CN110290150A - A kind of login validation method and login authentication device of Virtual Private Network VPN - Google Patents
A kind of login validation method and login authentication device of Virtual Private Network VPN Download PDFInfo
- Publication number
- CN110290150A CN110290150A CN201910646652.5A CN201910646652A CN110290150A CN 110290150 A CN110290150 A CN 110290150A CN 201910646652 A CN201910646652 A CN 201910646652A CN 110290150 A CN110290150 A CN 110290150A
- Authority
- CN
- China
- Prior art keywords
- target user
- log
- identification information
- password
- vpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application provides the login validation method of Virtual Private Network VPN a kind of and login authentication devices, the login validation method, after determining that target user belongs to enterprise customer according to the password request for receiving target user's transmission, by the identification information of target user and the dynamic log cryptographic association got, and dynamic log password is handed down to target user, when the log-on message for the target user for receiving vpn server forwarding, based on log-on message, identification information and dynamic log password, determine that target user has the permission for logging in the VPN and identification information and dynamic log password match in log-on message, and then determine the success of target user's logging in VPN.In this way, will obtain new login password in real time in user's logging in VPN each time by association user and dynamic log password, improve the safety of user account logging in VPN.
Description
Technical field
This application involves Virtual Private Network login techniques field, the login more particularly, to a kind of Virtual Private Network is tested
Card method and login authentication device.
Background technique
Virtual Private Network VPN (Virtual Private Network) is a kind of privately owned specially using public network Facilities Construction
Line network technology.For some large enterprises, often possess multiple branches in multiple areas, these mechanisms and general headquarters it
Between connection shared data need using VPN, when using VPN, need to verify user identity, to guarantee to look forward in VPN
The safety of industry information.
At this stage, in user's logging in VPN, common login mode is account verification login, needs to create in VPN in advance
Build with the matched account of user, and the unique password of user bound setting, when logging in, user inputs account and password and carries out
Authority Verification.But when user password is lost, according to user password and account, anyone can logging in VPN, easily make
At the leakage of company information.
Summary of the invention
In view of this, a kind of login validation method for being designed to provide Virtual Private Network VPN of the application and login
Device is verified, a dynamic login password can be distributed to user, for logging in after enterprise's backstage confirmation user identity
VPN detects user identity information and dynamic in the log-on message after the log-on message for receiving vpn server forwarding
Whether login password matches and detects whether the target user has the permission for logging in the VPN, if the target user has
Logon rights and user identity information and dynamic log password match then confirm that target user can be with logging in VPN.In this way, passing through
Association user and dynamic log password will obtain new login password in real time, improve user in logging in VPN each time
The safety of account logging in VPN.
The embodiment of the present application provides the login validation method of Virtual Private Network VPN a kind of, the login validation method
Include:
When receiving the password request of target user's transmission, verify whether the target user belongs to enterprise customer;
When determining that the target user belongs to enterprise customer, by the identification information of the target user with get
Dynamic log cryptographic association, and the dynamic log password is handed down to the target user;
When receiving the log-on message of the target user of vpn server forwarding, based on the log-on message, described
Identification information and the dynamic log password, detect whether the target user has the permission for logging in the VPN, and
It detects the identification information in the log-on message and whether the dynamic log password matches;
If identification information and the dynamic log password match in the log-on message, and the target user
With the permission for logging in the VPN, determine that the target user logs in the VPN success.
Further, described when receiving the password request of target user's transmission, verify whether the target user belongs to
In enterprise customer, comprising:
Obtain the identification information of the target user and the enterprise customer's identity being stored in background server
Information collection;
Whether the identification information for detecting the target user appoints with what enterprise customer's identification information was concentrated
The matching of one enterprise customer's identification information;
If any user identity mark in the identification information of the target user and the User Identity information
Know information matches, determines that the target user belongs to enterprise customer.
Further, institute is based on when receiving the log-on message of the target user of vpn server forwarding described
Log-on message, the identification information and the dynamic log password are stated, detects whether the target user has login institute
Whether the identification information and the dynamic log password stated in the permission of VPN, and the detection log-on message match it
Before, the login validation method further include:
The time that issues that the dynamic log password is handed down to the target user is obtained, and receives the target
The receiving time when log-on message of user;
It detects the receiving time and whether the time difference issued between the time is greater than preset threshold;
If the time difference is greater than preset threshold, the identity of the dynamic log password and the target user is released
The association of information.
Further, the login validation method detects the identity letter in the log-on message in the following manner
Whether breath and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;
Determine the identification information of the target user associated with the dynamic log password;
If the identification information in the log-on message is consistent with the identification information of the target user, institute is determined
State the identification information in log-on message and the dynamic log password match.
