CN109995738A - A kind of access control method, gateway and cloud server - Google Patents
A kind of access control method, gateway and cloud server Download PDFInfo
- Publication number
- CN109995738A CN109995738A CN201810000826.6A CN201810000826A CN109995738A CN 109995738 A CN109995738 A CN 109995738A CN 201810000826 A CN201810000826 A CN 201810000826A CN 109995738 A CN109995738 A CN 109995738A
- Authority
- CN
- China
- Prior art keywords
- access control
- access
- control policy
- network
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The present invention provides a kind of access control method, gateway and cloud server, is related to field of communication technology.This method comprises: receiving network access request;According to the access control policy of the access control policy and cloud server that are locally stored, it is determined whether can allow for the network access request.The solution of the present invention is promoted the processing capacity of local IP access control using the abundant strategy of cloud storage, improves the validity of access control by cloud and local linkage.
Description
Technical field
The present invention relates to field of communication technology, a kind of access control method, gateway and cloud server are particularly related to.
Background technique
Access control is the one kind for limiting user and using certain controls the access of unauthorized resource or limitation user
Technology.Access control controls access of the user to Internet resources such as server, catalogue, files commonly used in system manager, can
It is realized by access control unit system.
Access control method common at present is to realize user access control based on local IP access control unit.It is local
Access control unit realizes user access control by configuration access control strategy in a device.Positioned at access net and equipment it
Between home gateway be provided with local IP access control unit, by default, without access control in local IP access control unit
Strategy, equipment may have access to all legal data packets received.It is that local IP access control unit interface is matched in system manager
In the case where having set access control policy, local IP access control unit will flow through each data of equipment according to the monitoring of tactful list item
Packet.After data packet reaches configured interface, access control unit can take out in the packet header of this data packet perhaps data content
It is analyzed, and search strategy table, has checked whether matched strategy.If there is and have a plurality of strategy matching, then execute matching
First strategy defined in movement;If all mismatched with all strategies, abandoned.
But the entry number of the configurable list item of local IP access control unit is calculated by local storage unit and CPU etc.
The limitation of unit capability, in the case where the limitation of given cost, access control unit is difficult to realize sophisticated strategies.
Summary of the invention
The object of the present invention is to provide a kind of access control method, gateway and cloud servers, pass through cloud and local
Linkage is promoted the processing capacity of local IP access control using the abundant strategy of cloud storage, improves the validity of access control.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of access control method, is applied to gateway, comprising:
Receive network access request;
According to the access control policy of the access control policy and cloud server that are locally stored, it is determined whether can allow for
The network access request.
Wherein, the access control policy of the basis is locally stored access control policy and cloud server, determination are
No the step of can allow for the network access request, comprising:
According to the characteristic information in the network access request received, in local policy library inquiry with the presence or absence of with it is described
Corresponding first access control policy of characteristic information;
If it does not exist, then the characteristic information is sent to cloud server;
Receive the second access control policy that the cloud server is fed back according to the characteristic information;
According to second access control policy, the access of this network is controlled.
Wherein, the step for receiving the second access control policy that the cloud server is fed back according to the characteristic information
After rapid, further includes:
Second access control policy is stored in local policy library.
Wherein, described according to second access control policy, the step of control the access of this network, comprising:
If second access control policy allows this network to access, user equipment access target network is controlled;
If second access control policy forbids this network to access, the access of this network is intercepted, and send refusal
Access information is to user equipment.
Wherein, the method also includes:
Based on the tactful reset information that predetermined period or the cloud server received are sent, to being stored in local
Access control policy in policy library is purged.
In order to achieve the above objectives, the embodiment of the present invention also provides a kind of access control method, is applied to cloud server,
Include:
Receive the characteristic information that gateway is sent;
According to the characteristic information, access control policy corresponding with the characteristic information is inquired;
The access control policy inquired is fed back into gateway.
Lately, the method also includes:
According to the new access control policy ordering information received, sending strategy reset information to the gateway.
In order to achieve the above objectives, the embodiment of the present invention also provides a kind of gateway, including processor and transceiver, wherein
The transceiver is for receiving network access request;
The processor is used for the access control policy according to the access control policy and cloud server being locally stored, really
It is fixed whether to can allow for the network access request.
Wherein, the processor is also used to: according to the characteristic information in the network access request received, in local policy
Inquiry whether there is the first access control policy corresponding with the characteristic information in library;
The transceiver is also used to: if it does not exist, then sending the characteristic information to cloud server;Receive the cloud
The second access control policy that server is fed back according to the characteristic information;
The processor is also used to: according to second access control policy, being controlled the access of this network.
