CN114257445A - Signal control method for preventing instant multi-dialing authentication access of user - Google Patents
Signal control method for preventing instant multi-dialing authentication access of user Download PDFInfo
- Publication number
- CN114257445A CN114257445A CN202111563851.3A CN202111563851A CN114257445A CN 114257445 A CN114257445 A CN 114257445A CN 202111563851 A CN202111563851 A CN 202111563851A CN 114257445 A CN114257445 A CN 114257445A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- dialing
- time
- blacklist
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a signal control method for preventing a user from accessing an instant multi-dialing authentication, which is characterized in that a corresponding blacklist management mechanism is established, whether the user is a blacklist user and the latest Internet access authentication time information are obtained when the user is authenticated, if the user is in the blacklist and the latest Internet access time is out of the forbidden dialing time range of surfing the Internet again, the Internet access authentication time of the user in the blacklist is updated, the time is accurate to microsecond, and a service system is used for solving the problem that the user cannot perform session number verification on the Internet access authentication request at the same time under the condition of avoiding sessions by using a database line-level locking mechanism.
Description
Technical Field
The invention relates to the technical field of width access, in particular to a signal control method for preventing a user from instant multi-dial authentication access.
Background
In the daily operation and maintenance process of broadband network service of telecom operators, under the operation environment of high-flow and high-concurrency service, users are often found to utilize dialing software to carry out instantaneous concurrent dialing, and in this case, because a telecom operator authentication system does not establish user session information, the aim of controlling the session number service by the telecom operators is achieved, and the purpose of occupying more bandwidth resources is achieved.
Disclosure of Invention
The invention aims to provide a signal control method for preventing a user from accessing to multi-dial authentication instantly.
The technical scheme adopted by the invention is as follows:
a method of signaling to prevent instant multi-dial authentication access by a user, comprising the steps of:
step 1, establishing a black and white list user mechanism, establishing a new broadband user which defaults to a black list user,
step 2, when the user dials the number on the internet, the user information is acquired to carry out preposed authentication;
step 3, judging whether the preposed authentication passes; if yes, reading a user blacklist and the latest internet access authentication time information and executing the step 4; otherwise, the authentication fails and the current dialing is disconnected;
step 4, judging whether the user is a blacklist user or not; if yes, executing step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the dial-up for surfing the Internet again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails and the current dialing is disconnected;
step 6, judging whether the current dialing affair is in lock conflict, namely one record is modified by another affair at the same time (one record is only allowed to be modified by one affair at the same time by using a database affair lock management mechanism); if yes, the current dialing is disconnected due to authentication failure; otherwise, executing step 7;
step 7, judging whether the user carries out the Nonly authentication, namely judging whether the number of the online sessions of the user account is legal or not, wherein the number of the online sessions of the user account is not more than the specified number (an algorithm that an application system controls the user account to only allow the specified number of sessions to be online at the same time); if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
Further, in the step 1, only the user who designates the white list domain name is prohibited to be placed in the black list user management table; when the user sells the user, the data in the blacklist user table is cleared.
Further, the pre-authentication in step 2 includes username and password verification, shutdown verification, and binding verification.
Further, in step 5, the condition of the dial-up time allowed for surfing the internet again is that the dial-up time can not be redialed 10 seconds after the last dial-up time.
Further, in step 5, in order to adapt to a high-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level.
Further, a database row-level lock mechanism is used in step 6, so that the problem that the service system cannot perform session number verification when processing the user internet access authentication request at the same time under the condition of no session is avoided.
By adopting the technical scheme, whether the user is blacklisted and the latest internet access authentication time information are obtained when the user is authenticated by accessing the internet through establishing a corresponding blacklist management mechanism, if the user is in the blacklist and the user is prohibited from accessing the internet again within the time range of the latest internet access time (in order to adapt to the large-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level), the internet access authentication time of the user in the blacklist is updated, the time is accurate to microsecond level, and the problem that the session number cannot be verified when the user simultaneously accesses the internet authentication request is processed by a service system under the condition of no session is solved by utilizing a database line level locking mechanism.