Further, if identification information and dynamic log password in the log-on message of the target user
It matches and the target user has the permission for logging in the VPN, after determining that the target user logs in the VPN success,
The login validation method further include:
Cancel the association between the dynamic log password and the identification information of the target user.
The embodiment of the present application also provides the login authentication device of Virtual Private Network VPN a kind of, the login authentication dress
It sets and includes:
Authentication module, for verifying whether the target user belongs to when receiving the password request of target user's transmission
In enterprise customer;
Processing module, for when the authentication module determines that the target user belongs to enterprise customer, by the target
The identification information of user and the dynamic log cryptographic association got, and the dynamic log password is handed down to the mesh
Mark user;
First detection module, for being based on when receiving the log-on message of the target user of vpn server forwarding
The log-on message, the identification information and the dynamic log password, detect whether the target user has login institute
Whether the identification information and the dynamic log password stated in the permission of VPN, and the detection log-on message match;
Determining module, if in the log-on message identification information and the dynamic log password match, and
And the target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Further, the authentication module includes:
First acquisition unit, for obtaining the identification information of the target user and being stored in background server
Enterprise customer's identification information collection;
First detection unit, for detect the target user identification information whether with enterprise customer's identity
Any enterprise customer's identification information matching that identification information is concentrated;
First determination unit, if in the identification information and the User Identity information of the target user
Any user identification information matching, determine that the target user belongs to enterprise customer.
Further, the login authentication device further include:
Module is obtained, for obtaining the time that issues that the dynamic log password is handed down to the target user, and
Receive the receiving time when log-on message of the target user;
Second detection module, for for detecting the receiving time and described issue between the time that the acquisition module obtains
Time difference whether be greater than preset threshold;
Module is released, if being greater than preset threshold for the time difference, releases the dynamic log password and the target
The association of the identification information of user.
Further, the login authentication device detects the identity letter in the log-on message in the following manner
Whether breath and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;
Determine the identification information of the target user associated with the dynamic log password;
If the identification information in the log-on message is consistent with the identification information of the target user, institute is determined
State the identification information in log-on message and the dynamic log password match.
Further, the login authentication device, further includes:
Cancel module, for cancelling the pass between the dynamic log password and the identification information of the target user
Connection.
The embodiment of the present application also provides a kind of electronic equipment, comprising: processor, memory and bus, the memory are deposited
Contain the executable machine readable instructions of the processor, when electronic equipment operation, the processor and the memory it
Between such as above-mentioned Virtual Private Network VPN is executed by bus communication, when the machine readable instructions are executed by the processor
Login validation method the step of.
The embodiment of the present application also provides a kind of computer readable storage medium, is stored on the computer readable storage medium
Computer program executes the login authentication side such as above-mentioned Virtual Private Network VPN when the computer program is run by processor
The step of method.
The login validation method and login authentication device of Virtual Private Network VPN provided by the embodiments of the present application, Ke Yi
After enterprise's backstage confirmation user identity, a dynamic login password is distributed to user, is used for logging in VPN, is receiving VPN clothes
It is engaged in after the log-on message of device forwarding, detects whether user identity information and dynamic log password in the log-on message match simultaneously
And whether the detection target user has the permission for logging in the VPN, if the target user has logon rights and user identifier
Information and dynamic log password match then confirm that target user can be with logging in VPN.In this way, passing through association user and dynamic log
Password will obtain new login password in real time, improve the peace of user account logging in VPN in user's logging in VPN each time
Quan Xing.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the system architecture diagram under a kind of possible application scenarios;
Fig. 2 is a kind of flow chart of the login validation method of Virtual Private Network VPN provided by the embodiment of the present application;
Fig. 3 is the flow chart of the login validation method of another kind Virtual Private Network VPN provided by the embodiment of the present application;
Fig. 4 is a kind of structural representation of the login authentication device of Virtual Private Network VPN provided by the embodiment of the present application
Figure;
Fig. 5 is that the structure of the login authentication device of another kind Virtual Private Network VPN provided by the embodiment of the present application is shown
It is intended to;
Fig. 6 is the structural schematic diagram of authentication module shown in Fig. 4;
Fig. 7 is the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
Middle attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
It is some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real
The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the application's provided in the accompanying drawings
The detailed description of embodiment is not intended to limit claimed scope of the present application, but is merely representative of the selected reality of the application
Apply example.Based on embodiments herein, those skilled in the art are obtained every without making creative work
A other embodiments, shall fall in the protection scope of this application.
