CN113572773A - Access equipment and terminal access control method - Google Patents
Access equipment and terminal access control method Download PDFInfo
- Publication number
- CN113572773A CN113572773A CN202110847841.6A CN202110847841A CN113572773A CN 113572773 A CN113572773 A CN 113572773A CN 202110847841 A CN202110847841 A CN 202110847841A CN 113572773 A CN113572773 A CN 113572773A
- Authority
- CN
- China
- Prior art keywords
- terminal
- information
- access
- fingerprint
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000001960 triggered effect Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000002159 abnormal effect Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000005457 optimization Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 150000003839 salts Chemical class 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a safety access control technology in the field of data communication, and discloses access equipment and a terminal access control method, which solve the problems that in the prior art, after an escape mode is started, the safety risk is higher when all new access terminals are directly released, or the normal service development is influenced by controlling all the new access terminals to access a limited network. In the invention, the access equipment scans the relevant information of a legal terminal after the terminal passes authentication and encrypts the information to be stored locally as fingerprint information, when the authentication server cannot be reached due to abnormal network connection between the access equipment and the authentication server, the access equipment enters an escape mode, the access equipment performs scanning operation after the terminal acquires an IP address in the escape mode, the scanned information is encrypted and then is compared with data in a fingerprint library, and the network access of the terminal is controlled according to a comparison result and a corresponding release strategy.
Description
Technical Field
The invention relates to a security access control technology in the field of data communication, in particular to access equipment and a terminal access control method.
Background
In the existing terminal access scenario, in order to achieve the purposes of secure access and authority control, an access authentication function is usually used, that is, a user needs to perform identity authentication (MAC authentication, 802.1x user name and password authentication, certificate authentication, portal authentication, etc.) during access, a common network topology is shown in fig. 1, such a usage scenario strongly depends on an authentication server, and when a network between an access device and the authentication server is abnormal (that is, the authentication server is not reachable), the terminal cannot normally access the network through authentication, thereby affecting service development of the user.
In order to solve the problem, part of merchants adopt a control mode of authentication server escape, that is, when the server is not reachable, the escape mode is started, all new access terminals are directly released, or all new access terminals are controlled to access a guest-vlan (virtual local area network) network. The two control methods have the following defects: 1. if all new access terminals are directly released without authentication, the terminals can access any network resource in the local area network, and a larger safety risk exists; 2. if all new access terminals are controlled to access the guest-vlan network, the development of normal services is influenced to a certain extent due to the limited accessible resources in the network.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the access equipment and the terminal access control method solve the problems that in the prior art, after an escape mode is started, the safety risk is high when all new access terminals are directly released, or the normal service development is influenced by controlling all the new access terminals to access a limited network.
The technical scheme adopted by the invention for solving the technical problems is as follows:
in one aspect, the present invention provides an access device, including:
the link detection module is used for judging whether the authentication server can be reached or not by detecting a link between the access equipment and the authentication server, if so, the access authentication module is triggered, and otherwise, the escape control module is triggered;
the access authentication module is used for initiating an authentication process to the authentication server and triggering the sniffing scanning module after the terminal passes the authentication;
the sniffing scanning module is used for carrying out sniffing scanning on the terminal to acquire the related information of the terminal;
the fingerprint database module is used for taking and storing the relevant information of the terminal after passing the authentication as the fingerprint information of the corresponding terminal; and the escape control module is used for acquiring the relevant information of the terminal through the sniffing scanning module after the terminal acquires the IP address, matching the relevant information with the data in the fingerprint database, and controlling the terminal access according to the matching result and by combining a corresponding release strategy.
As a further optimization, the relevant information of the terminal comprises terminal basic information and terminal open service and port information; the terminal basic information includes: the operating system, IP and MAC address of the terminal.
As a further optimization, the fingerprint database module is specifically configured to encrypt the basic information of the terminal that passes the authentication as the first-level fingerprint information of the terminal, encrypt the open service and port information of the terminal that passes the authentication as the second-level fingerprint information of the terminal, and store the first-level fingerprint information and the second-level fingerprint information.
As a further optimization, the escape control module is specifically configured to, after the terminal acquires the IP address, acquire the basic information and the open service and port information of the terminal through the sniffing scanning module, match the encrypted basic information with the primary fingerprint information in the fingerprint database, if matching is successful, encrypt the encrypted open service and port information of the terminal and match with the secondary fingerprint information in the fingerprint database, and if matching is successful, authorize the terminal to normally access the network.
