CN108712387A - The system of user identity in a kind of identification network - Google Patents

The system of user identity in a kind of identification network Download PDF

Info

Publication number
CN108712387A
CN108712387A CN201810356219.3A CN201810356219A CN108712387A CN 108712387 A CN108712387 A CN 108712387A CN 201810356219 A CN201810356219 A CN 201810356219A CN 108712387 A CN108712387 A CN 108712387A
Authority
CN
China
Prior art keywords
client
user identity
interchanger
request
identification module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810356219.3A
Other languages
Chinese (zh)
Inventor
牛劲
王新成
王志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen United Soft Polytron Technologies Inc
Original Assignee
Shenzhen United Soft Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen United Soft Polytron Technologies Inc filed Critical Shenzhen United Soft Polytron Technologies Inc
Priority to CN201810356219.3A priority Critical patent/CN108712387A/en
Publication of CN108712387A publication Critical patent/CN108712387A/en
Priority to PCT/CN2019/080497 priority patent/WO2019201080A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Abstract

The present invention provides a kind of systems of user identity in identification network, including:Client, server-side, interchanger and identification module;The client is used to send certification request to the server-side by the interchanger;The interchanger is used to the certification request being mirrored to the identification module;Respond request is sent to the client by the server-side for being responded to the certification request by the interchanger;The interchanger is used to the respond request being mirrored to the identification module;The identification module is used to, according to the certification request and/or the respond request, identify user identity.It, can be in the case where carrying out any intervention to client by the way that identification module is arranged at interchanger, identification uses the user identity of client.The system cost is relatively low, and does not need user's cooperation, can improve user experience.