Firstly, the application application scenarios applicatory are introduced.The application can be applied to Virtual Private Network VPN and step on
Technical field is recorded, a dynamic login password can be distributed to user, for logging in after enterprise's backstage confirmation user identity
VPN detects user identity information and dynamic in the log-on message after the log-on message for receiving vpn server forwarding
Whether login password matches and detects whether the target user has the permission for logging in the VPN, if the target user has
Logon rights and user identity information and dynamic log password match then confirm that target user can be with logging in VPN.In this way, passing through
Association user and dynamic log password will obtain new login password in real time, improve user in logging in VPN each time
The safety of account logging in VPN.Referring to Fig. 1, Fig. 1 is a kind of system construction drawing under the application scenarios.Institute as shown in figure 1
Show, the system comprises user terminal, background server and vpn server, the background server are receiving user terminal transmission
Password request when, whether the user that verifying sends the password request belongs to enterprise customer, if the user belongs to enterprise's use
Family turns the identification information of the user and the dynamic log cryptographic association got when receiving the vpn server
Whether the log-on message of the user of hair, identification information and the dynamic log password detected in the log-on message match, if
The identification information and dynamic log password match, it is determined that the success of user's logging in VPN.
It has been investigated that at this stage, in user's logging in VPN, common login mode is account verification login, need to mention
The preceding creation in VPN and the matched account of user, and the unique password of user bound setting, when logging in, user inputs account
Family and password carry out Authority Verification.But when user password is lost, according to user password and account, anyone can be stepped on
VPN is recorded, the leakage of company information is easily caused.
Based on this, a kind of login validation method for being designed to provide Virtual Private Network VPN of the application can looked forward to
After industry backstage confirmation user identity, a dynamic login password is distributed to user, is used for logging in VPN, is receiving VPN service
Device forwarding log-on message after, detect user identity information and dynamic log password in the log-on message whether match and
Detect whether the target user has the permission for logging in the VPN, if the target user there are logon rights and user identifier is believed
Breath and dynamic log password match, then confirm that target user can be with logging in VPN.In this way, close by association user and dynamic log
Code, in user's logging in VPN each time, will obtain new login password in real time, improve the safety of user account logging in VPN
Property.
Referring to Fig. 2, Fig. 2 is a kind of login validation method of Virtual Private Network VPN provided by the embodiment of the present application
Flow chart.The login validation method of the embodiment of the present application offer Virtual Private Network VPN, comprising:
Step 201, when receive target user transmission password request when, verify whether the target user belongs to enterprise
User.
In the step, when receiving the password request that user terminal is sent, background server is stored according in database
Enterprise staff information, judge user terminal target user whether be enterprise employee.
Here, the employee information that target user stores in enterprise can be the employee number of employee, be also possible to looking forward to
In industry framework, the ID number of employee in the communication software of enterprises, the communication software of enterprises may include wechat enterprise, nail
Nail etc..
By the unique identity of the enterprises employee recorded in enterprise, the use can be rapidly and accurately judged
Whether family is the internal staff for belonging to enterprise.
Step 202, when determining that the target user belongs to enterprise customer, by the identification information of the target user
With the dynamic log cryptographic association got, and the dynamic log password is handed down to the target user.
In the step, when confirming the target user is enterprise staff, by the identification information of target user and with
Machine distributes to the dynamic log cryptographic association of the target user, and the dynamic log password of the target user is sent to mesh
Mark user.
Wherein, the dynamic log password can be pre-defined on enterprise backstage and be stored in enterprise backstage, can also
Being randomly generated in the password request for receiving user.Determining the corresponding dynamic log password of the target user
Afterwards, enterprise backstage is stored in by the identification information of target user and dynamic log password are corresponding, and the dynamic is stepped on
Record password is sent to user.
Here, the login side when mode for dynamic log password being sent to user and user are to enterprise's background request password
Formula is related.For example, dynamic log password can be with if target user is to log in backstage by enterprise's backstage login page
It is shown on enterprise's backstage login page;Or enterprise backstage is obtained according to the identification information of target user on enterprise backstage
Information of target user, such as user mobile phone number, mailbox password etc. are taken, the dynamic log password is passed through into user or enterprise
Mailbox is sent to user.
Step 203, when receive vpn server forwarding the target user log-on message when, be based on the login
Information, the identification information and the dynamic log password, detect whether the target user has the login VPN's
Whether identification information and the dynamic log password in permission, and the detection log-on message match.
In the step, when enterprise backstage receives the log-on message of the target user of vpn server transmission, according to login
Information examines the identity mark of the identification information and dynamic log password match relationship and enterprise's backstage storage in log-on message
Know information and whether the matching relationship of the dynamic log password is consistent, while detecting the corresponding target of the identification information
Whether user has the permission of logging in VPN.