Wherein, the processor is also used to: second access control policy is stored in local policy library.
Wherein, the processor is also used to: if second access control policy allows this network to access, controlling use
Family equipment accesses target network;If second access control policy forbids this network to access, the access of this network is intercepted,
And denied access information is sent to user equipment.
Wherein, the processor is also used to: the plan sent based on predetermined period or the cloud server received
Slightly reset information, is purged the access control policy being stored in local policy library.
In order to achieve the above objectives, the embodiment of the present invention also provides a kind of cloud server, including processor and transceiver,
Wherein,
The transceiver is used to receive the characteristic information of gateway transmission;
The processor is used to inquire access control policy corresponding with the characteristic information according to the characteristic information;
The access control policy that the transceiver is also used to inquire feeds back to gateway.
Wherein, the transceiver is also used to:
According to the new access control policy ordering information received, sending strategy reset information to the gateway.
In order to achieve the above objectives, the embodiment of the present invention also provides a kind of gateway, including transceiver, memory, processor
And it is stored in the computer program that can be run on the memory and on the processor;The processor executes the calculating
The access control method for being as above applied to gateway is realized when machine program.
In order to achieve the above objectives, the embodiment of the present invention also provides a kind of cloud server, including transceiver, memory,
Processor and it is stored in the computer program that can be run on the memory and on the processor;The processor executes institute
The access control method for being as above applied to cloud server is realized when stating computer program.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with meter
Calculation machine program is realized as above when the computer program is executed by processor applied to the step in the access control method of gateway
Suddenly.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with meter
Calculation machine program is realized as above when the computer program is executed by processor applied in the access control method of cloud server
The step of.
The advantageous effects of the above technical solutions of the present invention are as follows:
The access control method of the embodiment of the present invention is deposited after receiving the network access request of user in conjunction with local
The access control policy of storage and the access control policy of cloud server determine whether that network access can allow for ask jointly
It asks, thus, by cloud and local linkage, the processing capacity of local IP access control is promoted using the abundant strategy of cloud storage,
The validity for improving access control realizes access control policy in the access control policy and cloud server being locally stored
Overall applicability.
Detailed description of the invention
Fig. 1 is one of the flow chart of access control method applied to gateway of the embodiment of the present invention;
Fig. 2 is the two of the flow chart of the access control method applied to gateway of the embodiment of the present invention;
Fig. 3 is the application schematic diagram of the access control method of the embodiment of the present invention;
Fig. 4 is the flow chart of the access control method applied to cloud server of the embodiment of the present invention;
Fig. 5 is the structure chart of the gateway of the embodiment of the present invention;
Fig. 6 is the structure chart of the cloud server of the embodiment of the present invention;
Fig. 7 is the structure chart of the gateway of another embodiment of the present invention;
Fig. 8 is the structure chart of the cloud server of another embodiment of the present invention.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
The present invention is directed to limit of the existing access control method by the computing units ability such as local storage unit and CPU
System, in the case where the limitation of given cost, it is steamed bun that access control unit, which is difficult to realize sophisticated strategies, provides a kind of access
Control method promotes the processing energy of local IP access control using the abundant strategy of cloud storage by cloud and local linkage
Power improves the validity of access control.
As shown in Figure 1, a kind of access control method of the embodiment of the present invention, is applied to gateway, comprising:
Step 101, network access request is received;
Step 202, according to the access control policy of the access control policy and cloud server that are locally stored, it is determined whether
It can allow for the network access request.
The access control method of the embodiment of the present invention, through the above steps 101 and step 102, it will receive user's
After network access request, determined jointly in conjunction with the access control policy of the access control policy and cloud server that are locally stored
Whether the network access request can allow for, thus, by cloud and local linkage, promoted using the abundant strategy of cloud storage
The processing capacity of local IP access control, improves the validity of access control, realizes the access control policy and cloud being locally stored
Hold the overall applicability of access control policy in server.
Wherein, as shown in Fig. 2, step 102 includes:
Step 201, it according to the characteristic information in the network access request received, inquires and whether deposits in local policy library
In the first access control policy corresponding with the characteristic information;
Step 202, if it does not exist, then the characteristic information is sent to cloud server;
Step 203, the second access control policy that the cloud server is fed back according to the characteristic information is received;
Step 204, according to second access control policy, the access of this network is controlled.
