principle, referring to Fig. 1 to Fig. 4, the method for the invention for carrying out VPN safety certifications using bill passes through such as Lower step is realized:
1) system integral deployment is shown in that detailed description are as follows:
A) vpn server establishes VPN escape ways using bill identification mode;
B) ticket server is deployed as HTTPS bi-directional authentications, and client logs in ticket using KEY equipment in a manner of WEB Authentication is done according to server;
C) application server and vpn server are deployed as series system, and terminal user has to pass through vpn server and could visit Ask application service;
2) client uses web browser connection ticket server URL addresses;
3) ticket server receives client request, returns to server certificate information;
4) client obtains server certificate information, and authentication server certificate legitimacy sends client after being verified Certificate information in KEY asks authentication to ticket server;
5) after server receives client certificate, client identity is verified, after client identity is verified, Generation bill data simultaneously returns to client, and bill is saved in buffering area by ticket server, and when preservation uses SHA256 (HASH Algorithm) the HASH values of bill are calculated, the HASH values of bill are only preserved in buffering area, do not preserve original bill data, simultaneously also The generated time of bill is preserved, which is used to verify the lifetime of bill;
6) client receives bill data, connects vpn server using bill data, vpn server obtains bill data Afterwards, connection ticket server verifies the legitimacy of this bill;
7) ticket server receives vpn server verification ticket requests, carries out HASH operations to bill, searches system cache The HASH values of middle bill, and the lifetime of bill is verified, by rear, return is proved to be successful verification bill;
8) vpn server obtains the good authentication of ticket server return as a result, establishing VPN secure tunnels;
9) client accesses application server by tunnel;
The scheme further illustrated the present invention below by way of specific example:
1) system deployment and IP address configuration information, it is as follows in detail:
A) vpn server (3):192.168.10.20 192.168.10.21 192.168.10.22
B) ticket server:192.168.10.30
C) application server:192.168.10.40
D) client terminal:VPN security client softwares are installed
2) configuration server information is as follows in detail:
A) in vpn server, configuration ticket server address is 192.168.10.30, and configuration allows the application clothes accessed Device address be engaged in as 192.168.10.40;
B) in ticket server, it is configured to the certificate information of verification user identity;
3) client opens browser, inputs ticket server address 192.168.10.30, user KEY is inserted into after opening Equipment simultaneously inputs PIN code, logs on to ticket server request bill;
4) ticket server receives client request, verifies client certificate and signing messages, and client identity verification is logical Later, it generates bill data and returns to client, ticket server preserves this billing information;
5) after client receives bill, start VPN client program, VPN client program is connected to VPN using bill and takes Device be engaged in (such as:192.168.10.20), escape way is established in request;
6) vpn server is (such as:192.168.10.20) receive client request, bill data is sent to ticket server Verify bill legitimacy;
7) ticket server receives vpn server verification ticket requests, calculates the HASH values of this bill and searches buffering area, The life cycle of bill is verified after finding, is returned in life cycle successfully, otherwise returns to failure;
8) vpn server receives the message of ticket server return, and successful then vpn tunneling is successfully established;
9) client normally accesses application server 192.168.10.40, the data between client and application server Transmission all passes through VPN escape way encryptions.
The basic principles, main features and the advantages of the invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its Equivalent thereof.

Claims (1)

  1. A kind of 1. method that VPN safety certifications are carried out using bill, which is characterized in that include the following steps:
    Step S1, client are established with ticket server and are connected, and send bill data request to ticket server;
    Step S2, ticket server receive after the bill data that client is sent is asked and bill data request are verified, To the new bill data that requests to generate after being verified, and new bill data is back to client;
    Step S3, client get and send connection request and ticket to vpn server after the bill data of ticket server return According to data;
    Step S4, vpn server connect after getting the connection request and bill data of client transmission with ticket server foundation It connects, and sends verification ticket requests to ticket server, while the bill data got is sent to bill data device;
    Step S5, after ticket server gets the verification ticket requests and bill data of vpn server transmission, to what is got Bill data carries out legitimate verification, and verification result is back to vpn server;
    Step S6 after vpn server gets the verification result of ticket server return, sentences the verification result got It is fixed, if it is determined that verification result is successfully, then VPN secure tunnels are established between vpn server and client, otherwise refuse client End request.
CN201611265621.8A 2016-12-30 2016-12-30 A kind of method that VPN safety certifications are carried out using bill Pending CN108270742A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611265621.8A CN108270742A (en) 2016-12-30 2016-12-30 A kind of method that VPN safety certifications are carried out using bill