As a further optimization, the escape control module is further configured to, when the basic information of the terminal is encrypted and then fails to match with the primary fingerprint information in the fingerprint database or the fingerprint data of the terminal is not queried in the fingerprint database, deny the terminal access to the network or authorize the terminal access to the restricted network; or, when the open service and port information of the terminal are encrypted and then are unsuccessfully matched with the secondary fingerprint information in the fingerprint database, authorizing the terminal to access the restricted network.
On the other hand, the invention also provides a terminal access control method, which is applied to a system comprising the access equipment and the authentication server; the method comprises the following steps:
a. when the terminal requests to access the network through the access equipment, the access equipment judges whether the authentication server is accessible, if so, the step b is carried out, otherwise, the step c is carried out;
b. the access equipment initiates an authentication flow to an authentication server, the terminal performs normal access authentication, and after the authentication is passed, the access equipment performs sniffing scanning on the terminal to acquire and store relevant information of the terminal as fingerprint information of the terminal;
c. after the terminal acquires the IP address, the access equipment performs sniffing scanning on the terminal, acquires the relevant information of the terminal, matches the relevant information with the data in the local fingerprint database, and controls the terminal access according to the matching result and by combining with the corresponding release strategy.
As a further optimization, in step b, the obtaining and storing the relevant information of the terminal as the fingerprint information of the terminal specifically includes: acquiring basic information and open service and port information of a terminal; the terminal basic information includes: the operating system and MAC address of the terminal; and encrypting the basic information to be used as the first-level fingerprint information of the terminal, encrypting the open service and the port information to be used as the second-level fingerprint information of the terminal, and storing the first-level fingerprint information and the second-level fingerprint information.
As a further optimization, in step c, after the terminal acquires the IP address, and before the access device performs sniffing scanning on the terminal, the following operations are further performed: the access equipment acquires the IP address of the terminal through the ARP message and the DHCP message of the terminal, then starts a three-layer interface address which is in the same network segment with the IP address on the equipment, and issues a host type ACL aiming at the IP address of the terminal, thereby limiting the terminal to be only communicated with the three-layer interface IP address.
As a further optimization, in step c, the obtaining of the relevant information of the terminal and the matching with the data in the local fingerprint database, and controlling the terminal access according to the matching result and by combining with the corresponding release policy specifically include:
acquiring basic information and open service and port information of a terminal, encrypting the basic information and then matching the basic information with primary fingerprint information in a fingerprint database, if the basic information is successfully matched, encrypting the open service and port information of the terminal and then matching the open service and port information with secondary fingerprint information in the fingerprint database, and if the open service and port information is successfully matched, authorizing the terminal to normally access a network.
As a further optimization, in step c, the obtaining of the relevant information of the terminal and the matching with the data in the local fingerprint database, and controlling the terminal access according to the matching result and the combination of the corresponding release policy further include: refusing the terminal to access the network or authorizing the terminal to access the limited network when the basic information of the terminal is encrypted and fails to be matched with the primary fingerprint information in the fingerprint database or the fingerprint data of the terminal is not inquired in the fingerprint database; or, when the open service and port information of the terminal are encrypted and then are unsuccessfully matched with the secondary fingerprint information in the fingerprint database, authorizing the terminal to access the restricted network.
The invention has the beneficial effects that:
(1) when the authentication server is not reachable, the network access of the terminal is controlled by scanning the relevant information of the access terminal and matching the relevant information with the information in the local fingerprint library according to the matching result and combining a corresponding release strategy, so that the access problem of the terminal when the authentication server is not reachable is solved, and the network security is also ensured;
(2) fingerprint matching adopts a graded check matching mode, and corresponding control strategies are configured for each grade of matching success or failure, so that the flexibility of terminal access control is higher.
Drawings
Fig. 1 is a schematic diagram of a terminal access scenario in the prior art;
fig. 2 is a block diagram of an access device according to an embodiment of the present invention;
fig. 3 is a flowchart of a terminal access control method in an embodiment of the present invention.