Here, it by according to the network access request received, is looked into first by the characteristic information in the network access request
Asking in local policy library whether there is in corresponding first access control policy of this feature information, later in local policy library not
There are this feature information after first access control policy, is then sent to cloud server, the inquiry of cloud strategy is initiated, then
The second access control policy that cloud server is fed back according to this feature information is received, finally according to the second access control plan
Slightly, the access of this network is controlled, realizes local effective linkage with cloud.Preferably, this feature information is sent to cloud
When holding server, it can be encapsulated as strategy request signaling.
It should be appreciated that in embodiments of the present invention, this feature information is visit corresponding in inquiry network access request
It asks identification information when control strategy, can specifically include URL or web page IP address, also may include user identifier.Cloud
The strategy stored in policy library in server is user's Ordering, can be associated record based on user identifier.
For example, characteristic information entrained in this network access request of user equipment A is that webpage is downloaded in a game
IP address then can by the IP when not finding corresponding access control policy in local policy library according to the IP address
Location is sent to cloud server, searches in the access control policy that user equipment A is ordered in server beyond the clouds.Assuming that user orders
Children's access control policy is purchased, which is the access for not allowing game downloading webpage, cloud server
Children's access control policy can be fed back to gateway, gateway does not allow this according to children's access control policy decision
Access.
Further specifically, step 204 includes;
If second access control policy allows this network to access, controls user equipment and access the target network
Network;
If second access control policy forbids this network to access, the access of this network is intercepted, and send refusal
Access information is to user equipment.
In this way, gateway is receiving the second access control policy, can be carried out by the content of second access control policy pair
It should control, if second access control policy allows this network to access, control user equipment access target network, i.e. feature
Information meaning network;If second access control policy forbids this network to access, the access of this network is intercepted, and send and refuse
Exhausted access information has been intercepted to user equipment so that user understands this access.
It certainly, can be straight if inquiring the corresponding access control policy of characteristic information such as microblogging in local policy library
It connects and is decided whether to allow this access by the access control policy.
In addition, on the basis of the above embodiments, after step 203, further includes:
Second access control policy is stored in local policy library.
Here, it is stored in local policy library by the second access control policy that will be received, it can be to local policy
Library dynamic updates, to be directly based upon local access control when user initiates to meet the network access request of cache policy
Strategy processed is judged.
However, it is contemplated that the timeliness of access control policy, it is preferred that in the embodiment of the present invention, the method also includes:
Based on the tactful reset information that predetermined period or the cloud server received are sent, to being stored in local
Access control policy in policy library is purged.
In this way, gateway can be by the predetermined period in customized local policy library, such as 30min, every 30min then to this
Access control policy in ground policy library is purged;Or it is reset receiving the strategy that cloud server directly issues
After information, the access control policy in local policy library is purged.Guarantee institute's storage strategy in local policy library to realize
Timeliness purpose.When access control policy in local policy library without storage, if gateway receives network access request,
Then the characteristic information in the network access request directly can be packaged into strategy request signaling, be sent to cloud server.
Wherein, since the strategy stored in policy library in cloud server is user's Ordering, tactful reset information is
Cloud server is sent to gateway according to the new access control policy ordering information received, to inform that gateway customer is ordered
New access control policy so that gateway removes the data in its local policy library, reach avoid in local policy library before
Conflict, guarantee strategy timeliness purpose.
So as shown in figure 3, the network access that the local IP access control unit of gateway can receive user equipment transmission is asked
It asks, being inquired in local policy library by local policy control unit based on the characteristic information in the network access request whether there is
In the corresponding access control policy of this feature information.Corresponding access control policy is not present in local policy library later, then sends out
Send this feature information to cloud server, Xiang Yunduan request strategy.Cloud server is according to visit needed for this feature information feedback
Ask control strategy.The access control of local policy control unit is arrived according to local policy library inquiry or cloud server feedback
Strategy, informing give local IP access control unit, and local IP access control unit is based on the access control policy and accesses this network
It is controlled.
In conclusion the access control method of the embodiment of the present invention is tied after receiving the network access request of user
The access control policy for closing the access control policy and cloud server that are locally stored determines whether to can allow for the net jointly
Network access request, thus, by cloud and local linkage, the place of local IP access control is promoted using the abundant strategy of cloud storage
Reason ability improves the validity of access control, realizes and accesses control in the access control policy and cloud server being locally stored
Make the overall applicability of strategy.
