CN110290150A - A kind of login validation method and login authentication device of Virtual Private Network VPN - Google Patents

A kind of login validation method and login authentication device of Virtual Private Network VPN Download PDF

Info

Publication number
CN110290150A
CN110290150A CN201910646652.5A CN201910646652A CN110290150A CN 110290150 A CN110290150 A CN 110290150A CN 201910646652 A CN201910646652 A CN 201910646652A CN 110290150 A CN110290150 A CN 110290150A
Authority
CN
China
Prior art keywords
target user
log
identification information
password
vpn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910646652.5A
Other languages
Chinese (zh)
Inventor
秦健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Miaozhen Information Technology Co Ltd
Miaozhen Systems Information Technology Co Ltd
Original Assignee
Miaozhen Systems Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Miaozhen Systems Information Technology Co Ltd filed Critical Miaozhen Systems Information Technology Co Ltd
Priority to CN201910646652.5A priority Critical patent/CN110290150A/en
Publication of CN110290150A publication Critical patent/CN110290150A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application provides the login validation method of Virtual Private Network VPN a kind of and login authentication devices, the login validation method, after determining that target user belongs to enterprise customer according to the password request for receiving target user's transmission, by the identification information of target user and the dynamic log cryptographic association got, and dynamic log password is handed down to target user, when the log-on message for the target user for receiving vpn server forwarding, based on log-on message, identification information and dynamic log password, determine that target user has the permission for logging in the VPN and identification information and dynamic log password match in log-on message, and then determine the success of target user's logging in VPN.In this way, will obtain new login password in real time in user's logging in VPN each time by association user and dynamic log password, improve the safety of user account logging in VPN.

