CN111212027A - Network security verification method and device based on enterprise browser - Google Patents

Network security verification method and device based on enterprise browser Download PDF

Info

Publication number
CN111212027A
CN111212027A CN201911205528.1A CN201911205528A CN111212027A CN 111212027 A CN111212027 A CN 111212027A CN 201911205528 A CN201911205528 A CN 201911205528A CN 111212027 A CN111212027 A CN 111212027A
Authority
CN
China
Prior art keywords
strategy
enterprise browser
access authority
user
enterprise
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911205528.1A
Other languages
Chinese (zh)
Inventor
陈本峰
杨鑫冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Clouddeep Internet Beijing Technology Co ltd
Original Assignee
Clouddeep Internet Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Clouddeep Internet Beijing Technology Co ltd filed Critical Clouddeep Internet Beijing Technology Co ltd
Priority to CN201911205528.1A priority Critical patent/CN111212027A/en
Publication of CN111212027A publication Critical patent/CN111212027A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a network security verification method and a device based on an enterprise browser, wherein the method comprises the following steps: generating corresponding strategy IDs respectively according to the difference of the access authority range information in advance, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges; acquiring an HTTP request data packet sent by a user based on an enterprise browser, and extracting a target strategy ID; and traversing the access authority list by using the target strategy ID for matching verification, if the matching verification is passed, determining the access authority range of the user according to the target strategy ID, and returning corresponding response content to the enterprise browser based on the access authority range. By adopting the method, the access authority of the user can be determined by verifying the strategy ID in the HTTP request data packet, the exposed surface of the service system is reduced, and the security of accessing the service system data based on the enterprise browser is improved.