The embodiment of the invention also provides a kind of access control methods, as shown in Figure 4, comprising:
Step 401, the characteristic information that gateway is sent is received;Wherein the characteristic information is used to indicate the access of this network
Target network;
Step 402, according to the characteristic information, access control policy corresponding with the characteristic information is inquired;
Step 403, the access control policy inquired is fed back into gateway.
Through above-mentioned steps 401- step 403, the access control method of gateway, cloud service are applied in conjunction with a upper embodiment
Device will receive this feature letter in gateway not in local policy library lookup to corresponding access control policy, Xiang Yunduan request strategy
Breath inquires access control policy corresponding with this feature information, the access control that then will be inquired later according to this feature information
Policy feedback processed is to gateway.In this way, gateway will be cooperated to realize cloud and local linkage, mentioned using the abundant strategy that cloud stores
The processing capacity for rising local IP access control, improves the validity of access control.
Wherein, characteristic information is the identification information in the corresponding access control policy of inquiry network access request, specifically
It may include URL or web page IP address, also may include user identifier.The strategy stored in policy library in cloud server is
User's Ordering can be associated record based on user identifier.
Wherein, it since the strategy stored in policy library in cloud server is user's Ordering, is ordered in user
After new access control policy, the method also includes:
According to the new access control policy ordering information received, sending strategy reset information to the gateway.
In this way, by the new access control policy ordering information received, sending strategy reset information to gateway makes gateway
The data in its local policy library can be removed after ordering new access control policy, reach and avoid and local policy before
Conflict in library guarantees the purpose of the timeliness of strategy.
To sum up, the access control method of the embodiment of the present invention will not accessed in local policy library lookup to corresponding in gateway
Control strategy when Xiang Yunduan request strategy, receives this feature information, later according to this feature information, inquiry and this feature information
Then the access control policy inquired is fed back to gateway by corresponding access control policy.In this way, cooperation gateway is realized cloud
End and local linkage, the processing capacity of local IP access control is promoted using the abundant strategy of cloud storage, improves access control
The validity of system.
It is understood that the access control method that this method and a upper embodiment are applied to gateway cooperates, cloud is realized
With local linkage, the implementation of cloud server, which is suitable for this method, in a upper embodiment can also reach identical technology
Effect.
As shown in figure 5, a kind of gateway 500 of the embodiment of the present invention, including processor 510 and transceiver 520, wherein
The transceiver is for receiving network access request;
The processor is used for the access control policy according to the access control policy and cloud server being locally stored, really
It is fixed whether to can allow for the network access request.
Wherein, the processor is also used to: according to the characteristic information in the network access request received, in local policy
Inquiry whether there is the first access control policy corresponding with the characteristic information in library;
The transceiver is also used to: if it does not exist, then sending the characteristic information to cloud server;Receive the cloud
The second access control policy that server is fed back according to the characteristic information;
The processor is also used to: according to second access control policy, being controlled the access of this network.
Wherein, the processor is also used to:
Second access control policy is stored in local policy library.
Wherein, the processor is also used to: if second access control policy allows this network to access, controlling use
Family equipment accesses target network;If second access control policy forbids this network to access, the access of this network is intercepted,
And denied access information is sent to user equipment.
Wherein, the processor is also used to:
Based on the tactful reset information that predetermined period or the cloud server received are sent, to being stored in local
Access control policy in policy library is purged.
The mobile terminal of the embodiment, by after receiving the network access request of user, in conjunction with the access being locally stored
The access control policy of control strategy and cloud server determines whether to can allow for the network access request jointly, thus,
By cloud and local linkage, the processing capacity of local IP access control is promoted using the abundant strategy of cloud storage, improves visit
The validity for asking control realizes that the entirety of access control policy in the access control policy and cloud server being locally stored is answered
With.
As shown in fig. 6, a kind of cloud server 600 of the embodiment of the present invention, including processor 610 and transceiver 620,
In,
The transceiver is used to receive the characteristic information of gateway transmission;
The processor is used to inquire access control policy corresponding with the characteristic information according to the characteristic information;
The access control policy that the transceiver is also used to inquire feeds back to gateway.
Wherein, the transceiver is also used to:
According to the new access control policy ordering information received, sending strategy reset information to the gateway.