Detailed Description
The invention aims to provide access equipment and a terminal access control method, and solves the problems that in the prior art, after an escape mode is started, the safety risk is higher when all new access terminals are directly released, or the normal service development is influenced by controlling all the new access terminals to be accessed into a limited network. The core idea is as follows: the access equipment scans relevant information of a legal terminal after the terminal passes authentication, encrypts the information to be stored locally as fingerprint information, enters an escape mode when the authentication server cannot be reached due to abnormal network connection between the access equipment and the authentication server, scans the terminal after the terminal acquires an IP address in the escape mode, compares the encrypted scanned information with data in a fingerprint library, and controls network access of the terminal according to a comparison result and a corresponding release strategy.
Example (b):
as shown in fig. 2, the access device in this embodiment has a structure as shown in fig. 2, and includes: the system comprises a sniffing scanning module, a fingerprint database module, a link detection module, an access authentication module and an escape control module; in particular, the method comprises the following steps of,
the link detection module is used for judging whether the authentication server can be reached or not by detecting a link between the access equipment and the authentication server, if so, the access authentication module is triggered, and otherwise, the escape control module is triggered;
the access authentication module is used for initiating an authentication process to the authentication server and triggering the sniffing scanning module after the terminal passes the authentication;
the sniffing scanning module is used for carrying out sniffing scanning on the terminal to acquire the related information of the terminal;
the fingerprint database module is used for taking and storing the relevant information of the terminal after passing the authentication as the fingerprint information of the corresponding terminal; and the escape control module is used for acquiring the relevant information of the terminal through the sniffing scanning module after the terminal acquires the IP address, matching the relevant information with the data in the fingerprint database, and controlling the terminal access according to the matching result and by combining a corresponding release strategy.
The access device in this embodiment supports a dot1xfree (dot1x authentication-free IP) function, so as to allow a user to acquire an IP address before authentication is completed. When the link between the access equipment and the authentication server is normal, the terminal normally performs access authentication, after the authentication is passed, the access equipment performs sniffing scanning on the legal access terminal to acquire basic information of the terminal and open service and port information of the terminal, and the information is used as basic information of terminal fingerprints and is stored in a local fingerprint database.
When the access equipment and the authentication server are unreachable due to network link abnormity, the access equipment enters an escape mode, and in the escape mode, the access equipment performs sniffing scanning after the terminal acquires the IP address, encrypts the scanned information and compares the encrypted information with data in a fingerprint library, and controls the access of the terminal according to a comparison result and a corresponding release strategy; therefore, when the authentication server is not reachable, access control of a legal terminal can be ensured, normal service development is prevented from being influenced, and network security is also ensured.
Based on the above access device, this embodiment further provides a terminal access control method, a flow of which is shown in fig. 3, and the method includes the following implementation steps:
1. the terminal requests to access the network:
in this step, when the terminal requests to access the network through the access device, the access device first judges whether the current authentication server is accessible, if so, the step 2 is entered, otherwise, the access device enters an escape mode, and the step 3 is executed;
2. starting a normal authentication flow:
in this step, the access device initiates an authentication flow to the authentication server, the terminal performs normal access authentication, if the authentication is successful, the terminal is authorized to normally access the network, and the terminal can access the full-authority network; if the authentication fails and reaches a certain number of times (such as 3 times), the authentication fails, which indicates that the terminal is not a legal terminal, and the terminal is rejected to access the network.
In addition, if the terminal passes the authentication, the access device performs sniffing scanning on the terminal, and can scan and acquire basic information (an operating system, MAC, IP, access port index ID and the like) of the terminal, open services and port information (such as ftp:21, telnet:23, rtsp:554, smtp:25 and the like) of the terminal. The information is used as an important information source of the terminal fingerprint, and is stored in a terminal fingerprint database on the access equipment after being encrypted by using a specified encryption mode.
In order to improve the flexibility of subsequent access control to the terminal, the fingerprints in this embodiment are divided into primary fingerprints and secondary fingerprints, and specifically, the terminal MAC address, the operating system name string, and the index ID16 binary value (salt) may be encrypted by using an MD5 algorithm and then used as the primary fingerprints; and encrypting the terminal open service name, the port information character string and the terminal MAC address by using an MD5 algorithm to obtain a secondary fingerprint.