Here, for enterprise VPN, employee be although enterprises employee, also have obtain dynamic log password
Permission, but for enterprise operation consider, some employees are the permissions for being not logged on enterprise VPN, in order to further protect
The information security for demonstrate,proving enterprise will also verify target user itself and log in when verifying the account and password match of user's logging in VPN
The permission of VPN.
If step 204, the identification information in the log-on message and the dynamic log password match, and it is described
Target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Identification information and dynamic log password match and determination in the step, in the log-on message of target user
Target user has the permission for logging in the VPN, determines that the user can log according to the account of oneself and current dynamic password
VPN。
The login validation method of Virtual Private Network VPN provided by the embodiments of the present application is sent when receiving target user
Password request when, verify whether the target user belongs to enterprise customer;When determining that the target user belongs to enterprise customer
When, by the identification information of the target user and the dynamic log cryptographic association that gets, and the dynamic log is close
Code is handed down to the target user;When receiving the log-on message of the target user of vpn server forwarding, based on described
Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login
Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;If institute
The identification information in log-on message and the dynamic log password match are stated, and the target user has described in login
The permission of VPN determines that the target user logs in the VPN success.
In this way, a dynamic login password is distributed to user, for stepping on by after enterprise's backstage confirmation user identity
VPN is recorded, after the log-on message for receiving vpn server forwarding, user identity information in the log-on message is detected and moves
Whether state login password matches and detects whether the target user has the permission for logging in the VPN, if the target user
There are logon rights and user identity information and dynamic log password match, then confirms that target user can be with logging in VPN.Pass through association
User and dynamic log password will obtain new login password in real time, improve user in user's logging in VPN each time
The safety of account logging in VPN.
Referring to Fig. 3, Fig. 3 provides the login validation method of Virtual Private Network VPN a kind of for another embodiment of the application
Flow chart.As shown in Figure 3, the login validation method of a kind of Virtual Private Network VPN provided by the embodiments of the present application, packet
It includes:
Step 301, when receive target user transmission password request when, verify whether the target user belongs to enterprise
User.
Step 302, when determining that the target user belongs to enterprise customer, by the identification information of the target user
With the dynamic log cryptographic association got, and the dynamic log password is handed down to the target user.
Step 303, when receive vpn server forwarding the target user log-on message when, be based on the login
Information, the identification information and the dynamic log password, detect whether the target user has the login VPN's
Whether identification information and the dynamic log password in permission, and the detection log-on message match.
If step 304, the identification information in the log-on message and the dynamic log password match, and it is described
Target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Association between step 305, the cancellation dynamic log password and the identification information of the target user.
In the step, confirmation target user's logging in VPN success after, enterprise's background server release dynamic log password and
The association of the identification information of the target user is being logged in identification information having the same, that is, same target user
When VPN, it is necessary to reacquire dynamic log identifying code, be further ensured that specificity and the safety of VPN.
Wherein, the description of step 301 to step 304 is referred to the description of step 201 to step 204, and can reach
Identical technical effect does not repeat them here this.
Further, step 301 further include:
Obtain the identification information of the target user and the enterprise customer's identity being stored in background server
Information collection;Detect any whether identification information of the target user is concentrated with enterprise customer's identification information
The matching of enterprise customer's identification information;If in the identification information of the target user and the User Identity information
Any user identification information matching, determine that the target user belongs to enterprise customer.
In the step, for an enterprise, all employees for belonging to this enterprise have to one's name on enterprise backstage
Identity, these identity are stored in enterprise's background server, when receiving the password request of target user, obtain
The identification information of target user, by the User Identity information pair of the identification information of target user and backstage storage
Than if any user identification information matching in the identification information of target user and backstage storage, determines institute
It states target user and belongs to enterprise customer, which has the permission for obtaining VPN dynamic log password.
Wherein, the identification information of user can be target user enterprise of WeChat ID or target user in enterprise
Mailbox number etc..
Further, before step 303, the login validation method further include:
The time that issues that the dynamic log password is handed down to the target user is obtained, and receives the target
The receiving time when log-on message of user;It detects the receiving time and whether the time difference issued between the time is greater than
Preset threshold;If the time difference is greater than preset threshold, the dynamic log password and the identity mark of the target user are released
Know the association of information.
In the step, enterprise's background server obtains sending out in dynamic log password according to the temporal information in data record
Receiving time when giving the time of target user, and receiving the log-on message of the target user, wherein target user
Password request more than once may be had sent whithin a period of time, the time of user's dynamic log password is handed down to, with last
Once it is handed down to subject to the time of target user.It calculates receiving time when receiving the log-on message of the target user and incites somebody to action
Dynamic log password is sent to the difference between the time of target user, with this get user using dynamic log password when
Between, time and preset threshold of the comparing calculation user using dynamic log password, receive the target user's if detecting
Receiving time when log-on message and dynamic log password is sent to the difference between the time of target user it is greater than default threshold
When value, i.e. user is after receiving dynamic log password, for a long time without utilizing dynamic password logging in VPN, then for this
For a user, the dynamic log password specifically obtained is no longer valid, will release dynamic log password and described on enterprise backstage
The association of the identification information of target user.When user is after dynamic password fails, recycling dynamic password carries out VPN login
When, the identification information with the associated target user of the dynamic password, user's logging in VPN failure will be can not find.
