CN111818034A - Network access control method, device, electronic equipment and medium - Google Patents

Network access control method, device, electronic equipment and medium Download PDF

Info

Publication number
CN111818034A
CN111818034A CN202010616596.3A CN202010616596A CN111818034A CN 111818034 A CN111818034 A CN 111818034A CN 202010616596 A CN202010616596 A CN 202010616596A CN 111818034 A CN111818034 A CN 111818034A
Authority
CN
China
Prior art keywords
terminal device
page
authenticated
authentication
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010616596.3A
Other languages
Chinese (zh)
Inventor
戈厚旺
孙雨辰
庞良
黄卫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010616596.3A priority Critical patent/CN111818034A/en
Publication of CN111818034A publication Critical patent/CN111818034A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Abstract

The present disclosure provides a network access control method, including: responding to a connection request received from a first terminal device, and determining authentication information carried by the connection request, wherein the connection request is used for requesting to connect a network; allowing the first terminal device to be connected with the network under the condition that the authentication information is determined to be consistent with the preset identity information of the first terminal device; responding to an access request received from a first terminal device, and sending an authentication page to the first terminal device so as to obtain a biological feature to be authenticated through the authentication page; in response to receiving the biometric characteristic to be authenticated, identifying the biometric characteristic to be authenticated to obtain an identification result; and allowing the first terminal device to access the network under the condition that the identification result meets a preset condition. The disclosure also provides a network access control device, an electronic device and a medium.

Description

Network access control method, device, electronic equipment and medium
Technical Field
The present disclosure relates to the field of electronic technologies, and in particular, to a network access control method, apparatus, electronic device, and medium.
Background
At present, identity authentication of network access is often an 802.1x authentication mode. However, the 802.1x authentication method requires a user name and a dynamic password to be input each time the network is accessed, which results in that the network access is not convenient enough.
Disclosure of Invention
In view of the above, the present disclosure provides a network access control method, apparatus, electronic device and medium.
One aspect of the present disclosure provides a network access control method, including: responding to a connection request received from a first terminal device, and determining authentication information carried by the connection request, wherein the connection request is used for requesting to access a network; allowing the first terminal device to be connected with the network under the condition that the authentication information is determined to be consistent with the preset identity information of the first terminal device; responding to an access request received from a first terminal device, and sending an authentication page to the first terminal device so as to obtain a biological feature to be authenticated through the authentication page; in response to receiving the biometric characteristic to be authenticated, identifying the biometric characteristic to be authenticated to obtain an identification result; and allowing the first terminal device to access the network under the condition that the identification result meets a preset condition.
According to an embodiment of the disclosure, the method further comprises: receiving a creation request from a second terminal device, wherein the creation request is used for requesting to create the preset identity information of the first terminal device; and based on the creation request, allocating a user name and a static password to the first terminal device, and creating the preset identity information according to the user name and the static password so that the first terminal device generates the connection request according to the user name and the static password.
According to an embodiment of the present disclosure, the biometric feature to be authenticated includes a facial feature, the authentication page includes a face recognition page, and the sending the authentication page to the first terminal device includes: sending a living body detection page to the first terminal device; performing living body detection on the collected facial features based on the living body detection page; and transmitting the face recognition page to the first terminal device in a case where it is determined that the facial feature is a facial feature of a living body.
According to an embodiment of the present disclosure, identifying the biometric characteristic to be authenticated to obtain an identification result includes: accessing a biological characteristic information system, and determining whether a preset biological characteristic consistent with the biological characteristic to be authenticated exists in the biological characteristic information system; wherein, in a case that the identification result satisfies a preset condition, allowing the first terminal device to access the network includes: and allowing the first terminal device to access the network under the condition that the identification result is that the preset biological characteristics consistent with the biological characteristics to be authenticated exist in the biological characteristic information system.
According to an embodiment of the present disclosure, the authentication page includes a Web page.