Description

The system of user identity in a kind of identification network
Technical field
The present invention relates to technical field of network security, and in particular to a kind of system identifying user identity in network.
Background technology
In existing enterprise's network, there are a large amount of computer equipment access networks.IP address often changes, and it is difficult to know to lead to enterprise Road is in some time, the equipment using this IP and user.In order to solve the problems, such as this one kind, it is often necessary to dispose a set of special Identity authorization system.Dispose identity authorization system, it is also desirable to employee composition certification.
Identity identifying method in the prior art needs employee composition, and cost is higher, operation it is cumbersome, user experience compared with Difference.
Invention content
For the defects in the prior art, the present invention provides a kind of system identifying user identity in network, can be not In the case of carrying out any intervention to client, identification uses the user identity of client.
The present invention provides a kind of systems of user identity in identification network, including:Client, server-side, interchanger and Identification module;
The client is used to send certification request to the server-side by the interchanger;
The interchanger is used to the certification request being mirrored to the identification module;
The server-side is sent out respond request by the interchanger for being responded to the certification request It send to the client;
The interchanger is used to the respond request being mirrored to the identification module;
The identification module is used to, according to the certification request and/or the respond request, identify user identity.
Optionally, the identification module is additionally operable to, according to the certification request and/or the respond request, identify institute State the IP address of client.
Optionally, described according to the certification request and/or the respond request, identify user identity, including:
The certification request and/or the respond request are pre-processed, the identification information with user identity is obtained;
According to the identification information, it is based on pre-stored identity map relation table, identifies user identity.
Optionally, the identification information, including:Account information and/or domain information.
Optionally, the identification module be additionally operable to record the user identity, the client IP address and use Family uses the time of the client.
The present invention, can be in the feelings for not carrying out any intervention to client by the way that identification module is arranged at interchanger Under condition, identification uses the user identity of client.The system cost is relatively low, and does not need user's cooperation, can improve user's body It tests.Also, by the way that user identity is identified, it can realize the control for using user client jurisdiction, use can be reduced Family carries out the number of authentication, and user can be avoided, which to frequently enter proof-of-identity, leads to information leakage.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art are briefly described.In all the appended drawings, similar element Or part is generally identified by similar reference numeral.In attached drawing, each element or part might not be drawn according to actual ratio.
Fig. 1 is the schematic diagram of the system of user identity in a kind of identification network provided by the invention.
Specific implementation mode
The embodiment of technical solution of the present invention is described in detail below in conjunction with attached drawing.Following embodiment is only used for Clearly illustrate technical scheme of the present invention, therefore be intended only as example, and the protection of the present invention cannot be limited with this Range.
It should be noted that unless otherwise indicated, technical term or scientific terminology used in this application should be this hair The ordinary meaning that bright one of ordinary skill in the art are understood.
The present invention provides a kind of systems of user identity in identification network.Below in conjunction with the accompanying drawings to the embodiment of the present invention It illustrates.
Referring to FIG. 1, Fig. 1 is that the system of user identity is shown in a kind of identification network for providing of the specific embodiment of the invention It is intended to, a kind of system identifying user identity in network provided in this embodiment, which is characterized in that including:Client, service End, interchanger and identification module;The client is used to send certification request to the server-side by the interchanger; The interchanger is used to the certification request being mirrored to the identification module;The server-side is for recognizing described Card request is responded, and respond request is sent to the client by the interchanger;The interchanger is used for institute It states respond request and is mirrored to the identification module;The identification module is used for according to the certification request and/or institute Respond request is stated, identifies user identity.
The present invention is suitable for business system, can be not to client by the way that identification module is arranged at interchanger In the case of carrying out any intervention, identification uses the user identity of client.The system cost is relatively low, and does not need user and match It closes, user experience can be improved.Also, by the way that user identity is identified, it can realize and client jurisdiction is used to user Control, can reduce user carry out authentication number, user can be avoided, which to frequently enter proof-of-identity, causes information to be let out Dew.
In a specific embodiment provided by the invention, the identification module is additionally operable to according to the certification request And/or the respond request, identify the IP address of the client.
Wherein, identification module can not only identify the user identity using client, but also can identify client The IP address at end.Identification module can also record the IP address and user identity of the client, record the currently used visitor The user identity at family end, as putting on record.
Identification module, can also be according in certification request and/or respond request when identifying the IP address of client Sender and recipient address identify that client can carry the IP address of itself when sending certification request to server-side And the IP address of server-side, server-side when sending respond request, can also carry itself IP address and server-side IP Address.
In the present invention, identification module can also record the time that user uses client, by recording user's body Part, the IP address using client and the time using client, user can be recorded using the case where client, just The behaviour in service of client is traced in the later stage.
The present invention can be used in conjunction with operation system, the network admittance system of user.Exempt user and logs in more set applications system System.User information update is timely, experiences.The cost of user's study can be reduced.
It is described according to the certification request and/or the respond request in a specific embodiment provided by the invention, Identify user identity, including:The certification request and/or the respond request are pre-processed, obtaining has user identity Identification information;According to the identification information, it is based on pre-stored identity map relation table, identifies user identity.
Wherein, identity map relation table refers to the identification information and the corresponding mapping table of user identity of user identity.
Identification module is when identifying user identity, firstly, it is necessary to be located in advance to certification request and/or respond request Reason obtains the identification information with user identity;Further according to identification information and pre-stored identification information and user identity pair The identity map relation table answered identifies user identity.
Carrying out preprocessing process to certification request and/or respond request includes:Certification request and/or respond request are carried out Then parsing carries out screening and filtering to the data after parsing, obtains the identification information with user identity.
Wherein, the identification information may include:Account information, domain information etc..Account information may include:OA accounts Information, Email account informations etc. have the account information of identification information.Domain information may include:Enterprise's domain information, the domains AD Information etc..
In a specific embodiment provided by the invention, identification module is additionally operable to judge the knot of the respond request Whether fruit is that certification passes through, if passing through, user identity is identified according to the certification request;If not over nonrecognition is used Family identity.
By identify certification by user identity, can effectively record certification by user identity, if it is public affairs Employee is taken charge of, then can judge which employee is being handled official business using which platform client.
The present invention is by identifying user identity, additionally it is possible to the control for using user network legal power is realized according to user identity System.When identification module identifies user identity, can be closed according to pre-stored identity information and authority information mapping It is table, user's access authority is controlled.If judge user without some access authority, user can be intercepted and accessed accordingly The data packet of webpage forbids user to access the webpage.
Example:Server-side is AD servers, and client is the computer terminal that intra-company uses.The course of work of the present invention It is as follows:The first step:Computer terminal booting access network;Second step:User inputs account, password login business system;Third walks: Computer terminal sends KRB5 certification requests by interchanger to AD servers;4th step:AD servers are by interchanger to computer Terminal responds KRB5 requests, and returns to proof of identity success or failure;5th step:Identification module passes through interchanger mirror image It is authentication data packet to listen to the response of AD servers;6th step:The data packet that identification module parsing returns, the domains AD can return KRB5AS-REP messages can parse cNameString in messages, with being resolved to the IP that current device uses simultaneously Location;7th step:User identity, IP address and on-line time are recorded in database with use for future reference.
More than, for a kind of system identifying user identity in network provided by the invention.
In the specification of the present invention, numerous specific details are set forth.It is to be appreciated, however, that the embodiment of the present invention can be with It puts into practice without these specific details.In some instances, well known method, structure and skill is not been shown in detail Art, so as not to obscure the understanding of this description.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office It can be combined in any suitable manner in one or more embodiments or example.In addition, without conflicting with each other, the skill of this field Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples It closes and combines.
Finally it should be noted that:The above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Present invention has been described in detail with reference to the aforementioned embodiments for pipe, it will be understood by those of ordinary skill in the art that:Its according to So can with technical scheme described in the above embodiments is modified, either to which part or all technical features into Row equivalent replacement;And these modifications or replacements, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme should all cover in the claim of the present invention and the range of specification.