Here, dynamic log password has timeliness, once preset time has been crossed, the failure of dynamic log password, i.e.,
After user obtains dynamic log password for a period of time, VPN login is carried out without using dynamic log password, when having crossed default
Between after, user will be unable to that the peace of dynamic log password login VPN is effectively guaranteed using dynamic log password login VPN
Quan Xing.
Wherein, the preset threshold is the threshold value being arranged after comprehensively considering external influence factor, for example, user obtains
The bearing capacity etc. of VPN when the network delay and logging in VPN of dynamic log password.It can set the threshold value to 2 hours.
Further, the login validation method detects the identity letter in the log-on message in the following manner
Whether breath and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;Really
The identification information of the fixed target user associated with the dynamic log password;If the identity in the log-on message
Identification information is consistent with the identification information of the target user, determines the identification information in the log-on message and institute
State dynamic log password match.
In the step, in the log-on message that vpn server is sent, the login user of the user comprising wanting logging in VPN instantly
Identification information and login dynamic log password.Login user identification information is received on enterprise backstage and logs in dynamic
After login password, backstage is gone to look for according to login user identification information corresponding with the login user identification information
User Identity information includes two kinds of situations in the judgement for login user identification information, and one is after enterprise
No and the matched User Identity information of login user identification information, such case may be considered in platform server
It is the mistake that user inputs account, a miscue can be fed back in vpn server, user is reminded to re-enter account;Separately
A kind of situation be found in enterprise's background server with the matched User Identity information of login user identification information,
According to the matched User Identity information of login user identification information, enterprise backstage also whether to judge the user
There is the permission of logging in VPN, while the logon rights for determining user, according to the determination of User Identity information and the user
The associated dynamic log password of identification information, and after detecting login dynamic log password and enterprise in the log-on message
Whether the dynamic log password in platform matches, only when the login dynamic log password and the dynamic log password are identical simultaneously
And whether the target user when having the permission for logging in the VPN, user can just succeed logging in VPN.
The login validation method of Virtual Private Network VPN provided by the embodiments of the present application is sent when receiving target user
Password request when, verify whether the target user belongs to enterprise customer;When determining that the target user belongs to enterprise customer
When, by the identification information of the target user and the dynamic log cryptographic association that gets, and the dynamic log is close
Code is handed down to the target user;When receiving the log-on message of the target user of vpn server forwarding, based on described
Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login
Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;If institute
The identification information in log-on message and the dynamic log password match are stated, and the target user has described in login
The permission of VPN determines that the target user logs in the VPN success;Cancel the dynamic log password and the target user
Identification information between association.
In this way, a dynamic login password is distributed to user, for stepping on by after enterprise's backstage confirmation user identity
VPN is recorded, after the log-on message for receiving vpn server forwarding, user identity information in the log-on message is detected and moves
Whether state login password matches and detects whether the target user has the permission for logging in the VPN, if the target user
There are logon rights and user identity information and dynamic log password match, then confirms that target user can be with logging in VPN, and confirm
After the success of user's logging in VPN, cancel the association of dynamic log password and the identification information of target user on backstage.Pass through
Association user and dynamic log password will obtain new login password, and want in user's logging in VPN each time in real time
The logging in VPN within the effective time of dynamic log password improves the safety of user account logging in VPN.
Fig. 4 to fig. 6 is please referred to, Fig. 4 is a kind of login authentication of Virtual Private Network VPN provided by the embodiment of the present application
The structural schematic diagram of device, Fig. 5 are the login authentication device of another kind Virtual Private Network VPN provided by the embodiment of the present application
Structural schematic diagram, Fig. 6 be Fig. 4 shown in authentication module structural schematic diagram.As shown in Figure 4, the login authentication dress
Setting 400 includes:
Authentication module 410, for whether verifying the target user when receiving the password request of target user's transmission
Belong to enterprise customer.
Processing module 420, for when the authentication module 410 determines that the target user belongs to enterprise customer, by institute
The identification information of target user and the dynamic log cryptographic association got are stated, and the dynamic log password is handed down to
The target user.
First detection module 430, for when receive vpn server forwarding the target user log-on message when,
Based on the log-on message, the identification information and the dynamic log password, detect whether the target user has
Log in the permission of the VPN, and identification information in the detection log-on message and the dynamic log password whether
Matching.