Another aspect of the present disclosure provides a network access control apparatus, including: the device comprises a determining module, a judging module and a sending module, wherein the determining module is used for responding to a connection request received from a first terminal device and determining authentication information carried by the connection request, and the connection request is used for requesting to access a network; the first control module is used for allowing the first terminal equipment to be connected with the network under the condition that the authentication information is determined to be consistent with the preset identity information of the first terminal equipment; the first sending module is used for responding to an access request received from a first terminal device and sending an authentication page to the first terminal device so as to obtain the biological features to be authenticated through the authentication page; the identification module is used for responding to the received biological characteristics to be authenticated and identifying the biological characteristics to be authenticated to obtain an identification result; and the second control module is used for allowing the first terminal equipment to access the network under the condition that the identification result meets a preset condition.
According to an embodiment of the present disclosure, the apparatus further comprises: a receiving module, configured to receive a creation request from a second terminal device, where the creation request is used to request to create the preset identity information of the first terminal device; and the allocation module is used for allocating a user name and a static password to the first terminal equipment based on the creation request, and creating the preset identity information according to the user name and the static password so that the first terminal equipment can generate the connection request according to the user name and the static password.
According to the embodiment of the present disclosure, the biometric feature to be authenticated includes a facial feature, the authentication page includes a face recognition page, and the second sending module includes: the first sending submodule is used for sending a living body detection page to the first terminal equipment; the detection submodule is used for carrying out living body detection on the collected facial features based on the living body detection page; and a second transmitting sub-module configured to transmit the face recognition page to the first terminal device in a case where it is determined that the facial feature is a facial feature of a living body.
According to an embodiment of the present disclosure, the identification module includes a determination sub-module configured to access a biometric information system, and determine whether a preset biometric feature consistent with the biometric feature to be authenticated exists in the biometric information system, and the second control module includes a control sub-module configured to allow the first terminal device to access the network if the identification result is that the preset biometric feature consistent with the biometric feature to be authenticated exists in the biometric information system.
According to an embodiment of the present disclosure, the authentication page includes a Web page.
Another aspect of the present disclosure provides an electronic device including: one or more processors; a storage device to store one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described method.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically shows a system architecture applied to a network access control method according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flow chart of a network access control method according to an embodiment of the present disclosure;
fig. 3 schematically shows a flow chart of a network access control method according to another embodiment of the present disclosure;
fig. 4A schematically illustrates a system architecture of a network access control method according to another embodiment of the present disclosure;
fig. 4B schematically illustrates a network access control method according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of a network access device according to an embodiment of the disclosure; and
fig. 6 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
An embodiment of the present disclosure provides a network access control method, including: responding to a connection request received from a first terminal device, and determining authentication information carried by the connection request, wherein the connection request is used for requesting to access a network; allowing the first terminal device to be connected with the network under the condition that the authentication information is determined to be consistent with the preset identity information of the first terminal device; responding to an access request received from a first terminal device, and sending an authentication page to the first terminal device so as to obtain a biological feature to be authenticated through the authentication page; in response to receiving the biometric characteristic to be authenticated, identifying the biometric characteristic to be authenticated to obtain an identification result; and allowing the first terminal device to access the network under the condition that the identification result meets a preset condition.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which a network access control method may be applied, according to an embodiment of the disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, a server 105, and a network access controller 106. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few. The network access controller 106 is used to control whether the network 104 allows the terminal devices 101, 102, 103 to access the server 105 through the network 104.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
According to an embodiment of the present disclosure, if the terminal device 101, 102, 103 needs to access the server 105 through the network 104, the terminal device 101, 102, 103 needs to first access the network 104, acquire the right to access the server 105 through the network 104, and whether to grant the terminal device 101, 102, 103 access to the network 104 may be determined by the network access controller 106 of the network 104.