Description

A kind of login validation method and login authentication device of Virtual Private Network VPN
Technical field
This application involves Virtual Private Network login techniques field, the login more particularly, to a kind of Virtual Private Network is tested Card method and login authentication device.
Background technique
Virtual Private Network VPN (Virtual Private Network) is a kind of privately owned specially using public network Facilities Construction Line network technology.For some large enterprises, often possess multiple branches in multiple areas, these mechanisms and general headquarters it Between connection shared data need using VPN, when using VPN, need to verify user identity, to guarantee to look forward in VPN The safety of industry information.
At this stage, in user's logging in VPN, common login mode is account verification login, needs to create in VPN in advance Build with the matched account of user, and the unique password of user bound setting, when logging in, user inputs account and password and carries out Authority Verification.But when user password is lost, according to user password and account, anyone can logging in VPN, easily make At the leakage of company information.
Summary of the invention
In view of this, a kind of login validation method for being designed to provide Virtual Private Network VPN of the application and login Device is verified, a dynamic login password can be distributed to user, for logging in after enterprise's backstage confirmation user identity VPN detects user identity information and dynamic in the log-on message after the log-on message for receiving vpn server forwarding Whether login password matches and detects whether the target user has the permission for logging in the VPN, if the target user has Logon rights and user identity information and dynamic log password match then confirm that target user can be with logging in VPN.In this way, passing through Association user and dynamic log password will obtain new login password in real time, improve user in logging in VPN each time The safety of account logging in VPN.
The embodiment of the present application provides the login validation method of Virtual Private Network VPN a kind of, the login validation method Include:
When receiving the password request of target user's transmission, verify whether the target user belongs to enterprise customer;
When determining that the target user belongs to enterprise customer, by the identification information of the target user with get Dynamic log cryptographic association, and the dynamic log password is handed down to the target user;
When receiving the log-on message of the target user of vpn server forwarding, based on the log-on message, described Identification information and the dynamic log password, detect whether the target user has the permission for logging in the VPN, and It detects the identification information in the log-on message and whether the dynamic log password matches;
If identification information and the dynamic log password match in the log-on message, and the target user With the permission for logging in the VPN, determine that the target user logs in the VPN success.
Further, described when receiving the password request of target user's transmission, verify whether the target user belongs to In enterprise customer, comprising:
Obtain the identification information of the target user and the enterprise customer's identity being stored in background server Information collection;
Whether the identification information for detecting the target user appoints with what enterprise customer's identification information was concentrated The matching of one enterprise customer's identification information;
If any user identity mark in the identification information of the target user and the User Identity information Know information matches, determines that the target user belongs to enterprise customer.
Further, institute is based on when receiving the log-on message of the target user of vpn server forwarding described Log-on message, the identification information and the dynamic log password are stated, detects whether the target user has login institute Whether the identification information and the dynamic log password stated in the permission of VPN, and the detection log-on message match it Before, the login validation method further include:
The time that issues that the dynamic log password is handed down to the target user is obtained, and receives the target The receiving time when log-on message of user;
It detects the receiving time and whether the time difference issued between the time is greater than preset threshold;
If the time difference is greater than preset threshold, the identity of the dynamic log password and the target user is released The association of information.
Further, the login validation method detects the identity letter in the log-on message in the following manner Whether breath and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;
Determine the identification information of the target user associated with the dynamic log password;
If the identification information in the log-on message is consistent with the identification information of the target user, institute is determined State the identification information in log-on message and the dynamic log password match.
Further, if identification information and dynamic log password in the log-on message of the target user It matches and the target user has the permission for logging in the VPN, after determining that the target user logs in the VPN success, The login validation method further include:
Cancel the association between the dynamic log password and the identification information of the target user.
The embodiment of the present application also provides the login authentication device of Virtual Private Network VPN a kind of, the login authentication dress It sets and includes:
Authentication module, for verifying whether the target user belongs to when receiving the password request of target user's transmission In enterprise customer;
Processing module, for when the authentication module determines that the target user belongs to enterprise customer, by the target The identification information of user and the dynamic log cryptographic association got, and the dynamic log password is handed down to the mesh Mark user;
First detection module, for being based on when receiving the log-on message of the target user of vpn server forwarding The log-on message, the identification information and the dynamic log password, detect whether the target user has login institute Whether the identification information and the dynamic log password stated in the permission of VPN, and the detection log-on message match;
Determining module, if in the log-on message identification information and the dynamic log password match, and And the target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Further, the authentication module includes:
First acquisition unit, for obtaining the identification information of the target user and being stored in background server Enterprise customer's identification information collection;
First detection unit, for detect the target user identification information whether with enterprise customer's identity Any enterprise customer's identification information matching that identification information is concentrated;
First determination unit, if in the identification information and the User Identity information of the target user Any user identification information matching, determine that the target user belongs to enterprise customer.
Further, the login authentication device further include:
Module is obtained, for obtaining the time that issues that the dynamic log password is handed down to the target user, and Receive the receiving time when log-on message of the target user;