Description

Network security verification method and device based on enterprise browser
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a network security verification method and device based on an enterprise browser, and further relates to electronic equipment and a computer readable storage medium.
Background
In recent years, with the continuous development of network technology, managing enterprise internal business system data based on enterprise browser operation has become an effective way to improve work efficiency. Therefore, providing a secure and efficient enterprise browser system for an enterprise has become an important point of development in the art. The enterprise browser system may generally include a client (i.e., a front-end enterprise browser), a backend server, an internal business system, a provisioning gateway, and the like. The front-end enterprise browser is an important means for realizing intelligent management of future enterprises, is generally compatible with a Chrome kernel, an IE kernel and the like, and can realize deep customization and integrated management of business system data for the enterprises. The preset gateway can filter abnormal access requests in a pre-verification mode, so that the safety of internal data is guaranteed. However, currently, when a user accesses data of an enterprise internal business system based on a front-end enterprise browser, a preset gateway lacks an effective security verification mechanism, and the exposure of the business system is too large, so that the security of the data in the process of accessing the enterprise internal business system is low.
Therefore, how to provide a secure verification mechanism for the enterprise browser to access the internal business system data is a technical problem to be solved urgently.
Disclosure of Invention
Therefore, the embodiment of the invention provides a network security verification method implemented based on an enterprise browser, so as to solve the problem that in the prior art, when a user accesses internal business system data based on the enterprise browser, the business system is exposed to a large extent, so that the security of the internal business system data of the enterprise is low, and effective guarantee cannot be obtained.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
in a first aspect, an embodiment of the present invention provides a network security verification method implemented based on an enterprise browser, including: acquiring access authority range information of a user in advance; respectively generating corresponding strategy IDs according to the access authority range information, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges; acquiring an HTTP request data packet sent by a user based on an enterprise browser, and extracting a target strategy ID from a UA field of the HTTP request data packet; and traversing the access authority list by using the target strategy ID for matching verification, if the matching verification is passed, determining the access authority range of the user according to the target strategy ID, and returning corresponding response content to the enterprise browser based on the access authority range.
Further, the network security verification method implemented based on the enterprise browser further includes:
acquiring identity identification information of a user logging in the enterprise browser, verifying the identity identification information, and judging the access authority range information corresponding to the user;
and issuing the corresponding target strategy ID to the enterprise browser according to the access authority range information corresponding to the user.
Further, the identification information includes at least one of account name information, login password information and login verification code information of the user logging in the enterprise browser.
Further, the access right range includes: the business system allowing the user to access based on the enterprise browser, and the business data inside the business system allowing the user to access based on the enterprise browser.
Further, the enterprise browser is an operation management service platform for managing an internal business system.
In a second aspect, an embodiment of the present invention further provides a network security verification apparatus implemented based on an enterprise browser, including: the access authority list pre-constructing unit is used for pre-acquiring the access authority range information of the user; respectively generating corresponding strategy IDs according to the access authority range information, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges; the system comprises a target strategy ID acquisition unit, a policy analysis unit and a policy analysis unit, wherein the target strategy ID acquisition unit is used for acquiring an HTTP request data packet sent by a user based on an enterprise browser and extracting a target strategy ID from a UA field of the HTTP request data packet; and the security verification unit is used for traversing the access authority list by using the target strategy ID to perform matching verification, determining the access authority range of the user according to the target strategy ID if the matching verification is passed, and returning corresponding response content to the enterprise browser based on the access authority range.
Further, the network security verification apparatus implemented based on the enterprise browser further includes: the identity information acquisition and verification unit is used for acquiring identity identification information of a user logging in the enterprise browser, verifying the identity identification information and judging the access authority range information corresponding to the user; and the target policy ID issuing unit is used for issuing the corresponding target policy ID to the enterprise browser according to the access authority range information corresponding to the user.
Further, the identification information includes at least one of account name information, login password information and login verification code information of the user logging in the enterprise browser.
Further, the access right range includes: the business system allowing the user to access based on the enterprise browser, and the business data inside the business system allowing the user to access based on the enterprise browser.
Further, the enterprise browser is an operation management service platform for managing an internal business system.
In a third aspect, an embodiment of the present invention further provides a security verification identification method implemented based on an enterprise browser, including: receiving a strategy ID issued by a background server; the strategy ID is used for identifying an access authority range corresponding to a user accessing the service system based on the enterprise browser; when the user accesses a service system based on the enterprise browser, the strategy ID is packaged and stored in a UA field of an HTTP request data package; and sending an HTTP request data packet carrying the strategy ID to a gateway corresponding to the service system.
In a fourth aspect, an embodiment of the present invention further provides an apparatus for implementing a security verification identifier based on an enterprise browser, including: the strategy ID receiving unit is used for receiving a strategy ID issued by the background server; the strategy ID is used for identifying an access authority range corresponding to a user accessing the service system based on the enterprise browser; the strategy ID storage unit is used for packing and storing the strategy ID into a UA field of an HTTP request data packet when the user accesses a service system based on the enterprise browser; and the HTTP request sending unit is used for sending an HTTP request data packet carrying the strategy ID to a gateway corresponding to the service system.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, including: a processor and a memory; the memory is configured to store a program of a network security verification method implemented based on an enterprise browser, and after the electronic device is powered on and runs the program of the network security verification method implemented based on the enterprise browser through the processor, the electronic device executes any one of the above-described network security verification methods implemented based on the enterprise browser.