It should be noted that the network access control method provided by the embodiment of the present disclosure may be generally executed by the network access controller 106. Accordingly, the network access control device provided by the embodiment of the present disclosure may be generally disposed in the network access controller 106.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Fig. 2 schematically shows a flow chart of a network access control method according to an embodiment of the present disclosure.
As shown in fig. 2, the abnormality detection method may include operations S201 to S205.
In operation S201, in response to receiving a connection request from a first terminal device, authentication information carried in the connection request is determined, where the connection request is used to request access to a network.
The first terminal device may be, for example, various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
According to an embodiment of the present disclosure, the network to which the connection request is requested to access may be, for example, a wireless network of a certain bank.
According to an embodiment of the present disclosure, the authentication information may be an identifier or an identifier pair uniquely corresponding to the first terminal device. The authentication information may be, for example, a user name and password. The authentication information may be pre-assigned by the user management server for the plurality of first terminal devices so that the first terminal devices may generate the connection request based on the authentication information.
In operation S202, in a case that it is determined that the authentication information is consistent with the preset identity information of the first terminal device, allowing the first terminal device to connect to the network.
For example, the network access controller may compare the authentication information with preset identity information of the first terminal device, and allocate an IP address to the first terminal device when it is determined that the authentication information is consistent with the preset identity information of the first terminal device, so that the first terminal device establishes a connection with the network.
According to the embodiment of the disclosure, the network access controller may, for example, invoke the user management server to obtain the preset identity information of the first terminal device from the user management server, so that the user name and the password carried in the connection request may be respectively compared with the preset user name and the preset password in the preset identity information. And allowing the first terminal device to be connected with the network under the condition that the user name carried in the connection request is consistent with the preset user name and the password carried in the connection request is consistent with the preset password.
In operation S203, in response to receiving an access request from a first terminal device, an authentication page is sent to the first terminal device, so as to obtain a biometric feature to be authenticated through the authentication page.
According to an embodiment of the present disclosure, the access request may be an access request to a certain web page, for example, may be an http request.
According to the embodiment of the disclosure, for example, the network access controller may intercept the access request and send the authentication page to the first terminal device when receiving the access request, so as to obtain the biometric feature to be authenticated through the authentication page.
According to an embodiment of the present disclosure, the authentication page may be, for example, a Web page, i.e., a Portal authentication. The biometric features to be authenticated may be, for example, facial features, limb features, etc.
In operation S204, in response to receiving the biometric characteristic to be authenticated, the biometric characteristic to be authenticated is identified to obtain an identification result.
For example, the recognition result may be obtained by recognizing a face image input by a user on the first terminal device in response to receiving the face image.
According to an embodiment of the present disclosure, for example, a biometric information system may be accessed to determine whether a preset biometric that is consistent with the biometric to be authenticated is present in the biometric information system.
According to the embodiment of the disclosure, for example, the face recognition may be performed on the received image, the face recognition result may be compared with the photo or the avatar in the face system, and it is determined whether the photo or the avatar consistent with the face recognition result exists in the face system.
In operation S205, in the case that the recognition result satisfies a preset condition, the first terminal device is allowed to access the network.
For example, the first terminal device may be allowed to access the network in a case where the recognition result is that it is determined that a preset biometric feature that is consistent with the biometric feature to be authenticated exists in the biometric information system. For example, a web page requesting access may be sent to the first terminal.
According to the embodiment of the disclosure, the network access control method can verify the authentication information carried by the connection request, and then identify the biological characteristics under the condition that the authentication information passes verification, so that a user does not need to input a user name and a password, and the convenience of network access is improved. In addition, the method adopts double verification of authentication information and biological characteristics, improves the accuracy of identity authentication and meets the requirement of double-factor authentication.
Fig. 3 schematically shows a flow chart of a network access control method according to another embodiment of the present disclosure.
As shown in fig. 3, the network access control method may further include operations S301 to S302 based on the foregoing embodiment. Here, operations S301 to S302 may be performed before operation S201, for example.