3. Starting an escape control process:
after the access equipment enters an escape mode, a free IP function (an IP address acquisition function before authentication) is effective, the terminal can acquire an IP address before authentication, the access equipment side acquires the IP address of the terminal through an ARP message and a DHCP message of the terminal, then a three-layer interface address in the same network segment with the IP address is started on the equipment, and meanwhile a host type ACL is issued aiming at the IP address of the terminal, so that the terminal is limited to be only capable of communicating with the three-layer interface IP address. Facilitating performing a sniff scan on the terminal while restricting access to other resources in the network by the terminal. When executing scanning, the basic information scanning of the terminal is preferentially carried out, and then the open service and the port information scanning of the terminal are carried out.
Primary fingerprint verification: after the basic information of the terminal is obtained, the corresponding basic information is encrypted by using the same encryption mode as that in the step 2 to obtain the primary fingerprint information of the terminal, the primary fingerprint information is compared with the primary fingerprint information in the local database, if the primary fingerprint information is matched with the primary fingerprint information in the local database, the terminal is subjected to limited release, the terminal is made to be temporarily accessed to a limited network, at the moment, the terminal can access partial non-sensitive resources in the network, and then secondary fingerprint verification is carried out. If the primary fingerprints do not match, the terminal may be denied access to the network or may be allowed access to a restricted network according to a configuration policy of an actual application scenario.
Secondary fingerprint verification: and after the terminal open service and the port information are obtained, encrypting by using the same encryption mode as the step 2 to obtain a secondary fingerprint of the terminal, comparing the secondary fingerprint information with the secondary fingerprint information in the local database, if the secondary fingerprint information is matched with the secondary fingerprint information in the local database, the terminal is classified into a normal network, and at the moment, the terminal can access all network resources. If the secondary fingerprint matching fails, the terminal can still only access the limited network.
It should be noted that, for a terminal that has never been authenticated before, due to lack of an initial fingerprint, in a primary fingerprint verification process of such a terminal, matching failure may be caused because a fingerprint is not identified, and a security policy may be confirmed according to an actual usage scenario, for example: either denying access directly or allowing access to a particular restricted network.
In addition, in order to improve the accuracy of the fingerprint in the fingerprint database, the fingerprint database may be dynamically updated, that is, in the case that the server is reachable, after each time the terminal is successfully authenticated, the relevant information of the terminal is obtained through sniffing and scanning, and the fingerprint information in the fingerprint database is updated.
Claims (10)
1. An access device, comprising:
the link detection module is used for judging whether the authentication server can be reached or not by detecting a link between the access equipment and the authentication server, if so, the access authentication module is triggered, and otherwise, the escape control module is triggered;
the access authentication module is used for initiating an authentication process to the authentication server and triggering the sniffing scanning module after the terminal passes the authentication;
the sniffing scanning module is used for carrying out sniffing scanning on the terminal to acquire the related information of the terminal;
the fingerprint database module is used for taking and storing the relevant information of the terminal after passing the authentication as the fingerprint information of the corresponding terminal;
and the escape control module is used for acquiring the relevant information of the terminal through the sniffing scanning module after the terminal acquires the IP address, matching the relevant information with the data in the fingerprint database, and controlling the terminal access according to the matching result and by combining a corresponding release strategy.
2. The access device of claim 1,
the relevant information of the terminal comprises terminal basic information and terminal open service and port information; the terminal basic information includes: the operating system, IP address and MAC address of the terminal.
3. The access device of claim 2,
the fingerprint database module is specifically used for encrypting the basic information of the terminal after passing the authentication as the first-level fingerprint information of the terminal, encrypting the open service and port information of the terminal after passing the authentication as the second-level fingerprint information of the terminal, and storing the first-level fingerprint information and the second-level fingerprint information.
4. The access device of claim 3,
the escape control module is specifically used for acquiring basic information, open service and port information of the terminal through the sniffing scanning module after the terminal acquires the IP address, matching the encrypted basic information with the primary fingerprint information in the fingerprint database, matching the encrypted open service and port information of the terminal with the secondary fingerprint information in the fingerprint database if matching is successful, and authorizing the terminal to normally access the network if matching is successful.
5. The access device of claim 4,
the escape control module is also used for refusing the terminal to access the network or authorizing the terminal to access the limited network when the basic information of the terminal is encrypted and then fails to be matched with the primary fingerprint information in the fingerprint database or the fingerprint data of the terminal is not inquired in the fingerprint database; or, when the open service and port information of the terminal are encrypted and then are unsuccessfully matched with the secondary fingerprint information in the fingerprint database, authorizing the terminal to access the restricted network.
