CN108712387A - The system of user identity in a kind of identification network - Google Patents
The system of user identity in a kind of identification network Download PDFInfo
- Publication number
- CN108712387A CN108712387A CN201810356219.3A CN201810356219A CN108712387A CN 108712387 A CN108712387 A CN 108712387A CN 201810356219 A CN201810356219 A CN 201810356219A CN 108712387 A CN108712387 A CN 108712387A
- Authority
- CN
- China
- Prior art keywords
- client
- user identity
- interchanger
- request
- identification module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The present invention provides a kind of systems of user identity in identification network, including:Client, server-side, interchanger and identification module;The client is used to send certification request to the server-side by the interchanger;The interchanger is used to the certification request being mirrored to the identification module;Respond request is sent to the client by the server-side for being responded to the certification request by the interchanger;The interchanger is used to the respond request being mirrored to the identification module;The identification module is used to, according to the certification request and/or the respond request, identify user identity.It, can be in the case where carrying out any intervention to client by the way that identification module is arranged at interchanger, identification uses the user identity of client.The system cost is relatively low, and does not need user's cooperation, can improve user experience.
Description
Technical field
The present invention relates to technical field of network security, and in particular to a kind of system identifying user identity in network.
Background technology
In existing enterprise's network, there are a large amount of computer equipment access networks.IP address often changes, and it is difficult to know to lead to enterprise
Road is in some time, the equipment using this IP and user.In order to solve the problems, such as this one kind, it is often necessary to dispose a set of special
Identity authorization system.Dispose identity authorization system, it is also desirable to employee composition certification.
Identity identifying method in the prior art needs employee composition, and cost is higher, operation it is cumbersome, user experience compared with
Difference.
Invention content
For the defects in the prior art, the present invention provides a kind of system identifying user identity in network, can be not
In the case of carrying out any intervention to client, identification uses the user identity of client.
The present invention provides a kind of systems of user identity in identification network, including:Client, server-side, interchanger and
Identification module;
The client is used to send certification request to the server-side by the interchanger;
The interchanger is used to the certification request being mirrored to the identification module;
The server-side is sent out respond request by the interchanger for being responded to the certification request
It send to the client;
The interchanger is used to the respond request being mirrored to the identification module;
The identification module is used to, according to the certification request and/or the respond request, identify user identity.
Optionally, the identification module is additionally operable to, according to the certification request and/or the respond request, identify institute
State the IP address of client.
Optionally, described according to the certification request and/or the respond request, identify user identity, including:
The certification request and/or the respond request are pre-processed, the identification information with user identity is obtained;
According to the identification information, it is based on pre-stored identity map relation table, identifies user identity.
Optionally, the identification information, including:Account information and/or domain information.
Optionally, the identification module be additionally operable to record the user identity, the client IP address and use
Family uses the time of the client.
The present invention, can be in the feelings for not carrying out any intervention to client by the way that identification module is arranged at interchanger
Under condition, identification uses the user identity of client.The system cost is relatively low, and does not need user's cooperation, can improve user's body
It tests.Also, by the way that user identity is identified, it can realize the control for using user client jurisdiction, use can be reduced
Family carries out the number of authentication, and user can be avoided, which to frequently enter proof-of-identity, leads to information leakage.
Description of the drawings
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art are briefly described.In all the appended drawings, similar element
Or part is generally identified by similar reference numeral.In attached drawing, each element or part might not be drawn according to actual ratio.
Fig. 1 is the schematic diagram of the system of user identity in a kind of identification network provided by the invention.
Specific implementation mode
The embodiment of technical solution of the present invention is described in detail below in conjunction with attached drawing.Following embodiment is only used for
Clearly illustrate technical scheme of the present invention, therefore be intended only as example, and the protection of the present invention cannot be limited with this
Range.
It should be noted that unless otherwise indicated, technical term or scientific terminology used in this application should be this hair
The ordinary meaning that bright one of ordinary skill in the art are understood.