In operation S301, a creation request from a second terminal device is received, where the creation request is used to request that the preset identity information of the first terminal device be created.
According to an embodiment of the present disclosure, the second terminal device may be, for example, a terminal device of a network administrator. For example, a Windows AD (Windows active Directory) server, an LDAP (Lightweight Directory Access Protocol) based unified identity authentication server may be used to allocate the username and the static password to the first terminal device.
In operation S302, based on the creation request, a user name and a static password are allocated to the first terminal device, and the preset identity information is created according to the user name and the static password, so that the first terminal device generates the connection request according to the user name and the static password.
For example, each first terminal device may be assigned a preset username and a static password for the 802.1x wireless network connection based on the create request. Creating the preset identity information according to the user name and the static password may include storing a correspondence between the device information of each first terminal device and the user name and the static password.
According to the embodiment of the disclosure, an administrator may configure the first terminal device according to the user name and the static password allocated to each first terminal device, so that the user name and the password are stored in the local configuration file by the first terminal device, and thus the first terminal device obtains the user name and the password from the local configuration file, and generates the connection request according to the user name and the static password.
According to the embodiment of the disclosure, the biometric features to be authenticated comprise facial features, the authentication page comprises a face recognition page, and sending the authentication page to the first terminal device comprises: sending a living body detection page to a first terminal device; performing living body detection on the collected facial features based on the living body detection page; and transmitting a face recognition page to the first terminal device in a case where the face feature is determined to be a face feature of the living body.
Fig. 4A schematically illustrates a system architecture 400 of a network access control method according to another embodiment of the present disclosure.
As shown in fig. 4A, the system architecture 400 may include a first terminal device 401, a wireless access point AP 402, a wireless access controller AC 403, an 802.1x authorization server 404, a user management server 405, a Portal authorization server 406, a face recognition platform 407, and a human resources system 408.
According to the embodiment of the present disclosure, for example, the first terminal device 401 may be an intelligent terminal, such as a smart phone, a notebook computer, a smart tablet, and the like, and a camera is configured on the intelligent terminal, so that a face photo can be collected.
The wireless access points AP 402 may be distributed in a plurality of locations, for example.
The wireless access controller AC 403 may be responsible for aggregating data from different APs and accessing the data to the intranet, and may also perform functions such as configuration management of AP devices, authentication of wireless users, access control, and the like, and support protocols such as 802.1x authentication, Portal authentication, and the like. When the terminal initiates network connection, firstly, 802.1x authentication is carried out, then Portal authentication is carried out, and the terminal is allowed to access the network only after the 802.1x authentication and the Portal authentication are both successful.
The 802.1 authorization server 404 may provide an account verification authorization service required for 802.1x authentication, for example, and if the verification is successful, the 802.1x authentication success information of the wireless access controller is returned to the wireless access controller AC 403.
The user management server 405 may provide, for example, user creation, user authentication services. Each smart terminal may be assigned a username and password via the user management server 405, providing a user authentication interface for the 802.1x authorization server. The user management server 405 may be, for example, a Windows AD server, an LDAP-based unified identity authentication server.
The Portal authorization server 406 may provide, for example, a HTTP-based Portal face authentication function, and the service implements face biopsy and face photo collection, and invokes the interface of the background face recognition platform 407 to implement face recognition, and if the recognition is successful, the Portal authorization server 406 returns information that the Portal authentication of the wireless access controller is successful to the wireless access controller AC 403.
The face recognition platform 407 may provide, for example, face registration, deletion, update, search, and the like.
The human resources management system 408 may, for example, register employee avatars with the face recognition platform to synchronize employee information in the human resources management system 408 with employee information in the face recognition platform 407.
According to the embodiment of the disclosure, after the wireless access controller AC determines that the 802.1x authentication and the Portal authentication are both successful, the first terminal device is allowed to access the webpage, and the wireless access controller AC sends an access request of the first terminal device for accessing the webpage to the router, so that the service system responds to the access request.