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611265621.8A CN108270742A (en) 2016-12-30 2016-12-30 A kind of method that VPN safety certifications are carried out using bill

Publications (1)

Publication Number Publication Date
CN108270742A true CN108270742A (en) 2018-07-10

Family

ID=62771016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611265621.8A Pending CN108270742A (en) 2016-12-30 2016-12-30 A kind of method that VPN safety certifications are carried out using bill

Country Status (1)

Country Link
CN (1) CN108270742A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109544153A (en) * 2018-10-16 2019-03-29 珠海横琴现联盛科技发展有限公司 Electronic certificate note validating method based on anti-tamper Encryption Algorithm
CN111355720A (en) * 2020-02-25 2020-06-30 深信服科技股份有限公司 Method, system and equipment for accessing intranet by application and computer storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207482A (en) * 2007-12-13 2008-06-25 深圳市戴文科技有限公司 System and method for implementation of single login
CN101651666A (en) * 2008-08-14 2010-02-17 中兴通讯股份有限公司 Method and device for identity authentication and single sign-on based on virtual private network
US20160286400A1 (en) * 2014-01-29 2016-09-29 Red Hat, Inc. Mobile device user authentication for accessing protected network resources

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207482A (en) * 2007-12-13 2008-06-25 深圳市戴文科技有限公司 System and method for implementation of single login
CN101651666A (en) * 2008-08-14 2010-02-17 中兴通讯股份有限公司 Method and device for identity authentication and single sign-on based on virtual private network
US20160286400A1 (en) * 2014-01-29 2016-09-29 Red Hat, Inc. Mobile device user authentication for accessing protected network resources

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109544153A (en) * 2018-10-16 2019-03-29 珠海横琴现联盛科技发展有限公司 Electronic certificate note validating method based on anti-tamper Encryption Algorithm
CN111355720A (en) * 2020-02-25 2020-06-30 深信服科技股份有限公司 Method, system and equipment for accessing intranet by application and computer storage medium

Similar Documents

Publication Publication Date Title
CN105516195B (en) A kind of security certification system and its authentication method based on application platform login
CN102271042B (en) Certificate authorization method, system, universal serial bus (USB) Key equipment and server
US7793340B2 (en) Cryptographic binding of authentication schemes
CN102201915B (en) Terminal authentication method and device based on single sign-on
EP2304636B1 (en) Mobile device assisted secure computer network communications
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
US20090055916A1 (en) Secure delegation using public key authentication
CN108243176B (en) Data transmission method and device
CN101453334B (en) Access management method and system based Novell network
CN101534192B (en) System used for providing cross-domain token and method thereof
CN104838629A (en) Method and system for authenticating user using mobile device and by means of certificates
CN109359464B (en) Wireless security authentication method based on block chain technology
CN106330838B (en) A kind of dynamic signature method and the client and server using this method
CN102916970B (en) Network-based PIN cache method
CN103067402A (en) Method and system for digital certificate generation
CN101902327A (en) Method and device for realizing single-point log-in and system thereof
CN111786799B (en) Digital certificate signing and issuing method and system based on Internet of things communication module
CN102868702B (en) System login device and system login method
CN102333085B (en) Security network authentication system and method
CN104821951B (en) A kind of method and apparatus of secure communication
JP5186648B2 (en) System and method for facilitating secure online transactions
CN108270742A (en) A kind of method that VPN safety certifications are carried out using bill
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN114679276B (en) Identity authentication method and device of time-based one-time password algorithm
CN105681364B (en) A kind of IPv6 mobile terminal attack resistance method based on enhancing binding

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai

Applicant after: KOAL SOFTWARE Co.,Ltd.

Address before: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Zhabei District, Shanghai

Applicant before: SHANGHAI KOAL SOFTWARE Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180710