In a sixth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium contains one or more program instructions, and the one or more program instructions are used for a server to execute any one of the above network security authentication methods implemented based on an enterprise browser.
By adopting the network security verification method based on the enterprise browser, the access authority of the user can be determined by verifying the strategy ID in the HTTP request data packet, the exposed surface of the business system is reduced, and the security of accessing the business system data based on the enterprise browser is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
Fig. 1 is a flowchart of a network security verification method implemented based on an enterprise browser according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a network security verification apparatus implemented based on an enterprise browser according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an electronic device according to an embodiment of the present invention;
fig. 4 is a flowchart of a security verification identification method implemented based on an enterprise browser according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a security verification identifier apparatus implemented based on an enterprise browser according to an embodiment of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following describes an embodiment of a network security verification method implemented based on an enterprise browser according to the present invention in detail. As shown in fig. 1, which is a flowchart of a network security verification method implemented based on an enterprise browser according to an embodiment of the present invention, a specific implementation process includes the following steps:
step S101: acquiring access authority range information of a user in advance; and respectively generating corresponding strategy IDs according to the access authority range information, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges.
In the implementation process, the user ID is usually used as an identifier to check the access right range. However, when the number of users is large, the number of user IDs increases; accordingly, if each HTTP request packet including the user ID is authenticated once, the speed of matching authentication becomes slow. Therefore, in the embodiment of the invention, the access authority range information of the user can be acquired, and the same strategy ID is generated for the users with the same access authority range, so that the number of the user IDs can be effectively reduced, and the speed of matching verification is improved.
The access right range information may refer to range information used for indicating that users of different types of work departments inside an enterprise can access the business system based on an enterprise browser. The policy ID may refer to identification information corresponding to a pre-configured scope of authority of a user within a department belonging to a different category, to access the enterprise internal business system data based on the enterprise browser.
In addition, corresponding policy IDs may also be generated within an enterprise according to different types of work departments, which may be divided based on different functions, such as: personnel departments, marketing departments, planning departments, and the like; the division can also be made based on the difference of the job grades, such as: the access authority ranges of different work departments are different, and are not limited specifically herein.
The constructing of the access authority list including the corresponding relationship between the policy ID and the access authority range specifically includes: and establishing a corresponding relation between the identification information and the preset authority ranges of the users belonging to different categories of departments and accessing the data of the enterprise internal business system based on the enterprise browser, and storing the identification information (namely, the strategy ID), the preset authority ranges of the users belonging to different categories of departments and accessing the data of the enterprise internal business system based on the enterprise browser and the corresponding relation into an access authority list of a data storage module China, so as to be convenient for matching and verifying the actual strategy ID carried in the extracted access request at the later stage, thereby determining the data content of the internal business system which can be actually accessed by the users. The access right range can include a business system allowing the user to access based on the enterprise browser, business data inside the business system allowing the user to access based on the enterprise browser, and the like. In the embodiment of the present invention, the business system may include various types of business systems such as ERP (enterprise resource planning management), CRM (customer relationship management), OA (office automation process management), and the access user generally corresponds to different access rights for different business systems. Therefore, in the specific implementation process, the preset gateway may receive a pre-configured access permission list issued by the background server.
Step S102: the method comprises the steps of obtaining an HTTP request data packet sent by a user based on an enterprise browser, and extracting a target strategy ID from a UA field of the HTTP request data packet.
In the embodiment of the invention, the enterprise browser is compatible with a Chrome kernel, an IE kernel and the like, is used as an operation management service platform for uniformly managing the business data in the enterprise, and can realize deep customization and integrated management of the business system data for the enterprise.
The HTTP request packet may refer to a data storage unit included in an HTTP access request sent by the enterprise browser based on an HTTP protocol. The HTTP request packet structure includes a request line, a message header, a message body, and the like. The request line is in the first line of the request data packet and comprises a request type (get/post), a request resource path, and a version and a type of a protocol; the message header comprises a plurality of styles (some key value pairs with special meanings defined by w3 c), and both the server side and the client side follow the convention of the message header and can also be set through codes; the message body is used for storing the request parameters and values when the request mode is post, and the request parameters and values when the request mode is get are contained in the resource path.
The ua (user agent) field may contain enterprise browser identifications of different companies, such as: the target policy ID.
In the specific implementation process, access control can be realized based on a preset gateway of a business system, an HTTP request data packet which is sent by a user based on an enterprise browser and used for accessing the data of the business system in an enterprise is obtained, and a target strategy ID is extracted from a UA field of the HTTP request data packet.
Step S103: and traversing the access authority list by using the target strategy ID for matching verification, if the matching verification is passed, determining the access authority range of the user according to the target strategy ID, and returning corresponding response content to the enterprise browser based on the access authority range.
After the access authority list is constructed in advance in step S101, traversal matching may be performed in this step based on the target policy ID acquired in step S102 and the policy ID in the access authority list, so as to determine the response content.