Second detection module, for for detecting the receiving time and described issue between the time that the acquisition module obtains Time difference whether be greater than preset threshold;
Module is released, if being greater than preset threshold for the time difference, releases the dynamic log password and the target The association of the identification information of user.
Further, the login authentication device detects the identity letter in the log-on message in the following manner Whether breath and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;
Determine the identification information of the target user associated with the dynamic log password;
If the identification information in the log-on message is consistent with the identification information of the target user, institute is determined State the identification information in log-on message and the dynamic log password match.
Further, the login authentication device, further includes:
Cancel module, for cancelling the pass between the dynamic log password and the identification information of the target user Connection.
The embodiment of the present application also provides a kind of electronic equipment, comprising: processor, memory and bus, the memory are deposited Contain the executable machine readable instructions of the processor, when electronic equipment operation, the processor and the memory it Between such as above-mentioned Virtual Private Network VPN is executed by bus communication, when the machine readable instructions are executed by the processor Login validation method the step of.
The embodiment of the present application also provides a kind of computer readable storage medium, is stored on the computer readable storage medium Computer program executes the login authentication side such as above-mentioned Virtual Private Network VPN when the computer program is run by processor The step of method.
The login validation method and login authentication device of Virtual Private Network VPN provided by the embodiments of the present application, Ke Yi After enterprise's backstage confirmation user identity, a dynamic login password is distributed to user, is used for logging in VPN, is receiving VPN clothes It is engaged in after the log-on message of device forwarding, detects whether user identity information and dynamic log password in the log-on message match simultaneously And whether the detection target user has the permission for logging in the VPN, if the target user has logon rights and user identifier Information and dynamic log password match then confirm that target user can be with logging in VPN.In this way, passing through association user and dynamic log Password will obtain new login password in real time, improve the peace of user account logging in VPN in user's logging in VPN each time Quan Xing.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the system architecture diagram under a kind of possible application scenarios;
Fig. 2 is a kind of flow chart of the login validation method of Virtual Private Network VPN provided by the embodiment of the present application;
Fig. 3 is the flow chart of the login validation method of another kind Virtual Private Network VPN provided by the embodiment of the present application;
Fig. 4 is a kind of structural representation of the login authentication device of Virtual Private Network VPN provided by the embodiment of the present application Figure;
Fig. 5 is that the structure of the login authentication device of another kind Virtual Private Network VPN provided by the embodiment of the present application is shown It is intended to;
Fig. 6 is the structural schematic diagram of authentication module shown in Fig. 4;
Fig. 7 is the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application Middle attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only It is some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the application's provided in the accompanying drawings The detailed description of embodiment is not intended to limit claimed scope of the present application, but is merely representative of the selected reality of the application Apply example.Based on embodiments herein, those skilled in the art are obtained every without making creative work A other embodiments, shall fall in the protection scope of this application.
Firstly, the application application scenarios applicatory are introduced.The application can be applied to Virtual Private Network VPN and step on Technical field is recorded, a dynamic login password can be distributed to user, for logging in after enterprise's backstage confirmation user identity VPN detects user identity information and dynamic in the log-on message after the log-on message for receiving vpn server forwarding Whether login password matches and detects whether the target user has the permission for logging in the VPN, if the target user has Logon rights and user identity information and dynamic log password match then confirm that target user can be with logging in VPN.In this way, passing through Association user and dynamic log password will obtain new login password in real time, improve user in logging in VPN each time The safety of account logging in VPN.Referring to Fig. 1, Fig. 1 is a kind of system construction drawing under the application scenarios.Institute as shown in figure 1 Show, the system comprises user terminal, background server and vpn server, the background server are receiving user terminal transmission Password request when, whether the user that verifying sends the password request belongs to enterprise customer, if the user belongs to enterprise's use Family turns the identification information of the user and the dynamic log cryptographic association got when receiving the vpn server Whether the log-on message of the user of hair, identification information and the dynamic log password detected in the log-on message match, if The identification information and dynamic log password match, it is determined that the success of user's logging in VPN.
It has been investigated that at this stage, in user's logging in VPN, common login mode is account verification login, need to mention The preceding creation in VPN and the matched account of user, and the unique password of user bound setting, when logging in, user inputs account Family and password carry out Authority Verification.But when user password is lost, according to user password and account, anyone can be stepped on VPN is recorded, the leakage of company information is easily caused.
Based on this, a kind of login validation method for being designed to provide Virtual Private Network VPN of the application can looked forward to After industry backstage confirmation user identity, a dynamic login password is distributed to user, is used for logging in VPN, is receiving VPN service Device forwarding log-on message after, detect user identity information and dynamic log password in the log-on message whether match and Detect whether the target user has the permission for logging in the VPN, if the target user there are logon rights and user identifier is believed Breath and dynamic log password match, then confirm that target user can be with logging in VPN.In this way, close by association user and dynamic log Code, in user's logging in VPN each time, will obtain new login password in real time, improve the safety of user account logging in VPN Property.
Referring to Fig. 2, Fig. 2 is a kind of login validation method of Virtual Private Network VPN provided by the embodiment of the present application Flow chart.The login validation method of the embodiment of the present application offer Virtual Private Network VPN, comprising:
Step 201, when receive target user transmission password request when, verify whether the target user belongs to enterprise User.