The cloud server will be in gateway not in local policy library lookup to corresponding access control policy, to cloud request plan
When slightly, this feature information is received, later according to this feature information, inquires access control policy corresponding with this feature information, so
The access control policy inquired is fed back into gateway afterwards.In this way, gateway will be cooperated to realize cloud and local linkage, cloud is utilized
The abundant strategy of end storage promotes the processing capacity of local IP access control, improves the validity of access control.
A kind of gateway of another embodiment of the present invention, as shown in fig. 7, comprises transceiver 710, memory 720, processor
700 and it is stored in the computer program that can be run on the memory 720 and on the processor 700;The processor 700
The above-mentioned access control method applied to gateway is realized when executing the computer program.
The transceiver 710, for sending and receiving data under the control of processor 700.
Wherein, in Fig. 7, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor 700
The various circuits for the memory that the one or more processors and memory 720 of representative represent link together.Bus architecture is also
Various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like can be linked together, these are all
It is it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 710 can
To be multiple element, that is, includes transmitter and receiver, the list for communicating over a transmission medium with various other devices is provided
Member.
Processor 700, which is responsible for management bus architecture and common processing, memory 720, can store processor 700 and is holding
Used data when row operation.
The cloud server of another embodiment of the present invention, as shown in figure 8, including transceiver 810, memory 820, processor
800 and it is stored in the computer program that can be run on the memory 820 and on the processor 800;The processor 800
The above-mentioned access control method applied to cloud server is realized when executing the computer program.
The transceiver 810, for sending and receiving data under the control of processor 800.
In fig. 8, bus architecture (being represented with bus 800), bus 800 may include the bus of any number of interconnection
And bridge, the memory that bus 800 will include the one or more processors represented by processor 804 and memory 805 represents
Various circuits link together.Bus 800 can also be by each of such as peripheral equipment, voltage-stablizer and management circuit or the like
Other circuits of kind link together, and these are all it is known in the art, and therefore, it will not be further described herein.
Bus interface 803 provides interface between bus 800 and transceiver 801.Transceiver 801 can be an element, be also possible to
Multiple element, such as multiple receivers and transmitter, provide the unit for communicating over a transmission medium with various other devices.
The data handled through processor 804 are transmitted on the radio medium by antenna 802, and further, antenna 802 also receives data
And transfer data to processor 804.
Processor 804 is responsible for management bus 800 and common processing, can also provide various functions, including timing, periphery
Interface, voltage adjusting, power management and other control functions.And memory 805 can be used for storage processor 804 and hold
Used data when row operation.
Optionally, processor 804 can be CPU, ASIC, FPGA or CPLD.
A kind of computer readable storage medium of the embodiment of the present invention is stored thereon with computer program, the computer
It is realized when program is executed by processor as above applied to the step in the access control method of gateway, and identical technology can be reached
Effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, such as read-only memory (Read-
Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disk or light
Disk etc..
A kind of computer readable storage medium of the embodiment of the present invention is stored thereon with computer program, the computer
It is realized when program is executed by processor as above applied to the step in the access control method of cloud server, and can reached identical
Technical effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, such as read-only memory
(Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disk
Or CD etc..
Explanation is needed further exist for, this terminal described in this description includes but is not limited to smart phone, plate electricity
Brain etc., and described many functional components are all referred to as module, specifically to emphasize the independence of its implementation.
In the embodiment of the present invention, module can use software realization, to be executed by various types of processors.Citing comes
It says, the executable code module of a mark may include the one or more physics or logical block of computer instruction, citing
For, object, process or function can be built as.Nevertheless, the executable code of institute's mark module is without physically
It is located together, but may include the different instructions being stored in different positions, be combined together when in these command logics
When, it constitutes module and realizes the regulation purpose of the module.
In fact, executable code module can be the either many item instructions of individual instructions, and can even be distributed
It on multiple and different code segments, is distributed in distinct program, and is distributed across multiple memory devices.Similarly, it grasps
Making data can be identified in module, and can realize according to any form appropriate and be organized in any appropriate class
In the data structure of type.The operation data can be used as individual data collection and be collected, or can be distributed on different location
(including in different storage device), and at least partly can only be present in system or network as electronic signal.
When module can use software realization, it is contemplated that the level of existing hardware technique, it is possible to implemented in software
Module, without considering the cost, those skilled in the art can build corresponding hardware circuit to realize correspondence
Function, the hardware circuit includes conventional ultra-large integrated (VLSI) circuit or gate array and such as logic core
The existing semiconductor of piece, transistor etc either other discrete elements.Module can also use programmable hardware device, such as
Field programmable gate array, programmable logic array, programmable logic device etc. are realized.