In a specific implementation process, after a preset gateway acquires each data packet contained in each HTTP request for accessing internal service system data sent by a user based on an enterprise browser, an operation of extracting a target policy ID is executed, and an access authority list is traversed to perform matching query, if the policy ID in the access authority list is the same as or opposite to the target policy ID, matching verification is passed, which indicates that the HTTP request can be forwarded, and then service system data in a corresponding authority range is accessed.
It should be noted that, before obtaining the target policy ID carried in the HTTP request packet based on the preset gateway, the method further includes: the method comprises the steps of obtaining identity identification information of a user logging in the enterprise browser in advance, verifying the identity identification information, and judging a department category of the user; and issuing the corresponding target strategy ID to the enterprise browser logged in by the user in advance according to the department category to which the user belongs. The identity information comprises at least one of account name information, login password information and login verification code information of a user logging in the enterprise browser.
By adopting the network security verification method based on the enterprise browser, the access authority of the user can be determined by verifying the strategy ID in the HTTP request data packet, the exposed surface of the business system is reduced, and the security of accessing the business system data based on the enterprise browser is improved.
Corresponding to the network security verification method realized based on the enterprise browser, the invention also provides a network security verification device realized based on the enterprise browser. Since the embodiment of the device is similar to the above method embodiment, the description is relatively simple, and please refer to the description in the above method embodiment section for relevant points, and the embodiment of the network security authentication device implemented based on the enterprise browser described below is only illustrative. Fig. 2 is a schematic diagram of a network security verification apparatus implemented based on an enterprise browser according to an embodiment of the present invention.
The invention relates to a network security verification device realized based on an enterprise browser, which comprises the following parts:
an access authority list pre-constructing unit 201, configured to pre-acquire access authority range information of a user; and generating a corresponding strategy ID according to the access authority range information, and constructing an access authority list containing the corresponding relation between the strategy ID and the access authority range.
In the implementation process, the user ID is usually used as an identifier to check the access right range. However, when the number of users is large, the number of user IDs increases; accordingly, if each HTTP request packet including the user ID is authenticated once, the speed of matching authentication becomes slow. Therefore, in the embodiment of the invention, the access authority range information of the user can be acquired, and the same strategy ID is generated for the users with the same access authority range, so that the number of the user IDs can be effectively reduced, and the speed of matching verification is improved. The access right range information may refer to range information used for indicating that users of different types of work departments inside an enterprise can access the business system based on an enterprise browser. The policy ID may refer to identification information corresponding to a pre-configured scope of authority of a user within a department belonging to a different category, to access the enterprise internal business system data based on the enterprise browser.
In addition, corresponding policy IDs may also be generated within an enterprise according to different types of work departments, which may be divided based on different functions, such as: personnel departments, marketing departments, planning departments, and the like; the division can also be made based on the difference of the job grades, such as: the access authority ranges of different work departments are different, and are not limited specifically herein.
The constructing of the access authority list including the corresponding relationship between the policy ID and the access authority range specifically includes: and establishing a corresponding relation between the identification information and the preset authority ranges of the users belonging to different categories of departments and accessing the data of the enterprise internal business system based on the enterprise browser, and storing the identification information (namely, the strategy ID), the preset authority ranges of the users belonging to different categories of departments and accessing the data of the enterprise internal business system based on the enterprise browser and the corresponding relation into an access authority list of a data storage module China, so as to be convenient for matching and verifying the actual strategy ID carried in the extracted access request at the later stage, thereby determining the data content of the internal business system which can be actually accessed by the users. The access right range can include a business system allowing the user to access based on the enterprise browser, business data inside the business system allowing the user to access based on the enterprise browser, and the like. In the embodiment of the present invention, the business system may include various types of business systems such as ERP (enterprise resource planning management), CRM (customer relationship management), OA (office automation process management), and the access user generally corresponds to different access rights for different business systems. Therefore, in the specific implementation process, the preset gateway may receive a pre-configured access permission list issued by the background server.
A target policy ID obtaining unit 202, configured to obtain an HTTP request packet sent by a user based on an enterprise browser, and extract a target policy ID from a UA field of the HTTP request packet.
The HTTP request packet may refer to a data storage unit included in an HTTP access request sent by the enterprise browser based on an HTTP protocol. The ua (user agent) field may contain enterprise browser identifications of different companies, such as: the target policy ID.
In the specific implementation process, access control can be realized based on a preset gateway of a business system, an HTTP request data packet which is sent by a user based on an enterprise browser and used for accessing the data of the business system in an enterprise is obtained, and a target strategy ID is extracted from a UA field of the HTTP request data packet.
And the security verification unit 203 is configured to traverse the access right list by using the target policy ID to perform matching verification, and if the matching verification is passed, determine an access right range of the user according to the target policy ID, and return corresponding response content to the enterprise browser based on the access right range.
After the access right list is previously constructed in the access right list pre-constructing unit 201, traversal matching may be performed in the security verifying unit 203 based on the target policy ID acquired by the target policy ID acquiring unit 202 and the policy ID in the access right list, thereby determining the response content. In a specific implementation process, after a preset gateway acquires each data packet contained in each HTTP request for accessing internal service system data sent by a user based on an enterprise browser, an operation of extracting a target policy ID is executed, and an access authority list is traversed to perform matching query, if the policy ID in the access authority list is the same as or opposite to the target policy ID, matching verification is passed, which indicates that the HTTP request can be forwarded, and then service system data in a corresponding authority range is accessed.