6. A terminal access control method applied to a system comprising the access device and the authentication server according to any one of claims 1 to 5; the method is characterized by comprising the following steps:
a. when the terminal requests to access the network through the access equipment, the access equipment judges whether the authentication server is accessible, if so, the step b is carried out, otherwise, the step c is carried out;
b. the access equipment initiates an authentication flow to an authentication server, the terminal performs normal access authentication, and after the authentication is passed, the access equipment performs sniffing scanning on the terminal to acquire and store relevant information of the terminal as fingerprint information of the terminal;
c. after the terminal acquires the IP address, the access equipment performs sniffing scanning on the terminal, acquires the relevant information of the terminal, matches the relevant information with the data in the local fingerprint database, and controls the terminal access according to the matching result and by combining with the corresponding release strategy.
7. The terminal access control method according to claim 6, wherein in step b, the obtaining the relevant information of the terminal as the fingerprint information of the terminal and storing the relevant information specifically comprises: acquiring basic information and open service and port information of a terminal; the terminal basic information includes: the operating system and MAC address of the terminal; and encrypting the basic information to be used as the first-level fingerprint information of the terminal, encrypting the open service and the port information to be used as the second-level fingerprint information of the terminal, and storing the first-level fingerprint information and the second-level fingerprint information.
8. The terminal access control method of claim 6, wherein in step c, after the terminal acquires the IP address and before the access device performs the sniff scan on the terminal, the following operations are further performed: the access equipment acquires the IP address of the terminal through the ARP message and the DHCP message of the terminal, then starts a three-layer interface address which is in the same network segment with the IP address on the equipment, and issues a host type ACL aiming at the IP address of the terminal, thereby limiting the terminal to be only communicated with the three-layer interface IP address.
9. The terminal access control method according to claim 6, wherein in step c, the obtaining of the relevant information of the terminal and the matching with the data in the local fingerprint database, and controlling the terminal access according to the matching result and the corresponding release policy specifically include:
acquiring basic information and open service and port information of a terminal, encrypting the basic information and then matching the basic information with primary fingerprint information in a fingerprint database, if the basic information is successfully matched, encrypting the open service and port information of the terminal and then matching the open service and port information with secondary fingerprint information in the fingerprint database, and if the open service and port information is successfully matched, authorizing the terminal to normally access a network.
10. The terminal access control method of claim 9,
in step c, the obtaining of the relevant information of the terminal and the matching with the data in the local fingerprint database, and controlling the terminal access according to the matching result and the combination of the corresponding release strategy further comprises:
refusing the terminal to access the network or authorizing the terminal to access the limited network when the basic information of the terminal is encrypted and fails to be matched with the primary fingerprint information in the fingerprint database or the fingerprint data of the terminal is not inquired in the fingerprint database; or, when the open service and port information of the terminal are encrypted and then are unsuccessfully matched with the secondary fingerprint information in the fingerprint database, authorizing the terminal to access the restricted network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110847841.6A CN113572773A (en) | 2021-07-27 | 2021-07-27 | Access equipment and terminal access control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110847841.6A CN113572773A (en) | 2021-07-27 | 2021-07-27 | Access equipment and terminal access control method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113572773A true CN113572773A (en) | 2021-10-29 |