In the step, when receiving the password request that user terminal is sent, background server is stored according in database Enterprise staff information, judge user terminal target user whether be enterprise employee.
Here, the employee information that target user stores in enterprise can be the employee number of employee, be also possible to looking forward to In industry framework, the ID number of employee in the communication software of enterprises, the communication software of enterprises may include wechat enterprise, nail Nail etc..
By the unique identity of the enterprises employee recorded in enterprise, the use can be rapidly and accurately judged Whether family is the internal staff for belonging to enterprise.
Step 202, when determining that the target user belongs to enterprise customer, by the identification information of the target user With the dynamic log cryptographic association got, and the dynamic log password is handed down to the target user.
In the step, when confirming the target user is enterprise staff, by the identification information of target user and with Machine distributes to the dynamic log cryptographic association of the target user, and the dynamic log password of the target user is sent to mesh Mark user.
Wherein, the dynamic log password can be pre-defined on enterprise backstage and be stored in enterprise backstage, can also Being randomly generated in the password request for receiving user.Determining the corresponding dynamic log password of the target user Afterwards, enterprise backstage is stored in by the identification information of target user and dynamic log password are corresponding, and the dynamic is stepped on Record password is sent to user.
Here, the login side when mode for dynamic log password being sent to user and user are to enterprise's background request password Formula is related.For example, dynamic log password can be with if target user is to log in backstage by enterprise's backstage login page It is shown on enterprise's backstage login page;Or enterprise backstage is obtained according to the identification information of target user on enterprise backstage Information of target user, such as user mobile phone number, mailbox password etc. are taken, the dynamic log password is passed through into user or enterprise Mailbox is sent to user.
Step 203, when receive vpn server forwarding the target user log-on message when, be based on the login Information, the identification information and the dynamic log password, detect whether the target user has the login VPN's Whether identification information and the dynamic log password in permission, and the detection log-on message match.
In the step, when enterprise backstage receives the log-on message of the target user of vpn server transmission, according to login Information examines the identity mark of the identification information and dynamic log password match relationship and enterprise's backstage storage in log-on message Know information and whether the matching relationship of the dynamic log password is consistent, while detecting the corresponding target of the identification information Whether user has the permission of logging in VPN.
Here, for enterprise VPN, employee be although enterprises employee, also have obtain dynamic log password Permission, but for enterprise operation consider, some employees are the permissions for being not logged on enterprise VPN, in order to further protect The information security for demonstrate,proving enterprise will also verify target user itself and log in when verifying the account and password match of user's logging in VPN The permission of VPN.
If step 204, the identification information in the log-on message and the dynamic log password match, and it is described Target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Identification information and dynamic log password match and determination in the step, in the log-on message of target user Target user has the permission for logging in the VPN, determines that the user can log according to the account of oneself and current dynamic password VPN。
The login validation method of Virtual Private Network VPN provided by the embodiments of the present application is sent when receiving target user Password request when, verify whether the target user belongs to enterprise customer;When determining that the target user belongs to enterprise customer When, by the identification information of the target user and the dynamic log cryptographic association that gets, and the dynamic log is close Code is handed down to the target user;When receiving the log-on message of the target user of vpn server forwarding, based on described Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;If institute The identification information in log-on message and the dynamic log password match are stated, and the target user has described in login The permission of VPN determines that the target user logs in the VPN success.
In this way, a dynamic login password is distributed to user, for stepping on by after enterprise's backstage confirmation user identity VPN is recorded, after the log-on message for receiving vpn server forwarding, user identity information in the log-on message is detected and moves Whether state login password matches and detects whether the target user has the permission for logging in the VPN, if the target user There are logon rights and user identity information and dynamic log password match, then confirms that target user can be with logging in VPN.Pass through association User and dynamic log password will obtain new login password in real time, improve user in user's logging in VPN each time The safety of account logging in VPN.
Referring to Fig. 3, Fig. 3 provides the login validation method of Virtual Private Network VPN a kind of for another embodiment of the application Flow chart.As shown in Figure 3, the login validation method of a kind of Virtual Private Network VPN provided by the embodiments of the present application, packet It includes:
Step 301, when receive target user transmission password request when, verify whether the target user belongs to enterprise User.
Step 302, when determining that the target user belongs to enterprise customer, by the identification information of the target user With the dynamic log cryptographic association got, and the dynamic log password is handed down to the target user.
Step 303, when receive vpn server forwarding the target user log-on message when, be based on the login Information, the identification information and the dynamic log password, detect whether the target user has the login VPN's Whether identification information and the dynamic log password in permission, and the detection log-on message match.
If step 304, the identification information in the log-on message and the dynamic log password match, and it is described Target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Association between step 305, the cancellation dynamic log password and the identification information of the target user.
In the step, confirmation target user's logging in VPN success after, enterprise's background server release dynamic log password and The association of the identification information of the target user is being logged in identification information having the same, that is, same target user When VPN, it is necessary to reacquire dynamic log identifying code, be further ensured that specificity and the safety of VPN.
Wherein, the description of step 301 to step 304 is referred to the description of step 201 to step 204, and can reach Identical technical effect does not repeat them here this.
Further, step 301 further include:
