Summary of the invention
The purpose of the present invention is to provide a kind of security access system and methods, to solve access side in the prior art
The poor problem of method safety.
To achieve the above object, the technical solution of the embodiment of the present invention are as follows:
The embodiment of the present invention provides a kind of security access system, the system comprises browser, gateway and server,
In:
The browser, for the access operation in response to user, Xiang Suoshu gateway sends access request, wherein described
It include the corresponding link to be visited of account, the access operation of the user in access request;
The gateway for receiving the access request, and judges the account for the user for including in the access request
Number whether there is the permission for accessing the link to be visited;
The gateway, is also used to when the judgment result is yes, and the access request is sent to the server;
The server is also used to receive the access request, and wait visit according to including in the access request
It asks link, determines the corresponding targeted web content of the link to be visited;
The server is also used to that the targeted web content is sent to the browser by the gateway;
The browser is also used to receive and render the corresponding target webpage of the targeted web content.
Further, the gateway, is specifically used for:
Obtain the corresponding relationship of preset at least one account and links and accesses list;
Determine the corresponding Object linking access list of the account for the user for including in the access request;
Judge the link to be visited for including in the access request with the presence or absence of in the Object linking access list
In;
If judging, the link to be visited for including in the access request is present in the Object linking access list
In, then determine that the account for the user for including in the access request has the permission for accessing the link to be visited.
Further, further include certification identification information in the access request, then the gateway is also used to:
The link to be visited for including in judging the access request is present in the Object linking access list
In after, the account for the user for including in determining the access request have access the link to be visited permission it
Before, obtain the corresponding relationship of preset at least one account and identification information;
Determine the corresponding target identification information of the account of the user;
Judge whether the certification identification information is identical as the target identification information;Then
Determine that the account for the user for including in the access request has the permission for accessing the link to be visited
On condition that:
Judge that the certification identification information is identical as the target identification information.
Further, in the access request further include terminal device pair where current accessed time, the browser
It is the equipment identification information answered, the terminal device current location, the corresponding internet protocol address of the terminal device, described
The facial image of user, the user fingerprint at least one information;Then
The gateway, is also used to:
The link to be visited for including in judging the access request is present in the Object linking access list
In after, the account for the user for including in determining the access request have access the link to be visited permission it
Before, obtain the corresponding relationship, at least one preset account and equipment mark of preset at least one account and access time range
Know the corresponding relationship of information, the corresponding relationship of at least one preset account and position range, at least one preset account with
The corresponding relationship of IP address, the corresponding relationship of at least one preset account and facial image, at least one preset account with
At least one of corresponding relationship of fingerprint corresponding relationship;
Determine the corresponding target access time range of the account of the user, target position range, target position information,
Target ip address, target facial image, at least one information in target fingerprint;
Judge that the current accessed time whether in the target access time range, and/or judges the equipment mark
Whether identical as the target identification information know information, and/or judges the terminal device current location whether in the target
Whether in position range, and/or to judge the corresponding IP address of the terminal device identical as the target ip address, and/or sentences
Break the user facial image it is whether identical as the target facial image, and/or judge the user fingerprint whether with
The target fingerprint is identical;
Determine that the account for the user for including in the access request has the permission for accessing the link to be visited
On condition that:
Judging result is to be.
Further, the system also includes at least one of positioning devices, image capture device, fingerprint collecting equipment
Equipment;Then
The browser is also used to obtain the terminal device present bit where the browser by the positioning device
It sets, and/or equipment is acquired by described image and acquires the facial image of the user, and/or passes through the fingerprint collecting equipment
Acquire the fingerprint of the user.
The embodiment of the present invention also provides a kind of safe visit method, which comprises
Browser sends access request to gateway, wherein wrap in the access request in response to the access operation of user
Include the corresponding link to be visited of account, the access operation of the user;
The gateway receives the access request, and judges that the account of the user for including in the access request is
It is no that there is the permission for accessing the link to be visited;
The gateway, is also used to when the judgment result is yes, and the access request is sent to the server;
The server, receives the access request, and according to the link to be visited for including in the access request,
Determine the corresponding targeted web content of the link to be visited;
The targeted web content is sent to the browser by the gateway by the server;
The browser receives and renders the corresponding target webpage of the targeted web content.
Further, the gateway, judges whether the account for the user for including in the access request has access
The permission of the link to be visited, specifically includes:
The gateway obtains the corresponding relationship of preset at least one account and links and accesses list;
The gateway determines the corresponding Object linking Access Column of the account for the user for including in the access request
Table;
The gateway judges the link to be visited for including in the access request with the presence or absence of in the Object linking
In access list;
If judging, the link to be visited for including in the access request is present in the Object linking access list
In, then the gateway, determines that the account for the user for including in the access request has and accesses the link to be visited
Permission.