The present invention provides a kind of systems of user identity in identification network.Below in conjunction with the accompanying drawings to the embodiment of the present invention
It illustrates.
Referring to FIG. 1, Fig. 1 is that the system of user identity is shown in a kind of identification network for providing of the specific embodiment of the invention
It is intended to, a kind of system identifying user identity in network provided in this embodiment, which is characterized in that including:Client, service
End, interchanger and identification module;The client is used to send certification request to the server-side by the interchanger;
The interchanger is used to the certification request being mirrored to the identification module;The server-side is for recognizing described
Card request is responded, and respond request is sent to the client by the interchanger;The interchanger is used for institute
It states respond request and is mirrored to the identification module;The identification module is used for according to the certification request and/or institute
Respond request is stated, identifies user identity.
The present invention is suitable for business system, can be not to client by the way that identification module is arranged at interchanger
In the case of carrying out any intervention, identification uses the user identity of client.The system cost is relatively low, and does not need user and match
It closes, user experience can be improved.Also, by the way that user identity is identified, it can realize and client jurisdiction is used to user
Control, can reduce user carry out authentication number, user can be avoided, which to frequently enter proof-of-identity, causes information to be let out
Dew.
In a specific embodiment provided by the invention, the identification module is additionally operable to according to the certification request
And/or the respond request, identify the IP address of the client.
Wherein, identification module can not only identify the user identity using client, but also can identify client
The IP address at end.Identification module can also record the IP address and user identity of the client, record the currently used visitor
The user identity at family end, as putting on record.
Identification module, can also be according in certification request and/or respond request when identifying the IP address of client
Sender and recipient address identify that client can carry the IP address of itself when sending certification request to server-side
And the IP address of server-side, server-side when sending respond request, can also carry itself IP address and server-side IP
Address.
In the present invention, identification module can also record the time that user uses client, by recording user's body
Part, the IP address using client and the time using client, user can be recorded using the case where client, just
The behaviour in service of client is traced in the later stage.
The present invention can be used in conjunction with operation system, the network admittance system of user.Exempt user and logs in more set applications system
System.User information update is timely, experiences.The cost of user's study can be reduced.
It is described according to the certification request and/or the respond request in a specific embodiment provided by the invention,
Identify user identity, including:The certification request and/or the respond request are pre-processed, obtaining has user identity
Identification information;According to the identification information, it is based on pre-stored identity map relation table, identifies user identity.
Wherein, identity map relation table refers to the identification information and the corresponding mapping table of user identity of user identity.
Identification module is when identifying user identity, firstly, it is necessary to be located in advance to certification request and/or respond request
Reason obtains the identification information with user identity;Further according to identification information and pre-stored identification information and user identity pair
The identity map relation table answered identifies user identity.
Carrying out preprocessing process to certification request and/or respond request includes:Certification request and/or respond request are carried out
Then parsing carries out screening and filtering to the data after parsing, obtains the identification information with user identity.
Wherein, the identification information may include:Account information, domain information etc..Account information may include:OA accounts
Information, Email account informations etc. have the account information of identification information.Domain information may include:Enterprise's domain information, the domains AD
Information etc..
In a specific embodiment provided by the invention, identification module is additionally operable to judge the knot of the respond request
Whether fruit is that certification passes through, if passing through, user identity is identified according to the certification request;If not over nonrecognition is used
Family identity.
By identify certification by user identity, can effectively record certification by user identity, if it is public affairs
Employee is taken charge of, then can judge which employee is being handled official business using which platform client.
The present invention is by identifying user identity, additionally it is possible to the control for using user network legal power is realized according to user identity
System.When identification module identifies user identity, can be closed according to pre-stored identity information and authority information mapping
It is table, user's access authority is controlled.If judge user without some access authority, user can be intercepted and accessed accordingly
The data packet of webpage forbids user to access the webpage.