Obtain the identification information of the target user and the enterprise customer's identity being stored in background server Information collection;Detect any whether identification information of the target user is concentrated with enterprise customer's identification information The matching of enterprise customer's identification information;If in the identification information of the target user and the User Identity information Any user identification information matching, determine that the target user belongs to enterprise customer.
In the step, for an enterprise, all employees for belonging to this enterprise have to one's name on enterprise backstage Identity, these identity are stored in enterprise's background server, when receiving the password request of target user, obtain The identification information of target user, by the User Identity information pair of the identification information of target user and backstage storage Than if any user identification information matching in the identification information of target user and backstage storage, determines institute It states target user and belongs to enterprise customer, which has the permission for obtaining VPN dynamic log password.
Wherein, the identification information of user can be target user enterprise of WeChat ID or target user in enterprise Mailbox number etc..
Further, before step 303, the login validation method further include:
The time that issues that the dynamic log password is handed down to the target user is obtained, and receives the target The receiving time when log-on message of user;It detects the receiving time and whether the time difference issued between the time is greater than Preset threshold;If the time difference is greater than preset threshold, the dynamic log password and the identity mark of the target user are released Know the association of information.
In the step, enterprise's background server obtains sending out in dynamic log password according to the temporal information in data record Receiving time when giving the time of target user, and receiving the log-on message of the target user, wherein target user Password request more than once may be had sent whithin a period of time, the time of user's dynamic log password is handed down to, with last Once it is handed down to subject to the time of target user.It calculates receiving time when receiving the log-on message of the target user and incites somebody to action Dynamic log password is sent to the difference between the time of target user, with this get user using dynamic log password when Between, time and preset threshold of the comparing calculation user using dynamic log password, receive the target user's if detecting Receiving time when log-on message and dynamic log password is sent to the difference between the time of target user it is greater than default threshold When value, i.e. user is after receiving dynamic log password, for a long time without utilizing dynamic password logging in VPN, then for this For a user, the dynamic log password specifically obtained is no longer valid, will release dynamic log password and described on enterprise backstage The association of the identification information of target user.When user is after dynamic password fails, recycling dynamic password carries out VPN login When, the identification information with the associated target user of the dynamic password, user's logging in VPN failure will be can not find.
Here, dynamic log password has timeliness, once preset time has been crossed, the failure of dynamic log password, i.e., After user obtains dynamic log password for a period of time, VPN login is carried out without using dynamic log password, when having crossed default Between after, user will be unable to that the peace of dynamic log password login VPN is effectively guaranteed using dynamic log password login VPN Quan Xing.
Wherein, the preset threshold is the threshold value being arranged after comprehensively considering external influence factor, for example, user obtains The bearing capacity etc. of VPN when the network delay and logging in VPN of dynamic log password.It can set the threshold value to 2 hours.
Further, the login validation method detects the identity letter in the log-on message in the following manner Whether breath and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;Really The identification information of the fixed target user associated with the dynamic log password;If the identity in the log-on message Identification information is consistent with the identification information of the target user, determines the identification information in the log-on message and institute State dynamic log password match.
In the step, in the log-on message that vpn server is sent, the login user of the user comprising wanting logging in VPN instantly Identification information and login dynamic log password.Login user identification information is received on enterprise backstage and logs in dynamic After login password, backstage is gone to look for according to login user identification information corresponding with the login user identification information User Identity information includes two kinds of situations in the judgement for login user identification information, and one is after enterprise No and the matched User Identity information of login user identification information, such case may be considered in platform server It is the mistake that user inputs account, a miscue can be fed back in vpn server, user is reminded to re-enter account;Separately A kind of situation be found in enterprise's background server with the matched User Identity information of login user identification information, According to the matched User Identity information of login user identification information, enterprise backstage also whether to judge the user There is the permission of logging in VPN, while the logon rights for determining user, according to the determination of User Identity information and the user The associated dynamic log password of identification information, and after detecting login dynamic log password and enterprise in the log-on message Whether the dynamic log password in platform matches, only when the login dynamic log password and the dynamic log password are identical simultaneously And whether the target user when having the permission for logging in the VPN, user can just succeed logging in VPN.
The login validation method of Virtual Private Network VPN provided by the embodiments of the present application is sent when receiving target user Password request when, verify whether the target user belongs to enterprise customer;When determining that the target user belongs to enterprise customer When, by the identification information of the target user and the dynamic log cryptographic association that gets, and the dynamic log is close Code is handed down to the target user;When receiving the log-on message of the target user of vpn server forwarding, based on described Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;If institute The identification information in log-on message and the dynamic log password match are stated, and the target user has described in login The permission of VPN determines that the target user logs in the VPN success;Cancel the dynamic log password and the target user Identification information between association.
In this way, a dynamic login password is distributed to user, for stepping on by after enterprise's backstage confirmation user identity VPN is recorded, after the log-on message for receiving vpn server forwarding, user identity information in the log-on message is detected and moves Whether state login password matches and detects whether the target user has the permission for logging in the VPN, if the target user There are logon rights and user identity information and dynamic log password match, then confirms that target user can be with logging in VPN, and confirm After the success of user's logging in VPN, cancel the association of dynamic log password and the identification information of target user on backstage.Pass through Association user and dynamic log password will obtain new login password, and want in user's logging in VPN each time in real time The logging in VPN within the effective time of dynamic log password improves the safety of user account logging in VPN.