Family
ID=78167729
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110847841.6A Pending CN113572773A (en) | 2021-07-27 | 2021-07-27 | Access equipment and terminal access control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113572773A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114039797A (en) * | 2021-11-26 | 2022-02-11 | 新华三大数据技术有限公司 | Multi-factor authentication escape method and cloud platform |
CN114285819A (en) * | 2021-12-29 | 2022-04-05 | 深圳市共进电子股份有限公司 | Method and device for visiting intranet by visitor network, computer equipment and medium |
CN114338777A (en) * | 2021-12-22 | 2022-04-12 | 迈普通信技术股份有限公司 | Escape control method and device |
Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1744494A (en) * | 2005-09-30 | 2006-03-08 | 广东省电信有限公司研究院 | Access authentication system and method by verifying safety of accessing host |
US20160155128A1 (en) * | 2014-12-02 | 2016-06-02 | Ca, Inc. | Device identification based on deep fingerprint inspection |
WO2016169142A1 (en) * | 2015-04-20 | 2016-10-27 | 中兴通讯股份有限公司 | Method, terminal and system for identifying legitimacy of wireless access point and storage medium |
CN106302397A (en) * | 2016-07-29 | 2017-01-04 | 北京北信源软件股份有限公司 | A kind of equipment identification system based on device-fingerprint |
CN106878139A (en) * | 2017-03-17 | 2017-06-20 | 迈普通信技术股份有限公司 | Certification escape method and device based on 802.1X agreements |
CN106952096A (en) * | 2017-03-03 | 2017-07-14 | 中国工商银行股份有限公司 | Security certification system, method and the credible identifying device of client of client device |
CN107438076A (en) * | 2017-08-10 | 2017-12-05 | 上海斐讯数据通信技术有限公司 | A kind of network verifying system and its verification method based on fingerprint |
CN107682372A (en) * | 2017-11-21 | 2018-02-09 | 北京安博通科技股份有限公司 | User profile for Portal escapes obtains and authentication method, device and access device |
US20180123894A1 (en) * | 2016-11-03 | 2018-05-03 | Qadium, Inc. | Fingerprint determination for network mapping |
WO2018121387A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Security verification method, platform, apparatus and system |
CN108769016A (en) * | 2018-05-29 | 2018-11-06 | 新华三信息安全技术有限公司 | A kind of processing method and processing device of service message |
CN110324310A (en) * | 2019-05-21 | 2019-10-11 | 国家工业信息安全发展研究中心 | Networked asset fingerprint identification method, system and equipment |
CN111368595A (en) * | 2018-12-26 | 2020-07-03 | 广州灵刃信息科技有限公司 | System for identifying equipment fingerprint |
CN111585953A (en) * | 2020-03-25 | 2020-08-25 | 全球能源互联网研究院有限公司 | Method and system for judging network access validity of local area network terminal equipment |
CN111614684A (en) * | 2020-05-25 | 2020-09-01 | 中京天裕科技(北京)有限公司 | Industrial equipment security terminal authentication system and authentication method |
CN112312400A (en) * | 2020-10-15 | 2021-02-02 | 新华三大数据技术有限公司 | Access control method, access controller and storage medium |
CN112714045A (en) * | 2020-12-31 | 2021-04-27 | 浙江远望信息股份有限公司 | Rapid protocol identification method based on equipment fingerprint and port |
CN112839331A (en) * | 2019-11-22 | 2021-05-25 | 武汉神州数码云科网络技术有限公司 | User information authentication method for wireless local area network Portal authentication escape |
-
2021
- 2021-07-27 CN CN202110847841.6A patent/CN113572773A/en active Pending
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1744494A (en) * | 2005-09-30 | 2006-03-08 | 广东省电信有限公司研究院 | Access authentication system and method by verifying safety of accessing host |
US20160155128A1 (en) * | 2014-12-02 | 2016-06-02 | Ca, Inc. | Device identification based on deep fingerprint inspection |
WO2016169142A1 (en) * | 2015-04-20 | 2016-10-27 | 中兴通讯股份有限公司 | Method, terminal and system for identifying legitimacy of wireless access point and storage medium |
CN106302397A (en) * | 2016-07-29 | 2017-01-04 | 北京北信源软件股份有限公司 | A kind of equipment identification system based on device-fingerprint |
US20180123894A1 (en) * | 2016-11-03 | 2018-05-03 | Qadium, Inc. | Fingerprint determination for network mapping |
WO2018121387A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Security verification method, platform, apparatus and system |
CN106952096A (en) * | 2017-03-03 | 2017-07-14 | 中国工商银行股份有限公司 | Security certification system, method and the credible identifying device of client of client device |
CN106878139A (en) * | 2017-03-17 | 2017-06-20 | 迈普通信技术股份有限公司 | Certification escape method and device based on 802.1X agreements |
CN107438076A (en) * | 2017-08-10 | 2017-12-05 | 上海斐讯数据通信技术有限公司 | A kind of network verifying system and its verification method based on fingerprint |