Example:Server-side is AD servers, and client is the computer terminal that intra-company uses.The course of work of the present invention
It is as follows:The first step:Computer terminal booting access network;Second step:User inputs account, password login business system;Third walks:
Computer terminal sends KRB5 certification requests by interchanger to AD servers;4th step:AD servers are by interchanger to computer
Terminal responds KRB5 requests, and returns to proof of identity success or failure;5th step:Identification module passes through interchanger mirror image
It is authentication data packet to listen to the response of AD servers;6th step:The data packet that identification module parsing returns, the domains AD can return
KRB5AS-REP messages can parse cNameString in messages, with being resolved to the IP that current device uses simultaneously
Location;7th step:User identity, IP address and on-line time are recorded in database with use for future reference.
More than, for a kind of system identifying user identity in network provided by the invention.
In the specification of the present invention, numerous specific details are set forth.It is to be appreciated, however, that the embodiment of the present invention can be with
It puts into practice without these specific details.In some instances, well known method, structure and skill is not been shown in detail
Art, so as not to obscure the understanding of this description.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiments or example.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
Finally it should be noted that:The above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Present invention has been described in detail with reference to the aforementioned embodiments for pipe, it will be understood by those of ordinary skill in the art that:Its according to
So can with technical scheme described in the above embodiments is modified, either to which part or all technical features into
Row equivalent replacement;And these modifications or replacements, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme should all cover in the claim of the present invention and the range of specification.
Claims (5)
1. the system of user identity in a kind of identification network, which is characterized in that including:Client, server-side, interchanger and identity
Identification module;
The client is used to send certification request to the server-side by the interchanger;
The interchanger is used to the certification request being mirrored to the identification module;
Respond request is sent to by the server-side for being responded to the certification request by the interchanger
The client;
The interchanger is used to the respond request being mirrored to the identification module;
The identification module is used to, according to the certification request and/or the respond request, identify user identity.
2. system according to claim 1, which is characterized in that the identification module is additionally operable to be asked according to the certification
It asks and/or the respond request, identifies the IP address of the client.
3. system according to claim 1, which is characterized in that described to be asked according to the certification request and/or the response
It asks, identifies user identity, including:
The certification request and/or the respond request are pre-processed, the identification information with user identity is obtained;
According to the identification information, it is based on pre-stored identity map relation table, identifies user identity.
4. system according to claim 3, which is characterized in that the identification information, including:Account information and/or domain letter
Breath.
5. system according to claim 2, which is characterized in that the identification module is additionally operable to record user's body
Part, the IP address of the client and user use the time of the client.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810356219.3A CN108712387A (en) | 2018-04-19 | 2018-04-19 | The system of user identity in a kind of identification network |
PCT/CN2019/080497 WO2019201080A1 (en) | 2018-04-19 | 2019-03-29 | System for identifying identity of user in network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810356219.3A CN108712387A (en) | 2018-04-19 | 2018-04-19 | The system of user identity in a kind of identification network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108712387A true CN108712387A (en) | 2018-10-26 |
Family
ID=63867310
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810356219.3A Pending CN108712387A (en) | 2018-04-19 | 2018-04-19 | The system of user identity in a kind of identification network |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108712387A (en) |