Fig. 4B schematically illustrates a network access control method according to another embodiment of the present disclosure. The network access control method may be applied, for example, to the system architecture 400 described above in fig. 4A.
As shown in fig. 4B, the method may include operations S401 to S405.
In operation S401, for example, the human resource management system 408 may register the employee avatar in the face recognition platform, and keep the human resource management system 408 and the avatar in the face recognition platform synchronized.
According to an embodiment of the present disclosure, the human resources management system 408 may register all, for example, employee avatars on the face recognition platform. Registering on a face recognition platform includes: the employee maintains the latest certificate photo at the human resources management system 408, and the human resources management system 408 registers or updates the employee's head photo at the cloud platform. When the employee leaves the job, the human management system 408 deletes the face registration information of the face recognition platform synchronously.
In operation S402, for example, the face recognition platform 407 processes face registration, update, and deletion requests of the human resource management system. The processing of the face registration, update, and deletion requests of the human resource management system by the face recognition platform 407 may include: and according to the change type of the request, performing face registration, updating and deletion, and providing a face search interface for a Portal authorization server.
In operation S403, an account and a password may be allocated to each smart terminal through the user management server 405, and an 802.1x wireless network connection may be configured on the smart terminal.
In operation S404, the wireless access controller AC 403 may be configured to perform 802.1x authentication, perform Portal authentication after the authentication is successful, and allow the intelligent terminal to access the network only after both of the authentication and the Portal authentication pass.
In operation S405, a Portal authorization server 406 may be deployed, provide a face recognition authentication page of the HTTP protocol, implement biopsy and face photo collection, and call a face recognition platform interface to implement face recognition.
Fig. 5 schematically shows a block diagram of a network access device 500 according to an embodiment of the disclosure.
As shown in fig. 5, the network access device 500 may include a determination module 510, a first control module 520, a first transmission module 530, an identification module 540, and a second control module 550.
The determining module 510, for example, may perform operation S201 described above with reference to fig. 2, and is configured to determine, in response to receiving a connection request from a first terminal device, authentication information carried by the connection request, where the connection request is used to request access to a network.
The first control module 520, for example, may perform operation S202 described above with reference to fig. 2, and is configured to allow the first terminal device to connect to the network if it is determined that the authentication information is consistent with the preset identity information of the first terminal device.
The first sending module 530, for example, may perform operation S203 described above with reference to fig. 2, and is configured to send, in response to receiving an access request from a first terminal device, an authentication page to the first terminal device, so as to obtain a biometric feature to be authenticated through the authentication page.
An identifying module 540, for example, may perform operation S204 described above with reference to fig. 2, for identifying the biometric characteristic to be authenticated to obtain an identification result in response to receiving the biometric characteristic to be authenticated; and
the second control module 550, for example, may perform operation S205 described above with reference to fig. 2, for allowing the first terminal device to access the network if the identification result satisfies a preset condition.
According to an embodiment of the present disclosure, the network access apparatus 500 may further include a receiving module, configured to receive a creation request from a second terminal device, where the creation request is used to request to create the preset identity information of the first terminal device; and the allocation module is used for allocating a user name and a static password to the first terminal equipment based on the creation request, and creating the preset identity information according to the user name and the static password so that the first terminal equipment can generate the connection request according to the user name and the static password.
According to the embodiment of the present disclosure, the biometric feature to be authenticated includes a facial feature, the authentication page includes a face recognition page, and the second sending module includes: the first sending submodule is used for sending a living body detection page to the first terminal equipment; the detection submodule is used for carrying out living body detection on the collected facial features based on the living body detection page; and a second transmitting sub-module configured to transmit the face recognition page to the first terminal device in a case where it is determined that the facial feature is a facial feature of a living body.