Above-mentioned exemplary embodiment is described with reference to those attached drawings, many different forms and embodiment be it is feasible and
Without departing from spirit of that invention and teaching, therefore, the present invention should not be construed the limitation become in this proposed exemplary embodiment.
More precisely, these exemplary embodiments are provided so that the present invention can be perfect and complete, and can be by the scope of the invention
It is communicated to those those of skill in the art.In those schemas, size of components and relative size be perhaps based on it is clear for the sake of
And it is exaggerated.Term used herein is based only on description particular example embodiment purpose, and being not intended to, which becomes limitation, uses.Such as
Ground is used at this, unless the interior text clearly refers else, otherwise the singular " one ", "one" and "the" be intended to by
Those multiple forms are also included in.Those term "comprising"s and/or " comprising " will become further apparent when being used in this specification,
It indicates the presence of the feature, integer, step, operation, component and/or component, but is not excluded for one or more other features, whole
Number, step, operation, component, component and/or the presence of its group or increase.Unless otherwise indicated, narrative tense, a value range packet
Bound containing the range and any subrange therebetween.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (18)
1. a kind of access control method is applied to gateway characterized by comprising
Receive network access request;
According to the access control policy of the access control policy and cloud server that are locally stored, it is determined whether can allow for described
Network access request.
2. access control method according to claim 1, which is characterized in that the access control plan that the basis is locally stored
Omit the access control policy with cloud server, it is determined whether the step of can allow for the network access request, comprising:
According to the characteristic information in the network access request received, inquiry whether there is and the feature in local policy library
Corresponding first access control policy of information;
If it does not exist, then the characteristic information is sent to cloud server;
Receive the second access control policy that the cloud server is fed back according to the characteristic information;
According to second access control policy, the access of this network is controlled.
3. access control method according to claim 2, which is characterized in that described to receive the cloud server according to institute
After the step of stating the second access control policy of characteristic information feedback, further includes:
Second access control policy is stored in local policy library.
4. access control method according to claim 2, which is characterized in that described according to the second access control plan
Slightly, the step of access of this network being controlled, comprising:
If second access control policy allows this network to access, user equipment access target network is controlled;
If second access control policy forbids this network to access, the access of this network is intercepted, and send denied access
Information is to user equipment.
5. access control method according to claim 1, which is characterized in that the method also includes:
Based on the tactful reset information that predetermined period or the cloud server received are sent, to being stored in local policy
Access control policy in library is purged.
6. a kind of access control method is applied to cloud server characterized by comprising
Receive the characteristic information that gateway is sent;
According to the characteristic information, access control policy corresponding with the characteristic information is inquired;
The access control policy inquired is fed back into gateway.
7. access control method according to claim 6, which is characterized in that the method also includes:
According to the new access control policy ordering information received, sending strategy reset information to the gateway.
8. a kind of gateway, which is characterized in that including processor and transceiver, wherein
The transceiver is for receiving network access request;
The processor is used for the access control policy according to the access control policy and cloud server being locally stored, and determination is
It is no to can allow for the network access request.
9. gateway according to claim 8, which is characterized in that
The processor is also used to: according to the characteristic information in the network access request received, being inquired in local policy library
With the presence or absence of the first access control policy corresponding with the characteristic information;
The transceiver is also used to: if it does not exist, then sending the characteristic information to cloud server;Receive the cloud service
The second access control policy that device is fed back according to the characteristic information;
The processor is also used to: according to second access control policy, being controlled the access of this network.
10. gateway according to claim 9, which is characterized in that the processor is also used to:
Second access control policy is stored in local policy library.
11. gateway according to claim 9, which is characterized in that the processor is also used to: if second access control
Strategy allows this network to access, then controls user equipment access target network;If second access control policy forbids this
Secondary network access, then intercept the access of this network, and send denied access information to user equipment.
12. gateway according to claim 8, which is characterized in that the processor is also used to:
Based on the tactful reset information that predetermined period or the cloud server received are sent, to being stored in local policy
Access control policy in library is purged.
13. a kind of cloud server, which is characterized in that including processor and transceiver, wherein
The transceiver is used to receive the characteristic information of gateway transmission;
The processor is used to inquire access control policy corresponding with the characteristic information according to the characteristic information;
The access control policy that the transceiver is also used to inquire feeds back to gateway.