CN107682372A (en) * | 2017-11-21 | 2018-02-09 | 北京安博通科技股份有限公司 | User profile for Portal escapes obtains and authentication method, device and access device |
CN108769016A (en) * | 2018-05-29 | 2018-11-06 | 新华三信息安全技术有限公司 | A kind of processing method and processing device of service message |
CN111368595A (en) * | 2018-12-26 | 2020-07-03 | 广州灵刃信息科技有限公司 | System for identifying equipment fingerprint |
CN110324310A (en) * | 2019-05-21 | 2019-10-11 | 国家工业信息安全发展研究中心 | Networked asset fingerprint identification method, system and equipment |
CN112839331A (en) * | 2019-11-22 | 2021-05-25 | 武汉神州数码云科网络技术有限公司 | User information authentication method for wireless local area network Portal authentication escape |
CN111585953A (en) * | 2020-03-25 | 2020-08-25 | 全球能源互联网研究院有限公司 | Method and system for judging network access validity of local area network terminal equipment |
CN111614684A (en) * | 2020-05-25 | 2020-09-01 | 中京天裕科技(北京)有限公司 | Industrial equipment security terminal authentication system and authentication method |
CN112312400A (en) * | 2020-10-15 | 2021-02-02 | 新华三大数据技术有限公司 | Access control method, access controller and storage medium |
CN112714045A (en) * | 2020-12-31 | 2021-04-27 | 浙江远望信息股份有限公司 | Rapid protocol identification method based on equipment fingerprint and port |
Non-Patent Citations (3)
Title |
---|
吴亮亮: "基于VN的网络准入控制系统", 《中国优秀硕士学位论文全文数据库信息科技辑》, no. 06, pages 2 - 4 * |
吴亮亮: "基于VN的网络准入控制系统", 《中国优秀硕士学位论文全文数据库信息科技辑2016》 * |
吴亮亮: "基于VN的网络准入控制系统", 《中国优秀硕士学位论文全文数据库信息科技辑2016》, no. 06, 15 June 2016 (2016-06-15), pages 2 - 4 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114039797A (en) * | 2021-11-26 | 2022-02-11 | 新华三大数据技术有限公司 | Multi-factor authentication escape method and cloud platform |
CN114039797B (en) * | 2021-11-26 | 2024-03-08 | 新华三大数据技术有限公司 | Multi-factor authentication escape method and cloud platform |
CN114338777A (en) * | 2021-12-22 | 2022-04-12 | 迈普通信技术股份有限公司 | Escape control method and device |
CN114338777B (en) * | 2021-12-22 | 2024-04-09 | 迈普通信技术股份有限公司 | Escape control method and device |
CN114285819A (en) * | 2021-12-29 | 2022-04-05 | 深圳市共进电子股份有限公司 | Method and device for visiting intranet by visitor network, computer equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109787988B (en) | Identity strengthening authentication and authorization method and device | |
CN113572773A (en) | Access equipment and terminal access control method | |
US8024488B2 (en) | Methods and apparatus to validate configuration of computerized devices | |
US7752320B2 (en) | Method and apparatus for content based authentication for network access | |
CN111770071B (en) | Method and device for gateway authentication of trusted device in network stealth scene | |
CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
US20080189772A1 (en) | Method for generating digital fingerprint using pseudo random number code | |
CN110856174B (en) | Access authentication system, method, device, computer equipment and storage medium | |
CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
CN112613020A (en) | Identity verification method and device | |
CN102307099A (en) | Authentication method and system as well as authentication server | |
CN115333840A (en) | Resource access method, system, device and storage medium | |
CN112272089A (en) | Cloud host login method, device, equipment and computer readable storage medium | |
CN115001770A (en) | Zero-trust-based service access control system and control method | |
US20200218819A1 (en) | Sfs access control method and system, sfs and terminal device | |
CN116192497A (en) | Network access and user authentication safe interaction method based on zero trust system | |
KR20120134942A (en) | Authentification agent and method for authentificating online service and system thereof | |
CN105915557B (en) | Network authentication method, access control method and network access equipment | |
CN105451225B (en) | Access authentication method and access authentication equipment | |
CN115118442B (en) | Port protection method and device under software defined boundary framework | |
US11177958B2 (en) | Protection of authentication tokens | |
US11550932B2 (en) | Method for a terminal to acquire and access data | |
CN106412904B (en) | Method and system for preventing counterfeit user authentication authority | |
US10412097B1 (en) | Method and system for providing distributed authentication | |
CN114386063A (en) | Authentication system, method and device for accessing data of Internet of things equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211029 |
|
RJ01 | Rejection of invention patent application after publication |