Claims (5)

1. the system of user identity in a kind of identification network, which is characterized in that including:Client, server-side, interchanger and identity Identification module;
The client is used to send certification request to the server-side by the interchanger;
The interchanger is used to the certification request being mirrored to the identification module;
Respond request is sent to by the server-side for being responded to the certification request by the interchanger The client;
The interchanger is used to the respond request being mirrored to the identification module;
The identification module is used to, according to the certification request and/or the respond request, identify user identity.
2. system according to claim 1, which is characterized in that the identification module is additionally operable to be asked according to the certification It asks and/or the respond request, identifies the IP address of the client.
3. system according to claim 1, which is characterized in that described to be asked according to the certification request and/or the response It asks, identifies user identity, including:
The certification request and/or the respond request are pre-processed, the identification information with user identity is obtained;
According to the identification information, it is based on pre-stored identity map relation table, identifies user identity.
4. system according to claim 3, which is characterized in that the identification information, including:Account information and/or domain letter Breath.
5. system according to claim 2, which is characterized in that the identification module is additionally operable to record user's body Part, the IP address of the client and user use the time of the client.
CN201810356219.3A 2018-04-19 2018-04-19 The system of user identity in a kind of identification network Pending CN108712387A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810356219.3A CN108712387A (en) 2018-04-19 2018-04-19 The system of user identity in a kind of identification network
PCT/CN2019/080497 WO2019201080A1 (en) 2018-04-19 2019-03-29 System for identifying identity of user in network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810356219.3A CN108712387A (en) 2018-04-19 2018-04-19 The system of user identity in a kind of identification network

Publications (1)

Publication Number Publication Date
CN108712387A true CN108712387A (en) 2018-10-26

Family

ID=63867310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810356219.3A Pending CN108712387A (en) 2018-04-19 2018-04-19 The system of user identity in a kind of identification network

Country Status (2)

Country Link
CN (1) CN108712387A (en)
WO (1) WO2019201080A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019201080A1 (en) * 2018-04-19 2019-10-24 深圳市联软科技股份有限公司 System for identifying identity of user in network