14. cloud server according to claim 13, which is characterized in that the transceiver is also used to:
According to the new access control policy ordering information received, sending strategy reset information to the gateway.
15. a kind of gateway, including transceiver, memory, processor and it is stored on the memory and can be in the processor
The computer program of upper operation;It is characterized in that, the processor realizes such as claim 1-5 when executing the computer program
Described in any item access control methods.
16. a kind of cloud server, including transceiver, memory, processor and it is stored on the memory and can be described
The computer program run on processor;It is characterized in that, the processor realizes such as right when executing the computer program
It is required that 6 or 7 described in any item access control methods.
17. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step in access control method as described in any one in claim 1-5 is realized when being executed by processor.
18. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
It realizes when being executed by processor such as the step in the described in any item access control methods of claim 6 or 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810000826.6A CN109995738A (en) | 2018-01-02 | 2018-01-02 | A kind of access control method, gateway and cloud server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810000826.6A CN109995738A (en) | 2018-01-02 | 2018-01-02 | A kind of access control method, gateway and cloud server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109995738A true CN109995738A (en) | 2019-07-09 |
Family
ID=67128325
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810000826.6A Pending CN109995738A (en) | 2018-01-02 | 2018-01-02 | A kind of access control method, gateway and cloud server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109995738A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535777A (en) * | 2019-08-12 | 2019-12-03 | 新华三大数据技术有限公司 | Access request control method, device, electronic equipment and readable storage medium storing program for executing |
CN112822762A (en) * | 2020-12-30 | 2021-05-18 | 展讯通信(上海)有限公司 | Radio frequency output power configuration method and device, electronic chip and electronic equipment |
CN113612802A (en) * | 2021-10-08 | 2021-11-05 | 苏州浪潮智能科技有限公司 | Access control method, device, equipment and readable storage medium |
CN114124429A (en) * | 2021-08-23 | 2022-03-01 | 阿里巴巴新加坡控股有限公司 | Data processing method and device, electronic equipment and computer readable storage medium |
CN114553703A (en) * | 2022-04-24 | 2022-05-27 | 佛山技研智联科技有限公司 | Deployment method, device, equipment and storage medium of industrial equipment control strategy |
CN115412527A (en) * | 2022-08-29 | 2022-11-29 | 北京火山引擎科技有限公司 | Method and communication device for one-way communication between virtual private networks |
CN112243003B (en) * | 2020-10-13 | 2023-04-11 | 中移(杭州)信息技术有限公司 | Access control method, electronic device, and storage medium |
CN116132198A (en) * | 2023-04-07 | 2023-05-16 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102006297A (en) * | 2010-11-23 | 2011-04-06 | 中国科学院软件研究所 | Two-level policy decision-based access control method and system |
CN102195971A (en) * | 2011-03-24 | 2011-09-21 | 北京思创银联科技股份有限公司 | Website access control method |
CN103458003A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Access control method and system of self-adaptation cloud computing environment virtual security domain |
CN103516681A (en) * | 2012-06-26 | 2014-01-15 | 华为技术有限公司 | Network access control method and device thereof |
CN104270467A (en) * | 2014-10-24 | 2015-01-07 | 冯斌 | Virtual machine managing and controlling method for mixed cloud |
US20150319193A1 (en) * | 2012-08-31 | 2015-11-05 | Cisco Technology, Inc. | Method for cloud-based access control policy management |
WO2016167249A1 (en) * | 2015-04-13 | 2016-10-20 | 株式会社日立製作所 | Access control device, and access control method |
CN106936804A (en) * | 2015-12-31 | 2017-07-07 | 华为技术有限公司 | A kind of access control method and authenticating device |
-
2018
- 2018-01-02 CN CN201810000826.6A patent/CN109995738A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102006297A (en) * | 2010-11-23 | 2011-04-06 | 中国科学院软件研究所 | Two-level policy decision-based access control method and system |
CN102195971A (en) * | 2011-03-24 | 2011-09-21 | 北京思创银联科技股份有限公司 | Website access control method |
CN103516681A (en) * | 2012-06-26 | 2014-01-15 | 华为技术有限公司 | Network access control method and device thereof |
US20150319193A1 (en) * | 2012-08-31 | 2015-11-05 | Cisco Technology, Inc. | Method for cloud-based access control policy management |