WO (1) | WO2019201080A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019201080A1 (en) * | 2018-04-19 | 2019-10-24 | 深圳市联软科技股份有限公司 | System for identifying identity of user in network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101877671A (en) * | 2009-12-02 | 2010-11-03 | 北京星网锐捷网络技术有限公司 | Sending method of mirror image message, switch chip and Ethernet router |
CN102377585A (en) * | 2010-08-10 | 2012-03-14 | 深圳市傲天通信有限公司 | System and method for preventing teenagers from addicting to network |
CN105024980A (en) * | 2014-04-29 | 2015-11-04 | 孙银海 | On-line near-field payment system and method based on cell phone number |
CN107222330A (en) * | 2017-04-26 | 2017-09-29 | 浙江远望信息股份有限公司 | A kind of intelligent identifying system request and the method for response sensitive content |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651696B (en) * | 2009-09-17 | 2012-09-19 | 杭州华三通信技术有限公司 | Method and device for preventing neighbor discovery (ND) attack |
CN101764742B (en) * | 2009-12-30 | 2015-09-23 | 福建星网锐捷网络有限公司 | A kind of network resource visit control system and method |
CN101924636A (en) * | 2010-08-16 | 2010-12-22 | 北京星网锐捷网络技术有限公司 | Relevant authentication information issuing method, device and network equipment |
CN102882994B (en) * | 2012-11-02 | 2015-05-06 | 华为技术有限公司 | IP address assignment method and device and IP address acquisition method and device |
CN103929376B (en) * | 2014-04-30 | 2017-06-20 | 尹志超 | A kind of terminal admittance control method based on switch ports themselves management |
CN108712387A (en) * | 2018-04-19 | 2018-10-26 | 深圳市联软科技股份有限公司 | The system of user identity in a kind of identification network |
-
2018
- 2018-04-19 CN CN201810356219.3A patent/CN108712387A/en active Pending
-
2019
- 2019-03-29 WO PCT/CN2019/080497 patent/WO2019201080A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101877671A (en) * | 2009-12-02 | 2010-11-03 | 北京星网锐捷网络技术有限公司 | Sending method of mirror image message, switch chip and Ethernet router |
CN102377585A (en) * | 2010-08-10 | 2012-03-14 | 深圳市傲天通信有限公司 | System and method for preventing teenagers from addicting to network |
CN105024980A (en) * | 2014-04-29 | 2015-11-04 | 孙银海 | On-line near-field payment system and method based on cell phone number |
CN107222330A (en) * | 2017-04-26 | 2017-09-29 | 浙江远望信息股份有限公司 | A kind of intelligent identifying system request and the method for response sensitive content |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019201080A1 (en) * | 2018-04-19 | 2019-10-24 | 深圳市联软科技股份有限公司 | System for identifying identity of user in network |
Also Published As
Publication number | Publication date |
---|---|
WO2019201080A1 (en) | 2019-10-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103249045B (en) | A kind of methods, devices and systems of identification | |
Allodi et al. | The need for new antiphishing measures against spear-phishing attacks | |
CN101005503B (en) | Method and data processing system for intercepting communication between a client and a service | |
CN105187365B (en) | The access control method and device of based role and data item | |
US20150278824A1 (en) | Verification System | |
CN106713347B (en) | A kind of electric power mobile application unauthorized access leak detection method | |
US20140304183A1 (en) | Verification System | |
US20140173706A1 (en) | Apparatus and data processing systems for accessing an object | |
CN107026825A (en) | A kind of method and system for accessing big data system | |
CN107277812A (en) | A kind of wireless network authentication method and system based on Quick Response Code | |
CN107770192A (en) | Identity authentication method and computer-readable recording medium in multisystem | |
CN107454064A (en) | A kind of visitor's authentication method and system based on public number | |
CN107786551A (en) | Access the method for intranet server and control accesses the device of intranet server | |
CN108696540A (en) | A kind of authorizing secure system and its authorization method | |
CN111797418A (en) | Control method and device of online service, service terminal, server and storage medium | |
CN110875922A (en) | One-stop office management system | |
CN109495480A (en) | Right management method, device and server | |
CN114024734B (en) | Intelligent network security detection and analysis system based on UEBA | |
CN105162763A (en) | Method and device for processing communication data | |
Hu et al. | Implementation of social engineering attack at institution of higher education | |
CN108712387A (en) | The system of user identity in a kind of identification network | |
CN105827597A (en) | Method for managing internet account number and password | |
CN102255881A (en) | Access right control method and device | |
CN106295423A (en) | A kind of method for exhibiting data and client | |
CN112398724A (en) | E-mail sending method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181026 |