Determining module 440, if in the log-on message identification information and the dynamic log password match,
And the target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Further, as shown in figure 5, the login authentication device 400, further includes:
Module 450 is obtained, issues the time for what the dynamic log password was handed down to the target user for obtaining, with
And receiving time when receiving the log-on message of the target user.
Second detection module 460, for detect it is described acquisition module 450 obtain receiving time and it is described issue the time it
Between time difference whether be greater than preset threshold.
Module 470 is released, if being greater than preset threshold for the time difference, releases the dynamic log password and the mesh
Mark the association of the identification information of user.
Cancel module 480, for cancelling between the dynamic log password and the identification information of the target user
Association.
Further, as shown in fig. 6, the authentication module 410 includes:
First acquisition unit 411, for obtaining the identification information of the target user and being stored in background server
In enterprise customer's identification information collection.
First detection unit 412, for detect the target user identification information whether with the enterprise customer
Any enterprise customer's identification information matching that identification information is concentrated.
First determination unit 413, if believing for the identification information of the target user and the User Identity
Any user identification information matching in breath, determines that the target user belongs to enterprise customer.
Further, the login authentication device 400, detects the identity in the log-on message in the following manner
Whether information and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;Really
The identification information of the fixed target user associated with the dynamic log password;If the identity in the log-on message
Identification information is consistent with the identification information of the target user, determines the identification information in the log-on message and institute
State dynamic log password match.
The login authentication device of Virtual Private Network VPN provided by the embodiments of the present application is sent when receiving target user
Password request when, verify whether the target user belongs to enterprise customer;When determining that the target user belongs to enterprise customer
When, by the identification information of the target user and the dynamic log cryptographic association that gets, and the dynamic log is close
Code is handed down to the target user;When receiving the log-on message of the target user of vpn server forwarding, based on described
Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login
Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;If institute
The identification information in log-on message and the dynamic log password match are stated, and the target user has described in login
The permission of VPN determines that the target user logs in the VPN success.
In this way, a dynamic login password is distributed to user, for stepping on by after enterprise's backstage confirmation user identity
VPN is recorded, after the log-on message for receiving vpn server forwarding, user identity information in the log-on message is detected and moves
Whether state login password matches and detects whether the target user has the permission for logging in the VPN, if the target user
There are logon rights and user identity information and dynamic log password match, then confirms that target user can be with logging in VPN.Pass through association
User and dynamic log password will obtain new login password in real time, improve user in user's logging in VPN each time
The safety of account logging in VPN.
Referring to Fig. 7, Fig. 7 is the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present application.Such as institute in Fig. 7
Show, the electronic equipment 700 includes processor 710, memory 720 and bus 730.
The memory 720 is stored with the executable machine readable instructions of the processor 710, when electronic equipment 700 is transported
When row, communicated between the processor 710 and the memory 720 by bus 730, the machine readable instructions are by the place
When managing the execution of device 710, the login of the Virtual Private Network VPN in the embodiment of the method as shown in above-mentioned Fig. 2 and Fig. 3 can be executed
The step of verification method, specific implementation can be found in embodiment of the method, and details are not described herein.
The embodiment of the present application also provides a kind of computer readable storage medium, is stored on the computer readable storage medium
Computer program can execute in the embodiment of the method as shown in above-mentioned Fig. 2 and Fig. 3 when the computer program is run by processor
Virtual Private Network VPN login validation method the step of, specific implementation can be found in embodiment of the method, no longer superfluous herein
It states.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, the application
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the application
State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-Only
Memory, ROM), random access memory (Random AccessMemory, RAM), magnetic or disk etc. is various to deposit
Store up the medium of program code.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application
Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen
It please be described in detail, those skilled in the art should understand that: anyone skilled in the art
Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution, should all cover the protection in the application
Within the scope of.Therefore, the protection scope of the application should be subject to the protection scope in claims.
Claims (10)
1. a kind of login validation method of Virtual Private Network VPN, which is characterized in that the login validation method includes:
When receiving the password request of target user's transmission, verify whether the target user belongs to enterprise customer;
When determining that the target user belongs to enterprise customer, the identification information of the target user is moved with what is got
The association of state login password, and the dynamic log password is handed down to the target user;
When receiving the log-on message of the target user of vpn server forwarding, it is based on the log-on message, the identity
Identification information and the dynamic log password, detect whether the target user has the permission for logging in the VPN, and detection
Whether identification information and the dynamic log password in the log-on message match;
If identification information and the dynamic log password match in the log-on message, and the target user has
The permission for logging in the VPN determines that the target user logs in the VPN success.