According to an embodiment of the present disclosure, identifying the biometric characteristic to be authenticated to obtain an identification result includes: accessing a biological characteristic information system, and determining whether a preset biological characteristic consistent with the biological characteristic to be authenticated exists in the biological characteristic information system; wherein, in a case that the identification result satisfies a preset condition, allowing the first terminal device to access the network includes: and allowing the first terminal device to access the network under the condition that the identification result is that the preset biological characteristics consistent with the biological characteristics to be authenticated exist in the biological characteristic information system.
According to an embodiment of the present disclosure, an authentication page includes: a Web page.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any number of the determination module 510, the first control module 520, the first transmission module 530, the identification module 540, and the second control module 550 may be combined in one module to be implemented, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the determining module 510, the first controlling module 520, the first transmitting module 530, the identifying module 540, and the second controlling module 550 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable manner of integrating or packaging a circuit, or any one of three implementations of software, hardware, and firmware, or any suitable combination of any of them. Alternatively, at least one of the determining module 510, the first controlling module 520, the first transmitting module 530, the identifying module 540 and the second controlling module 550 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 6 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, a computer electronic device 600 according to an embodiment of the present disclosure includes a processor 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. Processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 601 may also include onboard memory for caching purposes. Processor 601 may include a single processing unit or multiple processing units for performing different actions of a method flow according to embodiments of the disclosure.
In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM602, and the RAM 603 are connected to each other via a bus 604. The processor 601 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM602 and/or RAM 603. It is to be noted that the programs may also be stored in one or more memories other than the ROM602 and RAM 603. The processor 601 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 600 may also include input/output (I/O) interface 605, input/output (I/O) interface 605 also connected to bus 604, according to an embodiment of the disclosure. The electronic device 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 607 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program, when executed by the processor 601, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM602 and/or RAM 603 described above and/or one or more memories other than the ROM602 and RAM 603.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (10)

1. A network access control method, comprising:
responding to a connection request received from a first terminal device, and determining authentication information carried by the connection request, wherein the connection request is used for requesting to access a network;
allowing the first terminal device to be connected with the network under the condition that the authentication information is determined to be consistent with the preset identity information of the first terminal device;
responding to an access request received from a first terminal device, and sending an authentication page to the first terminal device so as to obtain a biological feature to be authenticated through the authentication page;
in response to receiving the biometric characteristic to be authenticated, identifying the biometric characteristic to be authenticated to obtain an identification result; and
and allowing the first terminal equipment to access the network under the condition that the identification result meets a preset condition.
2. The method of claim 1, further comprising:
receiving a creation request from a second terminal device, wherein the creation request is used for requesting to create the preset identity information of the first terminal device;
and based on the creation request, allocating a user name and a static password to the first terminal device, and creating the preset identity information according to the user name and the static password so that the first terminal device generates the connection request according to the user name and the static password.
3. The method of claim 1, wherein the biometric feature to be authenticated comprises a facial feature, the authentication page comprises a face recognition page, and the sending the authentication page to the first terminal device comprises:
sending a living body detection page to the first terminal device;
performing living body detection on the collected facial features based on the living body detection page; and
and in the case that the facial feature is determined to be a facial feature of a living body, transmitting the face recognition page to the first terminal device.
4. The method of claim 1, wherein the identifying the biometric characteristic to be authenticated to obtain an identification result comprises:
accessing a biological characteristic information system, and determining whether a preset biological characteristic consistent with the biological characteristic to be authenticated exists in the biological characteristic information system;
wherein, in a case that the identification result satisfies a preset condition, allowing the first terminal device to access the network includes:
and allowing the first terminal device to access the network under the condition that the identification result is that the preset biological characteristics consistent with the biological characteristics to be authenticated exist in the biological characteristic information system.