It should be noted that, before obtaining the target policy ID carried in the HTTP request packet based on the preset gateway, the method further includes: the method comprises the steps of obtaining identity identification information of a user logging in the enterprise browser in advance, verifying the identity identification information, and judging a department category of the user; and issuing the corresponding target strategy ID to the enterprise browser logged in by the user in advance according to the department category to which the user belongs. The identity information comprises at least one of account name information, login password information and login verification code information of a user logging in the enterprise browser.
By adopting the network security verification method based on the enterprise browser, the access authority of the user can be determined by verifying the strategy ID in the HTTP request data packet, the exposed surface of the business system is reduced, and the security of accessing the business system data based on the enterprise browser is improved.
Corresponding to the network security verification method based on the enterprise browser, the invention also provides electronic equipment. Since the embodiment of the electronic device is similar to the above method embodiment, the description is relatively simple, and please refer to the description of the above method embodiment, and the electronic device described below is only schematic. Fig. 3 is a schematic view of an electronic device according to an embodiment of the present invention.
The electronic device specifically includes: a processor 301 and a memory 302; the memory 302 is configured to run one or more program instructions, and is configured to store a program of a network security authentication method implemented based on an enterprise browser, and after the server is powered on and runs the program of the network security authentication method implemented based on the enterprise browser through the processor 301, the server executes any one of the above-mentioned network security authentication methods implemented based on the enterprise browser. The electronic device can be a background server corresponding to the enterprise browser.
Corresponding to the network security verification method realized based on the enterprise browser, the invention also provides a computer storage medium. Since the embodiment of the computer storage medium is similar to the above method embodiment, the description is simple, and please refer to the description of the above method embodiment, and the computer storage medium described below is only schematic.
The computer storage medium contains one or more program instructions for executing the above-mentioned method for network security authentication based on an enterprise browser by a server. The server may refer to a background server corresponding to the enterprise browser. The enterprise browser is an important means for realizing intelligent management of enterprises in the future, is generally compatible with a Chrome kernel, an IE kernel and the like, and can realize deep customization and integrated management of business system data for the enterprises, so that personalized requirements are met.
Corresponding to the network security verification method and device realized based on the enterprise browser, the invention also provides a security verification identification method and device realized based on the enterprise browser. As shown in fig. 4, which is a flowchart of a security verification identification method implemented based on an enterprise browser according to an embodiment of the present invention, a specific implementation process includes the following steps:
step S401: receiving a strategy ID issued by a background server; the strategy ID is used for identifying an access authority range corresponding to a user accessing the service system based on the enterprise browser.
Step S402: and when the user accesses a service system based on the enterprise browser, packaging and storing the strategy ID into a UA field of an HTTP request data packet.
Step S403: and sending an HTTP request data packet carrying the strategy ID to a gateway corresponding to the service system.
Specifically, before executing the network security verification method implemented based on the enterprise browser, when accessing service system data based on the enterprise browser, a client needs to receive a policy ID issued by a background server in advance; packaging and storing the strategy ID into a UA field of an HTTP request data packet; and sending an HTTP request data packet carrying the strategy ID to a gateway corresponding to a preset service system. And the strategy ID is used for identifying the department category corresponding to the user accessing the business system data based on the enterprise browser.
Fig. 5 is a schematic diagram of a security authentication identifier apparatus implemented based on an enterprise browser according to an embodiment of the present invention. The invention relates to a safety verification identification device realized based on an enterprise browser, which comprises the following parts:
a policy ID receiving unit 501, configured to receive a policy ID issued by a background server; the strategy ID is used for identifying an access authority range corresponding to a user accessing the service system based on the enterprise browser.
A policy ID storage unit 502, configured to store the policy ID package in a UA field of an HTTP request packet when the user accesses a service system based on the enterprise browser.
An HTTP request sending unit 503, configured to send an HTTP request data packet carrying the policy ID to a gateway corresponding to the service system.
It should be noted that, since the embodiments of the security authentication identification method and apparatus implemented based on the enterprise browser are similar to the embodiments of the network security authentication method implemented based on the enterprise browser, the description is relatively simple, and for relevant points, reference may be made to the description of the above method embodiments, and detailed description is not repeated here.
The security verification identification method based on the enterprise browser can quickly set the security verification identification and improve the security and efficiency of accessing the business system data based on the enterprise browser.
In an embodiment of the invention, the processor or processor module may be an integrated circuit chip having signal processing capabilities. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The processor reads the information in the storage medium and completes the steps of the method in combination with the hardware.
The storage medium may be a memory, for example, which may be volatile memory or nonvolatile memory, or which may include both volatile and nonvolatile memory.
The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory.
The volatile Memory may be a Random Access Memory (RAM) which serves as an external cache. By way of example and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (ddr Data Rate SDRAM), Enhanced SDRAM (ESDRAM), synclink DRAM (SLDRAM), and Direct memory bus RAM (DRRAM).
The storage media described in connection with the embodiments of the invention are intended to comprise, without being limited to, these and any other suitable types of memory.
Those skilled in the art will appreciate that the functionality described in the present invention may be implemented in a combination of hardware and software in one or more of the examples described above. When software is applied, the corresponding functionality may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.