2. login validation method according to claim 1, which is characterized in that described to receive the close of target user's transmission
When code request, verify whether the target user belongs to enterprise customer, comprising:
Obtain the identification information of the target user and the enterprise customer's identification information being stored in background server
Collection;
Detect any the enterprise whether identification information of the target user is concentrated with enterprise customer's identification information
Industry User Identity information matches;
If any user identity in the identification information of the target user and the User Identity information is believed
Breath matching, determines that the target user belongs to enterprise customer.
3. login validation method according to claim 1, which is characterized in that vpn server forwarding ought be received described
The target user log-on message when, based on the log-on message, the identification information and the dynamic log it is close
Code, detects whether the target user has the permission for logging in the VPN, and detects the identity in the log-on message
Before whether information and the dynamic log password match, the login validation method further include:
The time that issues that the dynamic log password is handed down to the target user is obtained, and receives the target user
Log-on message when receiving time;
It detects the receiving time and whether the time difference issued between the time is greater than preset threshold;
If the time difference is greater than preset threshold, the identification information of the dynamic log password and the target user is released
Association.
4. login validation method according to claim 1, which is characterized in that detect the log-on message in the following manner
In identification information and the dynamic log password whether match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;
Determine the identification information of the target user associated with the dynamic log password;
If the identification information in the log-on message is consistent with the identification information of the target user, stepped on described in determination
Record the identification information in information and the dynamic log password match.
5. if the method according to claim 1, wherein body in the log-on message of the target user
Part identification information and dynamic log password match and the target user has the permission for logging in the VPN, determine the target
After user logs in the VPN success, the login validation method further include:
Cancel the association between the dynamic log password and the identification information of the target user.
6. a kind of login authentication device of Virtual Private Network VPN, which is characterized in that the login authentication device includes:
Authentication module, for verifying whether the target user belongs to enterprise when receiving the password request of target user's transmission
Industry user;
Processing module, for when the authentication module determines that the target user belongs to enterprise customer, by the target user
Identification information and the dynamic log cryptographic association that gets, and the dynamic log password is handed down to the target and is used
Family;
First detection module, for being based on described when receiving the log-on message of the target user of vpn server forwarding
Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login
Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;
Determining module, if in the log-on message identification information and the dynamic log password match, and institute
Stating target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
7. login authentication device according to claim 6, which is characterized in that the authentication module includes:
First acquisition unit, for obtaining the identification information of the target user and the enterprise being stored in background server
User Identity information collection;
First detection unit, for detect the target user identification information whether with enterprise customer's identity
Any enterprise customer's identification information matching that information is concentrated;
First determination unit, if for appointing in the identification information and the User Identity information of the target user
One User Identity information matches determine that the target user belongs to enterprise customer.
8. login authentication device according to claim 6, which is characterized in that the login authentication device further include:
Module is obtained, for obtaining the time that issues that the dynamic log password is handed down to the target user, and reception
To the target user log-on message when receiving time;
Second detection module, for detecting the receiving time and the time difference issued between the time that the acquisition module obtains
Whether preset threshold is greater than;
Module is released, if being greater than preset threshold for the time difference, releases the dynamic log password and the target user
Identification information association.
9. a kind of electronic equipment characterized by comprising processor, memory and bus, the memory are stored with the place
The executable machine readable instructions of device are managed, when electronic equipment operation, by described between the processor and the memory
Bus communication is executed virtual as described in any in claim 1 to 5 when the machine readable instructions are executed by the processor
The step of login validation method of dedicated network VPN.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program executes the Virtual Private Network as described in any in claim 1 to 5 when the computer program is run by processor