5. The method of claim 1, wherein the authentication page comprises: a Web page.
6. A network access control device, comprising:
the device comprises a determining module, a judging module and a sending module, wherein the determining module is used for responding to a connection request received from a first terminal device and determining authentication information carried by the connection request, and the connection request is used for requesting to access a network;
the first control module is used for allowing the first terminal equipment to be connected with the network under the condition that the authentication information is determined to be consistent with the preset identity information of the first terminal equipment;
the sending module is used for responding to an access request received from a first terminal device and sending an authentication page to the first terminal device so as to obtain the biological features to be authenticated through the authentication page;
the identification module is used for responding to the received biological characteristics to be authenticated and identifying the biological characteristics to be authenticated to obtain an identification result; and
and the second control module is used for allowing the first terminal equipment to access the network under the condition that the identification result meets a preset condition.
7. The apparatus of claim 6, further comprising:
a receiving module, configured to receive a creation request from a second terminal device, where the creation request is used to request to create the preset identity information of the first terminal device;
and the allocation module is used for allocating a user name and a static password to the first terminal equipment based on the creation request, and creating the preset identity information according to the user name and the static password so that the first terminal equipment can generate the connection request according to the user name and the static password.
8. The apparatus of claim 6, wherein the biometric feature to be authenticated comprises a facial feature, the authentication page comprises a face recognition page, and the second sending module comprises:
the first sending submodule is used for sending a living body detection page to the first terminal equipment;
the detection submodule is used for carrying out living body detection on the collected facial features based on the living body detection page; and
a second sending sub-module, configured to send the face recognition page to the first terminal device if it is determined that the facial feature is a facial feature of a living body.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-5.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 5.
CN202010616596.3A 2020-06-30 2020-06-30 Network access control method, device, electronic equipment and medium Pending CN111818034A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010616596.3A CN111818034A (en) 2020-06-30 2020-06-30 Network access control method, device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010616596.3A CN111818034A (en) 2020-06-30 2020-06-30 Network access control method, device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN111818034A true CN111818034A (en) 2020-10-23

Family

ID=72855216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010616596.3A Pending CN111818034A (en) 2020-06-30 2020-06-30 Network access control method, device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN111818034A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112738059A (en) * 2020-12-23 2021-04-30 迈普通信技术股份有限公司 Terminal access validity verification method and device, electronic equipment and storage medium
CN113163404A (en) * 2021-04-28 2021-07-23 天生桥一级水电开发有限责任公司水力发电厂 Network access authentication method and related equipment
CN113613190A (en) * 2021-06-22 2021-11-05 国网思极网安科技(北京)有限公司 Terminal security access unit, system and method
CN115134165A (en) * 2022-07-29 2022-09-30 中国工商银行股份有限公司 Information verification method and system, storage medium and electronic device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105100108A (en) * 2015-08-18 2015-11-25 赛肯(北京)科技有限公司 Login authentication method, device and system based on face identification
US20160057188A1 (en) * 2011-11-09 2016-02-25 Microsoft Technology Licensing, Llc Generating and updating event-based playback experiences
CN106572112A (en) * 2016-11-09 2017-04-19 北京小米移动软件有限公司 Access control method and device
CN106982221A (en) * 2017-04-24 2017-07-25 上海斐讯数据通信技术有限公司 A kind of network authentication method, system and intelligent terminal