Fig. 4 to fig. 6 is please referred to, Fig. 4 is a kind of login authentication of Virtual Private Network VPN provided by the embodiment of the present application The structural schematic diagram of device, Fig. 5 are the login authentication device of another kind Virtual Private Network VPN provided by the embodiment of the present application Structural schematic diagram, Fig. 6 be Fig. 4 shown in authentication module structural schematic diagram.As shown in Figure 4, the login authentication dress Setting 400 includes:
Authentication module 410, for whether verifying the target user when receiving the password request of target user's transmission Belong to enterprise customer.
Processing module 420, for when the authentication module 410 determines that the target user belongs to enterprise customer, by institute The identification information of target user and the dynamic log cryptographic association got are stated, and the dynamic log password is handed down to The target user.
First detection module 430, for when receive vpn server forwarding the target user log-on message when, Based on the log-on message, the identification information and the dynamic log password, detect whether the target user has Log in the permission of the VPN, and identification information in the detection log-on message and the dynamic log password whether Matching.
Determining module 440, if in the log-on message identification information and the dynamic log password match, And the target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
Further, as shown in figure 5, the login authentication device 400, further includes:
Module 450 is obtained, issues the time for what the dynamic log password was handed down to the target user for obtaining, with And receiving time when receiving the log-on message of the target user.
Second detection module 460, for detect it is described acquisition module 450 obtain receiving time and it is described issue the time it Between time difference whether be greater than preset threshold.
Module 470 is released, if being greater than preset threshold for the time difference, releases the dynamic log password and the mesh Mark the association of the identification information of user.
Cancel module 480, for cancelling between the dynamic log password and the identification information of the target user Association.
Further, as shown in fig. 6, the authentication module 410 includes:
First acquisition unit 411, for obtaining the identification information of the target user and being stored in background server In enterprise customer's identification information collection.
First detection unit 412, for detect the target user identification information whether with the enterprise customer Any enterprise customer's identification information matching that identification information is concentrated.
First determination unit 413, if believing for the identification information of the target user and the User Identity Any user identification information matching in breath, determines that the target user belongs to enterprise customer.
Further, the login authentication device 400, detects the identity in the log-on message in the following manner Whether information and the dynamic log password match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;Really The identification information of the fixed target user associated with the dynamic log password;If the identity in the log-on message Identification information is consistent with the identification information of the target user, determines the identification information in the log-on message and institute State dynamic log password match.
The login authentication device of Virtual Private Network VPN provided by the embodiments of the present application is sent when receiving target user Password request when, verify whether the target user belongs to enterprise customer;When determining that the target user belongs to enterprise customer When, by the identification information of the target user and the dynamic log cryptographic association that gets, and the dynamic log is close Code is handed down to the target user;When receiving the log-on message of the target user of vpn server forwarding, based on described Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;If institute The identification information in log-on message and the dynamic log password match are stated, and the target user has described in login The permission of VPN determines that the target user logs in the VPN success.
In this way, a dynamic login password is distributed to user, for stepping on by after enterprise's backstage confirmation user identity VPN is recorded, after the log-on message for receiving vpn server forwarding, user identity information in the log-on message is detected and moves Whether state login password matches and detects whether the target user has the permission for logging in the VPN, if the target user There are logon rights and user identity information and dynamic log password match, then confirms that target user can be with logging in VPN.Pass through association User and dynamic log password will obtain new login password in real time, improve user in user's logging in VPN each time The safety of account logging in VPN.
Referring to Fig. 7, Fig. 7 is the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present application.Such as institute in Fig. 7 Show, the electronic equipment 700 includes processor 710, memory 720 and bus 730.
The memory 720 is stored with the executable machine readable instructions of the processor 710, when electronic equipment 700 is transported When row, communicated between the processor 710 and the memory 720 by bus 730, the machine readable instructions are by the place When managing the execution of device 710, the login of the Virtual Private Network VPN in the embodiment of the method as shown in above-mentioned Fig. 2 and Fig. 3 can be executed The step of verification method, specific implementation can be found in embodiment of the method, and details are not described herein.
The embodiment of the present application also provides a kind of computer readable storage medium, is stored on the computer readable storage medium Computer program can execute in the embodiment of the method as shown in above-mentioned Fig. 2 and Fig. 3 when the computer program is run by processor Virtual Private Network VPN login validation method the step of, specific implementation can be found in embodiment of the method, no longer superfluous herein It states.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, the application Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words The form of product embodies, which is stored in a storage medium, including some instructions use so that One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the application State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random AccessMemory, RAM), magnetic or disk etc. is various to deposit Store up the medium of program code.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen It please be described in detail, those skilled in the art should understand that: anyone skilled in the art Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution, should all cover the protection in the application Within the scope of.Therefore, the protection scope of the application should be subject to the protection scope in claims.