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101877671A (en) * 2009-12-02 2010-11-03 北京星网锐捷网络技术有限公司 Sending method of mirror image message, switch chip and Ethernet router
CN102377585A (en) * 2010-08-10 2012-03-14 深圳市傲天通信有限公司 System and method for preventing teenagers from addicting to network
CN105024980A (en) * 2014-04-29 2015-11-04 孙银海 On-line near-field payment system and method based on cell phone number
CN107222330A (en) * 2017-04-26 2017-09-29 浙江远望信息股份有限公司 A kind of intelligent identifying system request and the method for response sensitive content

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101651696B (en) * 2009-09-17 2012-09-19 杭州华三通信技术有限公司 Method and device for preventing neighbor discovery (ND) attack
CN101764742B (en) * 2009-12-30 2015-09-23 福建星网锐捷网络有限公司 A kind of network resource visit control system and method
CN101924636A (en) * 2010-08-16 2010-12-22 北京星网锐捷网络技术有限公司 Relevant authentication information issuing method, device and network equipment
CN102882994B (en) * 2012-11-02 2015-05-06 华为技术有限公司 IP address assignment method and device and IP address acquisition method and device
CN103929376B (en) * 2014-04-30 2017-06-20 尹志超 A kind of terminal admittance control method based on switch ports themselves management
CN108712387A (en) * 2018-04-19 2018-10-26 深圳市联软科技股份有限公司 The system of user identity in a kind of identification network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101877671A (en) * 2009-12-02 2010-11-03 北京星网锐捷网络技术有限公司 Sending method of mirror image message, switch chip and Ethernet router
CN102377585A (en) * 2010-08-10 2012-03-14 深圳市傲天通信有限公司 System and method for preventing teenagers from addicting to network
CN105024980A (en) * 2014-04-29 2015-11-04 孙银海 On-line near-field payment system and method based on cell phone number
CN107222330A (en) * 2017-04-26 2017-09-29 浙江远望信息股份有限公司 A kind of intelligent identifying system request and the method for response sensitive content

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019201080A1 (en) * 2018-04-19 2019-10-24 深圳市联软科技股份有限公司 System for identifying identity of user in network

Also Published As

Publication number Publication date
WO2019201080A1 (en) 2019-10-24

Similar Documents

Publication Publication Date Title
CN103249045B (en) A kind of methods, devices and systems of identification
Allodi et al. The need for new antiphishing measures against spear-phishing attacks
CN101005503B (en) Method and data processing system for intercepting communication between a client and a service
CN105187365B (en) The access control method and device of based role and data item
US20150278824A1 (en) Verification System
CN106713347B (en) A kind of electric power mobile application unauthorized access leak detection method
US20140304183A1 (en) Verification System
US20140173706A1 (en) Apparatus and data processing systems for accessing an object
CN107026825A (en) A kind of method and system for accessing big data system
CN107277812A (en) A kind of wireless network authentication method and system based on Quick Response Code
CN107770192A (en) Identity authentication method and computer-readable recording medium in multisystem
CN107454064A (en) A kind of visitor's authentication method and system based on public number
CN107786551A (en) Access the method for intranet server and control accesses the device of intranet server
CN108696540A (en) A kind of authorizing secure system and its authorization method
CN111797418A (en) Control method and device of online service, service terminal, server and storage medium
CN110875922A (en) One-stop office management system
CN109495480A (en) Right management method, device and server
CN114024734B (en) Intelligent network security detection and analysis system based on UEBA
CN105162763A (en) Method and device for processing communication data
Hu et al. Implementation of social engineering attack at institution of higher education
CN108712387A (en) The system of user identity in a kind of identification network
CN105827597A (en) Method for managing internet account number and password
CN102255881A (en) Access right control method and device
CN106295423A (en) A kind of method for exhibiting data and client
CN112398724A (en) E-mail sending method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181026