Further, further include certification identification information in the access request, then wrapped in judging the access request
After the link to be visited included is present in the Object linking access list, include in determining the access request
Before the account of the user has the permission for accessing the link to be visited, the method also includes:
The gateway obtains the corresponding relationship of preset at least one account and identification information;
Determine the corresponding target identification information of the account of the user;
Judge whether the certification identification information is identical as the target identification information;Then
Determine that the account for the user for including in the access request has the permission for accessing the link to be visited
On condition that:
Judge that the certification identification information is identical as the target identification information.
The embodiment of the present invention has the advantages that
When user accesses webpage by browser, needs that access request is first sent to gateway, judge the use to gateway
After family has the permission for the link that access wants access to, then ox is ridden into access and is sent to Dong Wuqu, server will pass through gateway and return
Corresponding web page content is returned, so that browser final rendering goes out corresponding web page, wherein by the authority verification of gateway, improve visit
Ask safety.
Specific embodiment
Embodiments of the present invention are illustrated by particular specific embodiment below, those skilled in the art can be by this explanation
Content disclosed by book is understood other advantages and efficacy of the present invention easily.
It should be clear that this specification structure depicted in this specification institute accompanying drawings, ratio, size etc., only to cooperate specification to be taken off
The content shown is not intended to limit the invention enforceable qualifications so that those skilled in the art understands and reads, therefore
Do not have technical essential meaning, the modification of any structure, the change of proportionate relationship or the adjustment of size are not influencing the present invention
Under the effect of can be generated and the purpose that can reach, it should all still fall in disclosed technology contents and obtain the model that can cover
In enclosing.Meanwhile cited such as "upper", "lower", " left side ", the right side in this specification ", the term of " centre ", be merely convenient to chat
That states is illustrated, rather than to limit the scope of the invention, relativeness is altered or modified, and is changing skill without essence
It is held in art, when being also considered as the enforceable scope of the present invention.
The embodiment of the present invention provides a kind of security access system, and the structural schematic diagram of the system can be found in Fig. 1, and system includes
Browser 101, gateway 103 and server 102, in which:
Browser 101 sends access request to gateway 103, wherein access is asked for the access operation in response to user
It include the corresponding link to be visited of account, access operation of user in asking;
Gateway 103 for receiving access request, and judges whether the account for the user for including in access request has access
The permission of link to be visited;
Gateway 103, is also used to when the judgment result is yes, and access request is sent to server 102;
Server 102 is also used to receive access request, and according to the link to be visited for including in access request, determines
It is to be visited to link corresponding targeted web content;
Server 102 is also used to that targeted web content is sent to browser 101 by gateway 103;
Browser 101 is also used to receive and render the corresponding target webpage of targeted web content.
Above-mentioned access operation can be clicking for any link in the webpage that user currently shows for browser 101
Or the operation such as double-click.
Above-mentioned link to be visited can be Intranet link and be also possible to outer net link, here without any restriction.
When user accesses webpage by browser 101, needs that access request is first sent to gateway 103, sentence to gateway 103
Break after the permission that the user has the link that access wants access to, then ox is ridden into access and is sent to Dong Wuqu, server 102 is just
Corresponding web page content is returned to by gateway 103, so that 101 final rendering of browser goes out corresponding web page, wherein pass through gateway 103
Authority verification, improve access security.
In a kind of implement scene, gateway 103 is specifically used for:
Obtain the corresponding relationship of preset at least one account and links and accesses list;
Determine the corresponding Object linking access list of the account for the user for including in access request;
Judge that the link to be visited for including in access request whether there is in Object linking access list;
If judging, the link to be visited for including in access request is present in Object linking access list, determines to access
The account for the user for including in request has the permission for accessing link to be visited.
The corresponding relationship of above-mentioned at least one account and links and accesses list, can be server and is sent to gateway.
It further, further include certification identification information, then gateway in order to further increase access security, in access request
103, it is also used to:
After the link to be visited for including in judging access request is present in Object linking access list, determining
Before the account for the user for including in access request has the permission for accessing link to be visited, at least one preset account is obtained
With the corresponding relationship of identification information;
Determine the corresponding target identification information of the account of user;
Judge whether certification identification information is identical as target identification information;Then
Determine the account for the user for including in access request is with the premise for the permission for accessing link to be visited:
Judge that certification identification information is identical as target identification information.
Above-mentioned target identification information can be any character, number or literary combinatorics on words, have uniqueness, the present invention is real
Example is applied to this without any restriction.
The corresponding relationship of above-mentioned preset at least one account and identification information, can be server and is sent to gateway.