Claims (10)

1. A network security verification method realized based on an enterprise browser is characterized by comprising the following steps:
acquiring access authority range information of a user in advance; respectively generating corresponding strategy IDs according to the difference of the access authority range information, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges; acquiring an HTTP request data packet sent by a user based on an enterprise browser, and extracting a target strategy ID from a UA field of the HTTP request data packet;
and traversing the access authority list by using the target strategy ID for matching verification, if the matching verification is passed, determining the access authority range of the user according to the target strategy ID, and returning corresponding response content to the enterprise browser based on the access authority range.
2. The method for web security authentication implemented based on an enterprise browser as claimed in claim 1, further comprising:
acquiring identity identification information of a user logging in the enterprise browser, verifying the identity identification information, and judging the access authority range information corresponding to the user;
and issuing the corresponding target strategy ID to the enterprise browser according to the access authority range information corresponding to the user.
3. The method of claim 2, wherein the identification information comprises at least one of account name information, login password information, and login verification code information of a user logging in the enterprise browser.
4. The method for web security authentication implemented based on an enterprise browser as claimed in claim 1, wherein the access right range comprises: the business system allowing the user to access based on the enterprise browser, and the business data inside the business system allowing the user to access based on the enterprise browser.
5. The method for network security authentication based on enterprise browser implementation of claim 1, wherein the enterprise browser is an operation management service platform for managing internal business systems.
6. A network security verification device implemented based on an enterprise browser is characterized by comprising:
the access authority list pre-constructing unit is used for pre-acquiring the access authority range information of the user; respectively generating corresponding strategy IDs according to the difference of the access authority range information, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges;
the system comprises a target strategy ID acquisition unit, a policy analysis unit and a policy analysis unit, wherein the target strategy ID acquisition unit is used for acquiring an HTTP request data packet sent by a user based on an enterprise browser and extracting a target strategy ID from a UA field of the HTTP request data packet;
and the security verification unit is used for traversing the access authority list by using the target strategy ID to perform matching verification, determining the access authority range of the user according to the target strategy ID if the matching verification is passed, and returning corresponding response content to the enterprise browser based on the access authority range.
7. A security verification identification method realized based on an enterprise browser is characterized by comprising the following steps:
receiving a strategy ID issued by a background server; the strategy ID is used for identifying an access authority range corresponding to a user accessing the service system based on the enterprise browser;
when the user accesses a service system based on the enterprise browser, the strategy ID is packaged and stored in a UA field of an HTTP request data package;
and sending an HTTP request data packet carrying the strategy ID to a gateway corresponding to the service system.
8. A security verification identification device implemented based on an enterprise browser, comprising:
the strategy ID receiving unit is used for receiving a strategy ID issued by the background server; the strategy ID is used for identifying an access authority range corresponding to a user accessing the service system based on the enterprise browser;
the strategy ID storage unit is used for packing and storing the strategy ID into a UA field of an HTTP request data packet when the user accesses a service system based on the enterprise browser;
and the HTTP request sending unit is used for sending an HTTP request data packet carrying the strategy ID to a gateway corresponding to the service system.
9. An electronic device, comprising:
a processor; and
a memory for storing a program of the network security authentication method implemented based on the enterprise browser, wherein the electronic device executes the network security authentication method implemented based on the enterprise browser according to any one of claims 1 to 5 after being powered on and running the program of the network security authentication method implemented based on the enterprise browser through the processor.
10. A computer-readable storage medium having one or more program instructions embodied therein for execution by a server of the enterprise browser based network security authentication method of any one of claims 1-5.
CN201911205528.1A 2019-11-29 2019-11-29 Network security verification method and device based on enterprise browser Pending CN111212027A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911205528.1A CN111212027A (en) 2019-11-29 2019-11-29 Network security verification method and device based on enterprise browser