Claims (10)

1. a kind of login validation method of Virtual Private Network VPN, which is characterized in that the login validation method includes:
When receiving the password request of target user's transmission, verify whether the target user belongs to enterprise customer;
When determining that the target user belongs to enterprise customer, the identification information of the target user is moved with what is got The association of state login password, and the dynamic log password is handed down to the target user;
When receiving the log-on message of the target user of vpn server forwarding, it is based on the log-on message, the identity Identification information and the dynamic log password, detect whether the target user has the permission for logging in the VPN, and detection Whether identification information and the dynamic log password in the log-on message match;
If identification information and the dynamic log password match in the log-on message, and the target user has The permission for logging in the VPN determines that the target user logs in the VPN success.
2. login validation method according to claim 1, which is characterized in that described to receive the close of target user's transmission When code request, verify whether the target user belongs to enterprise customer, comprising:
Obtain the identification information of the target user and the enterprise customer's identification information being stored in background server Collection;
Detect any the enterprise whether identification information of the target user is concentrated with enterprise customer's identification information Industry User Identity information matches;
If any user identity in the identification information of the target user and the User Identity information is believed Breath matching, determines that the target user belongs to enterprise customer.
3. login validation method according to claim 1, which is characterized in that vpn server forwarding ought be received described The target user log-on message when, based on the log-on message, the identification information and the dynamic log it is close Code, detects whether the target user has the permission for logging in the VPN, and detects the identity in the log-on message Before whether information and the dynamic log password match, the login validation method further include:
The time that issues that the dynamic log password is handed down to the target user is obtained, and receives the target user Log-on message when receiving time;
It detects the receiving time and whether the time difference issued between the time is greater than preset threshold;
If the time difference is greater than preset threshold, the identification information of the dynamic log password and the target user is released Association.
4. login validation method according to claim 1, which is characterized in that detect the log-on message in the following manner In identification information and the dynamic log password whether match:
Obtain the dynamic log password in the identification information and the log-on message in the log-on message;
Determine the identification information of the target user associated with the dynamic log password;
If the identification information in the log-on message is consistent with the identification information of the target user, stepped on described in determination Record the identification information in information and the dynamic log password match.
5. if the method according to claim 1, wherein body in the log-on message of the target user Part identification information and dynamic log password match and the target user has the permission for logging in the VPN, determine the target After user logs in the VPN success, the login validation method further include:
Cancel the association between the dynamic log password and the identification information of the target user.
6. a kind of login authentication device of Virtual Private Network VPN, which is characterized in that the login authentication device includes:
Authentication module, for verifying whether the target user belongs to enterprise when receiving the password request of target user's transmission Industry user;
Processing module, for when the authentication module determines that the target user belongs to enterprise customer, by the target user Identification information and the dynamic log cryptographic association that gets, and the dynamic log password is handed down to the target and is used Family;
First detection module, for being based on described when receiving the log-on message of the target user of vpn server forwarding Log-on message, the identification information and the dynamic log password, detect whether the target user has described in login Whether identification information and the dynamic log password in the permission of VPN, and the detection log-on message match;
Determining module, if in the log-on message identification information and the dynamic log password match, and institute Stating target user has the permission for logging in the VPN, determines that the target user logs in the VPN success.
7. login authentication device according to claim 6, which is characterized in that the authentication module includes:
First acquisition unit, for obtaining the identification information of the target user and the enterprise being stored in background server User Identity information collection;
First detection unit, for detect the target user identification information whether with enterprise customer's identity Any enterprise customer's identification information matching that information is concentrated;
First determination unit, if for appointing in the identification information and the User Identity information of the target user One User Identity information matches determine that the target user belongs to enterprise customer.
8. login authentication device according to claim 6, which is characterized in that the login authentication device further include:
Module is obtained, for obtaining the time that issues that the dynamic log password is handed down to the target user, and reception To the target user log-on message when receiving time;
Second detection module, for detecting the receiving time and the time difference issued between the time that the acquisition module obtains Whether preset threshold is greater than;
Module is released, if being greater than preset threshold for the time difference, releases the dynamic log password and the target user Identification information association.
9. a kind of electronic equipment characterized by comprising processor, memory and bus, the memory are stored with the place The executable machine readable instructions of device are managed, when electronic equipment operation, by described between the processor and the memory Bus communication is executed virtual as described in any in claim 1 to 5 when the machine readable instructions are executed by the processor The step of login validation method of dedicated network VPN.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program executes the Virtual Private Network as described in any in claim 1 to 5 when the computer program is run by processor The step of login validation method of VPN.
CN201910646652.5A 2019-07-17 2019-07-17 A kind of login validation method and login authentication device of Virtual Private Network VPN Pending CN110290150A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910646652.5A CN110290150A (en) 2019-07-17 2019-07-17 A kind of login validation method and login authentication device of Virtual Private Network VPN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910646652.5A CN110290150A (en) 2019-07-17 2019-07-17 A kind of login validation method and login authentication device of Virtual Private Network VPN