Pair of the identification information and above-mentioned preset at least one account and identification information that include in above-mentioned access request
It should be related to, can be and got by operations described below:
Browser 101, for server 102 send log-on message, wherein in log-on message including user account and
Password;
Server 102 for receiving log-on message, and judges whether log-on message is correct;
Server 102 is also used to when judging that log-on message is correct, according to the account for the user for including in log-on message
Number, determine that the account of user corresponds to targeted web content, and targeted web content is sent to browser, wherein target network
At least one Object linking in page content including user with access authority, at least one Object linking, including at least one
Intranet link and/or the link of at least one outer net;
Server 102 is also used to the corresponding identification information of the account of user being sent to browser;
Server 102 is also used to the corresponding relationship of preset at least one account and identification information being sent to gateway
103;
Browser 101 is also used to receive identification information, and receives and render the corresponding webpage of targeted web content, this
In webpage, the webpage being equivalent to where the corresponding link to be visited of access operation mentioned above;
Gateway 103, for receiving the corresponding relationship of preset at least one account and identification information.
It further, further include current accessed time, browser in access request in order to further increase access security
The corresponding equipment identification information of terminal device, terminal device current location, the corresponding IP address of terminal device, use where 101
At least one information in the facial image at family, the fingerprint of user;Then
Gateway 103, is also used to:
After the link to be visited for including in judging access request is present in Object linking access list, determining
Before the account for the user for including in access request has the permission for accessing link to be visited, at least one preset account is obtained
With the corresponding relationship of access time range, at least one preset account and equipment identification information corresponding relationship, it is preset extremely
The corresponding relationship of a few account and position range, at least one preset account and IP address corresponding relationship, it is preset extremely
Few at least one of an account and corresponding relationship, at least one preset account and the corresponding relationship of fingerprint of facial image
Corresponding relationship;
Determine the corresponding target access time range of the account of user, target position range, target position information, target
IP address, target facial image, at least one information in target fingerprint;
Judge the current accessed time whether in target access time range, and/or judge equipment identification information whether with
Target identification information is identical, and/or judges that terminal device current location whether within the scope of target position, and/or judges terminal
Whether the corresponding IP address of equipment identical as target ip address, and/or judge user facial image whether with target face figure
As identical, and/or judge whether the fingerprint of user is identical as target fingerprint;
Determine the account for the user for including in access request is with the premise for the permission for accessing link to be visited:
Judging result is to be.
It should be noted that including any information in access request, it is corresponding default that gateway 103 can obtain these information
Corresponding relationship, to judge the corresponding target information of these information, and then judge whether these information are believed with target
Manner of breathing is same, if all the same, illustrates that judging result is to be, otherwise, judging result is not to be.
Further, system further includes that at least one of positioning device, image capture device, fingerprint collecting equipment are set
It is standby;Then
Browser 101 is also used to obtain the terminal device current location where browser 101 by positioning device, and/or
The facial image of user is acquired by image capture device, and/or the fingerprint of user is acquired by fingerprint collecting equipment.
Above-mentioned image capture device can be any type of acquisition images such as camera, camera meeting image acquiring sensor
Equipment.
Above-mentioned positioning device, can be with any type of positioning device.
The embodiment of the present invention also provides a kind of safe visit method, and the flow diagram of this method can be found in Fig. 2, this method packet
Include following step:
Step 201, browser sends access request to gateway, wherein access request in response to the access operation of user
In include user the corresponding link to be visited of account, access operation.
Step 202, gateway receives access request, and judges whether the account for the user for including in access request has visit
Ask the permission of link to be visited.
Step 203, gateway, is also used to when the judgment result is yes, and access request is sent to server.
Step 204, server receives access request, and according to the link to be visited for including in access request, determine to
Access links corresponding targeted web content.
Step 205, targeted web content is sent to browser by gateway by server.
Step 206, browser receives and renders the corresponding target webpage of targeted web content.
Further, gateway, judges whether the account for the user for including in access request has access link to be visited
Permission specifically includes:
Gateway obtains the corresponding relationship of preset at least one account and links and accesses list;
Gateway determines the corresponding Object linking access list of the account for the user for including in access request;
Gateway judges that the link to be visited for including in access request whether there is in Object linking access list;
If judging, the link to be visited for including in access request is present in Object linking access list, and gateway is sentenced
The account for determining the user for including in access request has the permission for accessing link to be visited.
Further, further include in access request certification identification information, then include in judging access request wait visit
After asking that link is present in Object linking access list, determine access request in include user account have access to
Before the permission for accessing link, method further include:
Gateway obtains the corresponding relationship of preset at least one account and identification information;
Determine the corresponding target identification information of the account of user;
Judge whether certification identification information is identical as target identification information;Then
Determine the account for the user for including in access request is with the premise for the permission for accessing link to be visited:
Judge that certification identification information is identical as target identification information.
Although above having used general explanation and specific embodiment, the present invention is described in detail, at this
On the basis of invention, it can be made some modifications or improvements, this will be apparent to those skilled in the art.Therefore,
These modifications or improvements without departing from theon the basis of the spirit of the present invention are fallen within the scope of the claimed invention.