CN103458003A (en) * | 2013-08-15 | 2013-12-18 | 中电长城网际系统应用有限公司 | Access control method and system of self-adaptation cloud computing environment virtual security domain |
CN104270467A (en) * | 2014-10-24 | 2015-01-07 | 冯斌 | Virtual machine managing and controlling method for mixed cloud |
WO2016167249A1 (en) * | 2015-04-13 | 2016-10-20 | 株式会社日立製作所 | Access control device, and access control method |
CN106936804A (en) * | 2015-12-31 | 2017-07-07 | 华为技术有限公司 | A kind of access control method and authenticating device |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535777A (en) * | 2019-08-12 | 2019-12-03 | 新华三大数据技术有限公司 | Access request control method, device, electronic equipment and readable storage medium storing program for executing |
CN110535777B (en) * | 2019-08-12 | 2022-07-12 | 新华三大数据技术有限公司 | Access request control method and device, electronic equipment and readable storage medium |
CN112243003B (en) * | 2020-10-13 | 2023-04-11 | 中移(杭州)信息技术有限公司 | Access control method, electronic device, and storage medium |
CN112822762A (en) * | 2020-12-30 | 2021-05-18 | 展讯通信(上海)有限公司 | Radio frequency output power configuration method and device, electronic chip and electronic equipment |
CN114124429A (en) * | 2021-08-23 | 2022-03-01 | 阿里巴巴新加坡控股有限公司 | Data processing method and device, electronic equipment and computer readable storage medium |
CN113612802A (en) * | 2021-10-08 | 2021-11-05 | 苏州浪潮智能科技有限公司 | Access control method, device, equipment and readable storage medium |
CN113612802B (en) * | 2021-10-08 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Access control method, device, equipment and readable storage medium |
CN114553703A (en) * | 2022-04-24 | 2022-05-27 | 佛山技研智联科技有限公司 | Deployment method, device, equipment and storage medium of industrial equipment control strategy |
CN114553703B (en) * | 2022-04-24 | 2022-08-02 | 佛山技研智联科技有限公司 | Deployment method, device, equipment and storage medium of industrial equipment control strategy |
CN115412527A (en) * | 2022-08-29 | 2022-11-29 | 北京火山引擎科技有限公司 | Method and communication device for one-way communication between virtual private networks |
CN115412527B (en) * | 2022-08-29 | 2024-03-01 | 北京火山引擎科技有限公司 | Method and device for unidirectional communication between virtual private networks |
CN116132198A (en) * | 2023-04-07 | 2023-05-16 | 杭州海康威视数字技术股份有限公司 | Internet of things privacy behavior sensing method and device based on lightweight context semantics |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109995738A (en) | A kind of access control method, gateway and cloud server | |
US11902250B2 (en) | Methods and systems for prevention of attacks associated with the domain name system | |
US10601767B2 (en) | DNS query processing based on application information | |
CN107181804B (en) | The method for down loading and device of resource | |
CN106067890B (en) | A kind of domain name analytic method, apparatus and system | |
CN109088909B (en) | Service gray level publishing method and device based on merchant type | |
CN104852934A (en) | Method for realizing flow distribution based on front-end scheduling, device and system thereof | |
CN102918813A (en) | Device and method for data load balancing | |
EP3860095A1 (en) | Methods for information drainage, requesting transmission and communication acceleration, and drainage and node server | |
EP1435719A2 (en) | Request processing swtich | |
US7886043B1 (en) | Hybrid method and apparatus for URL filtering | |
US20050228884A1 (en) | Resource management | |
CN113452780A (en) | Access request processing method, device, equipment and medium for client | |
CN109586937B (en) | Operation and maintenance method, equipment and storage medium of cache system | |
CN110225150A (en) | Communication means, system and storage medium between different network protocol | |
CN106856456B (en) | Processing method and system for cache cluster service | |
CN111147468A (en) | User access method, device, electronic equipment and storage medium | |
CN107786594A (en) | Service request processing method and device | |
CN107979627A (en) | A kind of processing method and processing device of network request | |
CN110365508A (en) | The method and network function of virtual network function instantiation virtualize composer | |
CN108063835A (en) | Outer net domain name analytic method, server and system | |
CN108040124B (en) | Method and device for controlling mobile terminal application based on DNS-Over-HTTP protocol | |
CN109417559A (en) | For disposing server, client terminal device and the method therein of the content resource of caching | |
CN114745329B (en) | Flow control method and device, storage medium and electronic device | |
CN107305496A (en) | Application APP method for down loading and Wireless Communication Equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190709 |