Publications (1)

Publication Number Publication Date
CN110290150A true CN110290150A (en) 2019-09-27

Family

ID=68023208

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910646652.5A Pending CN110290150A (en) 2019-07-17 2019-07-17 A kind of login validation method and login authentication device of Virtual Private Network VPN

Country Status (1)

Country Link
CN (1) CN110290150A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111148056A (en) * 2020-04-03 2020-05-12 南京华智达网络技术有限公司 Operable network configuration method and system
CN111710422A (en) * 2020-06-04 2020-09-25 四川虹微技术有限公司 Identification code determination method and device, electronic equipment and readable storage medium
CN112019571B (en) * 2020-10-22 2021-01-15 锱云(上海)物联网科技有限公司 VPN connection implementation method and system
CN113254900A (en) * 2021-05-26 2021-08-13 中国电子信息产业集团有限公司第六研究所 Data management method, device and system, electronic equipment and storage medium
CN113572784A (en) * 2021-08-04 2021-10-29 神州数码系统集成服务有限公司 VPN user identity authentication method and device
CN114257455A (en) * 2021-12-28 2022-03-29 北京爱学习博乐教育科技有限公司 Method and system for connecting enterprise VPN by using dynamic password
CN114401120A (en) * 2021-12-27 2022-04-26 中国电信股份有限公司 Object tracing method and related device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1946022A (en) * 2006-10-31 2007-04-11 华为技术有限公司 Method and system for switching third party landing and third party network and service server
CN104079409A (en) * 2014-06-10 2014-10-01 百度在线网络技术(北京)有限公司 Account login method and device
CN107566396A (en) * 2017-09-28 2018-01-09 郑州云海信息技术有限公司 A kind of method based on dynamic password enhancing server VPN protocol securitys
CN107888592A (en) * 2017-11-13 2018-04-06 杭州迪普科技股份有限公司 A kind of VPN login authentication methods and device
CN108111518A (en) * 2017-12-28 2018-06-01 北京天诚安信科技股份有限公司 A kind of single-point logging method and system based on security password proxy server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1946022A (en) * 2006-10-31 2007-04-11 华为技术有限公司 Method and system for switching third party landing and third party network and service server
CN104079409A (en) * 2014-06-10 2014-10-01 百度在线网络技术(北京)有限公司 Account login method and device
CN107566396A (en) * 2017-09-28 2018-01-09 郑州云海信息技术有限公司 A kind of method based on dynamic password enhancing server VPN protocol securitys
CN107888592A (en) * 2017-11-13 2018-04-06 杭州迪普科技股份有限公司 A kind of VPN login authentication methods and device
CN108111518A (en) * 2017-12-28 2018-06-01 北京天诚安信科技股份有限公司 A kind of single-point logging method and system based on security password proxy server

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111148056A (en) * 2020-04-03 2020-05-12 南京华智达网络技术有限公司 Operable network configuration method and system
CN111710422A (en) * 2020-06-04 2020-09-25 四川虹微技术有限公司 Identification code determination method and device, electronic equipment and readable storage medium
CN111710422B (en) * 2020-06-04 2024-01-26 四川虹微技术有限公司 Identification code determining method and device, electronic equipment and readable storage medium
CN112019571B (en) * 2020-10-22 2021-01-15 锱云(上海)物联网科技有限公司 VPN connection implementation method and system
CN113254900A (en) * 2021-05-26 2021-08-13 中国电子信息产业集团有限公司第六研究所 Data management method, device and system, electronic equipment and storage medium
CN113572784A (en) * 2021-08-04 2021-10-29 神州数码系统集成服务有限公司 VPN user identity authentication method and device
CN114401120A (en) * 2021-12-27 2022-04-26 中国电信股份有限公司 Object tracing method and related device
CN114257455A (en) * 2021-12-28 2022-03-29 北京爱学习博乐教育科技有限公司 Method and system for connecting enterprise VPN by using dynamic password

Similar Documents

Publication Publication Date Title
CN110290150A (en) A kind of login validation method and login authentication device of Virtual Private Network VPN
CN110912938B (en) Access verification method and device for network access terminal, storage medium and electronic equipment
KR102193644B1 (en) Facility verification method and device
CN108111473B (en) Unified management method, device and system for hybrid cloud
US8856892B2 (en) Interactive authentication
CN104735065B (en) A kind of data processing method, electronic equipment and server
CN104320389B (en) A kind of fusion identity protection system and method based on cloud computing
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
CN112000744B (en) Signature method and related equipment
WO2016062204A1 (en) Trusted terminal verification method and apparatus
EP3206329B1 (en) Security check method, device, terminal and server
US9092599B1 (en) Managing knowledge-based authentication systems
US20180176206A1 (en) Dynamic Data Protection System
CN102185871A (en) Method and equipment for processing messages
CN101741558A (en) Method for realizing uniform identity authentication
CN103473489A (en) Permission validation system and permission validation method for safety production comprehensive supervision
CN108156175A (en) To the access method of shared storage information under cloud computing platform
CN102868702A (en) System login device and system login method
CN102833247A (en) Method for anti-sweeping ciphers in user login system and device thereof
EP2926527B1 (en) Virtual smartcard authentication
CN112861084A (en) Service processing method, device, equipment and computer readable storage medium
US20180176197A1 (en) Dynamic Data Protection System
US10158623B2 (en) Data theft deterrence
US20190052632A1 (en) Authentication system, method and non-transitory computer-readable storage medium
CN105187417A (en) Authority obtaining method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190927