The step of login validation method of VPN.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910646652.5A CN110290150A (en) | 2019-07-17 | 2019-07-17 | A kind of login validation method and login authentication device of Virtual Private Network VPN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910646652.5A CN110290150A (en) | 2019-07-17 | 2019-07-17 | A kind of login validation method and login authentication device of Virtual Private Network VPN |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110290150A true CN110290150A (en) | 2019-09-27 |
Family
ID=68023208
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910646652.5A Pending CN110290150A (en) | 2019-07-17 | 2019-07-17 | A kind of login validation method and login authentication device of Virtual Private Network VPN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110290150A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111148056A (en) * | 2020-04-03 | 2020-05-12 | 南京华智达网络技术有限公司 | Operable network configuration method and system |
CN111710422A (en) * | 2020-06-04 | 2020-09-25 | 四川虹微技术有限公司 | Identification code determination method and device, electronic equipment and readable storage medium |
CN112019571B (en) * | 2020-10-22 | 2021-01-15 | 锱云(上海)物联网科技有限公司 | VPN connection implementation method and system |
CN113254900A (en) * | 2021-05-26 | 2021-08-13 | 中国电子信息产业集团有限公司第六研究所 | Data management method, device and system, electronic equipment and storage medium |
CN113572784A (en) * | 2021-08-04 | 2021-10-29 | 神州数码系统集成服务有限公司 | VPN user identity authentication method and device |
CN114257455A (en) * | 2021-12-28 | 2022-03-29 | 北京爱学习博乐教育科技有限公司 | Method and system for connecting enterprise VPN by using dynamic password |
CN114401120A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Object tracing method and related device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
CN104079409A (en) * | 2014-06-10 | 2014-10-01 | 百度在线网络技术(北京)有限公司 | Account login method and device |
CN107566396A (en) * | 2017-09-28 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of method based on dynamic password enhancing server VPN protocol securitys |
CN107888592A (en) * | 2017-11-13 | 2018-04-06 | 杭州迪普科技股份有限公司 | A kind of VPN login authentication methods and device |
CN108111518A (en) * | 2017-12-28 | 2018-06-01 | 北京天诚安信科技股份有限公司 | A kind of single-point logging method and system based on security password proxy server |
-
2019
- 2019-07-17 CN CN201910646652.5A patent/CN110290150A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
CN104079409A (en) * | 2014-06-10 | 2014-10-01 | 百度在线网络技术(北京)有限公司 | Account login method and device |
CN107566396A (en) * | 2017-09-28 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of method based on dynamic password enhancing server VPN protocol securitys |
CN107888592A (en) * | 2017-11-13 | 2018-04-06 | 杭州迪普科技股份有限公司 | A kind of VPN login authentication methods and device |
CN108111518A (en) * | 2017-12-28 | 2018-06-01 | 北京天诚安信科技股份有限公司 | A kind of single-point logging method and system based on security password proxy server |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111148056A (en) * | 2020-04-03 | 2020-05-12 | 南京华智达网络技术有限公司 | Operable network configuration method and system |
CN111710422A (en) * | 2020-06-04 | 2020-09-25 | 四川虹微技术有限公司 | Identification code determination method and device, electronic equipment and readable storage medium |
CN111710422B (en) * | 2020-06-04 | 2024-01-26 | 四川虹微技术有限公司 | Identification code determining method and device, electronic equipment and readable storage medium |
CN112019571B (en) * | 2020-10-22 | 2021-01-15 | 锱云(上海)物联网科技有限公司 | VPN connection implementation method and system |
CN113254900A (en) * | 2021-05-26 | 2021-08-13 | 中国电子信息产业集团有限公司第六研究所 | Data management method, device and system, electronic equipment and storage medium |
CN113572784A (en) * | 2021-08-04 | 2021-10-29 | 神州数码系统集成服务有限公司 | VPN user identity authentication method and device |
CN114401120A (en) * | 2021-12-27 | 2022-04-26 | 中国电信股份有限公司 | Object tracing method and related device |
CN114257455A (en) * | 2021-12-28 | 2022-03-29 | 北京爱学习博乐教育科技有限公司 | Method and system for connecting enterprise VPN by using dynamic password |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110290150A (en) | A kind of login validation method and login authentication device of Virtual Private Network VPN | |
CN110912938B (en) | Access verification method and device for network access terminal, storage medium and electronic equipment | |
KR102193644B1 (en) | Facility verification method and device | |
CN108111473B (en) | Unified management method, device and system for hybrid cloud | |
US8856892B2 (en) | Interactive authentication | |
CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
CN104320389B (en) | A kind of fusion identity protection system and method based on cloud computing | |
CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
CN112000744B (en) | Signature method and related equipment | |
WO2016062204A1 (en) | Trusted terminal verification method and apparatus | |
EP3206329B1 (en) | Security check method, device, terminal and server | |
US9092599B1 (en) | Managing knowledge-based authentication systems | |
US20180176206A1 (en) | Dynamic Data Protection System | |
CN102185871A (en) | Method and equipment for processing messages | |
CN101741558A (en) | Method for realizing uniform identity authentication | |
CN103473489A (en) | Permission validation system and permission validation method for safety production comprehensive supervision | |
CN108156175A (en) | To the access method of shared storage information under cloud computing platform | |
CN102868702A (en) | System login device and system login method | |
CN102833247A (en) | Method for anti-sweeping ciphers in user login system and device thereof | |
EP2926527B1 (en) | Virtual smartcard authentication | |
CN112861084A (en) | Service processing method, device, equipment and computer readable storage medium | |
US20180176197A1 (en) | Dynamic Data Protection System | |
US10158623B2 (en) | Data theft deterrence | |
US20190052632A1 (en) | Authentication system, method and non-transitory computer-readable storage medium | |
CN105187417A (en) | Authority obtaining method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190927 |