CN108810891A (en) * 2017-04-27 2018-11-13 华为技术有限公司 It is a kind of to realize authentication method, authenticating device and the user equipment for accessing network
CN108965341A (en) * 2018-09-28 2018-12-07 北京芯盾时代科技有限公司 The method, apparatus and system of login authentication
US20190182242A1 (en) * 2017-12-11 2019-06-13 Cyberark Software Ltd. Authentication in integrated system environment
CN110365684A (en) * 2019-07-17 2019-10-22 中国工商银行股份有限公司 Access control method, device and the electronic equipment of application cluster
CN110710178A (en) * 2017-06-01 2020-01-17 诺基亚通信公司 User authentication in a wireless access network

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160057188A1 (en) * 2011-11-09 2016-02-25 Microsoft Technology Licensing, Llc Generating and updating event-based playback experiences
CN105100108A (en) * 2015-08-18 2015-11-25 赛肯(北京)科技有限公司 Login authentication method, device and system based on face identification
CN106572112A (en) * 2016-11-09 2017-04-19 北京小米移动软件有限公司 Access control method and device
CN106982221A (en) * 2017-04-24 2017-07-25 上海斐讯数据通信技术有限公司 A kind of network authentication method, system and intelligent terminal
CN108810891A (en) * 2017-04-27 2018-11-13 华为技术有限公司 It is a kind of to realize authentication method, authenticating device and the user equipment for accessing network
CN110710178A (en) * 2017-06-01 2020-01-17 诺基亚通信公司 User authentication in a wireless access network
US20190182242A1 (en) * 2017-12-11 2019-06-13 Cyberark Software Ltd. Authentication in integrated system environment
CN108965341A (en) * 2018-09-28 2018-12-07 北京芯盾时代科技有限公司 The method, apparatus and system of login authentication
CN110365684A (en) * 2019-07-17 2019-10-22 中国工商银行股份有限公司 Access control method, device and the electronic equipment of application cluster

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112738059A (en) * 2020-12-23 2021-04-30 迈普通信技术股份有限公司 Terminal access validity verification method and device, electronic equipment and storage medium
CN112738059B (en) * 2020-12-23 2022-02-22 迈普通信技术股份有限公司 Terminal access validity verification method and device, electronic equipment and storage medium
CN113163404A (en) * 2021-04-28 2021-07-23 天生桥一级水电开发有限责任公司水力发电厂 Network access authentication method and related equipment
CN113163404B (en) * 2021-04-28 2023-04-28 天生桥一级水电开发有限责任公司水力发电厂 Network access authentication method and related equipment
CN113613190A (en) * 2021-06-22 2021-11-05 国网思极网安科技(北京)有限公司 Terminal security access unit, system and method
CN115134165A (en) * 2022-07-29 2022-09-30 中国工商银行股份有限公司 Information verification method and system, storage medium and electronic device

Similar Documents

Publication Publication Date Title
US11089023B2 (en) Computer readable storage media for tiered connection pooling and methods and systems for utilizing same
CN111818034A (en) Network access control method, device, electronic equipment and medium
JP6349579B2 (en) Conditional login promotion
US11489671B2 (en) Serverless connected app design
CN106716404B (en) Proxy server in computer subnet
US9094398B2 (en) Enhancing directory service authentication and authorization using contextual information
US9794227B2 (en) Automatic detection of authentication methods by a gateway
US8661144B2 (en) Method and system for automated user authentication for a priority communication session
CN111212075B (en) Service request processing method and device, electronic equipment and computer storage medium
CN112995219B (en) Single sign-on method, device, equipment and storage medium
US9781090B2 (en) Enterprise computing environment with continuous user authentication
EP3552135B1 (en) Integrated consent system
EP4172818B1 (en) Shared resource identification
CN103179104A (en) Method, system and equipment thereof for accessing remote service
CN105704094A (en) Application access authority control method and device
US7784085B2 (en) Enabling identity information exchange between circles of trust
CN111343262A (en) Distributed cluster login method, device, equipment and storage medium
US20100287600A1 (en) Assigning User Requests of Different Types or Protocols to a User by Trust Association Interceptors
US9912757B2 (en) Correlation identity generation method for cloud environment
CN107018140B (en) Authority control method and system
CN112491066B (en) Load balancing method, device, system, target load balancing equipment and medium
US20200204544A1 (en) Biometric security for cloud services
CN109450887B (en) Data transmission method, device and system
CN116405567A (en) User resource management method, system, equipment and storage medium
CN116546496A (en) Authentication method and device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201023