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911205528.1A CN111212027A (en) 2019-11-29 2019-11-29 Network security verification method and device based on enterprise browser

Publications (1)

Publication Number Publication Date
CN111212027A true CN111212027A (en) 2020-05-29

Family

ID=70786274

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911205528.1A Pending CN111212027A (en) 2019-11-29 2019-11-29 Network security verification method and device based on enterprise browser

Country Status (1)

Country Link
CN (1) CN111212027A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112036888A (en) * 2020-08-05 2020-12-04 北京文思海辉金信软件有限公司 Business operation execution method and device, computer equipment and storage medium
CN115529157A (en) * 2022-08-08 2022-12-27 北京雪诺科技有限公司 Zero trust based enterprise application access system, method and access system
CN115829186A (en) * 2022-12-02 2023-03-21 杨恒 ERP management method based on artificial intelligence and data processing AI system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
US20090100525A1 (en) * 2006-05-22 2009-04-16 Canon Kabushiki Kaisha Information processing apparatus, information processing method, and information processing program
CN105871813A (en) * 2016-03-18 2016-08-17 合网络技术(北京)有限公司 Service management system, user authority control method and system
CN108965280A (en) * 2018-07-05 2018-12-07 郑州云海信息技术有限公司 A kind of user right restriction method
CN109743163A (en) * 2019-01-03 2019-05-10 优信拍(北京)信息科技有限公司 Purview certification method, apparatus and system in micro services framework

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090100525A1 (en) * 2006-05-22 2009-04-16 Canon Kabushiki Kaisha Information processing apparatus, information processing method, and information processing program
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN105871813A (en) * 2016-03-18 2016-08-17 合网络技术(北京)有限公司 Service management system, user authority control method and system
CN108965280A (en) * 2018-07-05 2018-12-07 郑州云海信息技术有限公司 A kind of user right restriction method
CN109743163A (en) * 2019-01-03 2019-05-10 优信拍(北京)信息科技有限公司 Purview certification method, apparatus and system in micro services framework

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112036888A (en) * 2020-08-05 2020-12-04 北京文思海辉金信软件有限公司 Business operation execution method and device, computer equipment and storage medium
CN115529157A (en) * 2022-08-08 2022-12-27 北京雪诺科技有限公司 Zero trust based enterprise application access system, method and access system
CN115829186A (en) * 2022-12-02 2023-03-21 杨恒 ERP management method based on artificial intelligence and data processing AI system
CN115829186B (en) * 2022-12-02 2023-09-22 上海赢他网络科技有限公司 ERP management method based on artificial intelligence and data processing AI system

Similar Documents

Publication Publication Date Title
US11456965B2 (en) Network service request throttling system
CN110266764B (en) Gateway-based internal service calling method and device and terminal equipment
US8590003B2 (en) Controlling access to resources by hosted entities
CN111212027A (en) Network security verification method and device based on enterprise browser
CN110784450A (en) Single sign-on method and device based on browser
CN107040560B (en) Service processing method and device based on service platform
US20170187705A1 (en) Method of controlling access to business cloud service
CN111416822A (en) Method for access control, electronic device and storage medium
CN111478910A (en) User identity authentication method and device, electronic equipment and storage medium
CN111177741A (en) Pre-authorization data access method and device based on enterprise browser
CN112953745B (en) Service calling method, system, computer device and storage medium
CN112995166A (en) Resource access authentication method and device, storage medium and electronic equipment
US20150180850A1 (en) Method and system to provide additional security mechanism for packaged web applications
CN111818035B (en) Permission verification method and device based on API gateway
US10192262B2 (en) System for periodically updating backings for resource requests
CN112738100A (en) Authentication method, device, authentication equipment and authentication system for data access
CN114640713A (en) Data access monitoring and control
CN111193707A (en) Pre-verification access method and device based on enterprise browser
CN113949579B (en) Website attack defense method and device, computer equipment and storage medium
CN115934202A (en) Data management method, system, data service gateway and storage medium
US10013237B2 (en) Automated approval
KR101653685B1 (en) Computer-excutable method for managing api
CN112995164B (en) Resource access authentication method and device, storage medium and electronic equipment
CN111200499B (en) System data access method and device based on PC (personal computer) end enterprise browser
CN111211902A (en) Digital signature method and device based on enterprise browser

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200529