Drawings
The invention is described in further detail below with reference to the accompanying drawings and the detailed description;
FIG. 1 is a schematic diagram of a configuration of a method for preventing a user from accessing an instant multi-dial authentication according to the present invention;
fig. 2 is a flow chart illustrating a method for preventing a user from accessing to a multi-dial authentication device instantly according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
As shown in fig. 1 or 2, the invention discloses a signal control method for preventing a user from instant multi-dialing authentication access, which comprises the following steps:
step 1, establishing a black and white list user mechanism, establishing a new broadband user which defaults to a black list user,
step 2, when the user dials the number on the internet, the user information is acquired to carry out preposed authentication;
step 3, judging whether the preposed authentication passes; if yes, reading a user blacklist and the latest internet access authentication time information and executing the step 4; otherwise, the authentication fails and the current dialing is disconnected;
step 4, judging whether the user is a blacklist user or not; if yes, executing step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the dial-up for surfing the Internet again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails and the current dialing is disconnected;
step 6, judging whether the current dialing affair is in lock conflict, namely one record is modified by another affair at the same time (one record is only allowed to be modified by one affair at the same time by using a database affair lock management mechanism); if yes, the current dialing is disconnected due to authentication failure; otherwise, executing step 7;
step 7, judging whether the user carries out the Nonly authentication, namely judging whether the number of the online sessions of the user account is legal or not, wherein the number of the online sessions of the user account is not more than the specified number (an algorithm that an application system controls the user account to only allow the specified number of sessions to be online at the same time); if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
Further, in the step 1, only the user who designates the white list domain name is prohibited to be placed in the black list user management table; when the user sells the user, the data in the blacklist user table is cleared.
Further, the pre-authentication in step 2 includes username and password verification, shutdown verification, and binding verification.
Further, in step 5, the condition of the dial-up time allowed for surfing the internet again is that the dial-up time can not be redialed 10 seconds after the last dial-up time.
Further, in step 5, in order to adapt to a high-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level.
Further, a database row-level lock mechanism is used in step 6, so that the problem that the service system cannot perform session number verification when processing the user internet access authentication request at the same time under the condition of no session is avoided.
By adopting the technical scheme, whether the user is blacklisted and the latest internet access authentication time information are obtained when the user is authenticated by accessing the internet through establishing a corresponding blacklist management mechanism, if the user is in the blacklist and the user is prohibited from accessing the internet again within the time range of the latest internet access time (in order to adapt to the large-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level), the internet access authentication time of the user in the blacklist is updated, the time is accurate to microsecond level, and the problem that the session number cannot be verified when the user simultaneously accesses the internet authentication request is processed by a service system under the condition of no session is solved by utilizing a database line level locking mechanism.
It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. The embodiments and features of the embodiments in the present application may be combined with each other without conflict. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments of the present application is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Claims (7)
1. A signal control method for preventing instant multi-dialing authentication access of a user is characterized in that: which comprises the following steps:
step 1, establishing a black and white list user mechanism, establishing a new broadband user which defaults to a black list user,
step 2, when the user dials the number on the internet, the user information is acquired to carry out preposed authentication;
step 3, judging whether the preposed authentication passes; if yes, reading a user blacklist and the latest internet access authentication time information and executing the step 4; otherwise, the authentication fails and the current dialing is disconnected;
step 4, judging whether the user is a blacklist user or not; if yes, executing step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the dial-up for surfing the Internet again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails and the current dialing is disconnected;
step 6, judging whether the current dialing affair is in lock conflict, namely one record is modified by another affair at the same time; if yes, the current dialing is disconnected due to authentication failure; otherwise, executing step 7;
step 7, judging whether the user carries out the Nonly authentication, namely the number of the online sessions of the user account does not exceed the specified number; if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
2. The method of claim 1, wherein the method comprises: in step 1, only users with specified white list domain names are prohibited from being placed in a black list user management table.
3. The method of claim 1, wherein the method comprises: and (3) when the user gives the account in the step 1, clearing the data in the blacklist user table.
4. The method of claim 1, wherein the method comprises: the pre-authentication in the step 2 comprises user name and password verification, halt verification and binding verification.
5. The method of claim 1, wherein the method comprises: in step 5, the condition of the dial-up time allowed for surfing the internet again is that the dial-up time can be redialed only 10 seconds after the last dial-up time.
6. The method of claim 1, wherein the method comprises: and under the high-flow high-concurrency service operation environment, the time comparison in the step 5 is accurate to microsecond level.
7. The method of claim 1, wherein the method comprises: and 6, a database row-level locking mechanism is utilized to avoid the problem that the service system cannot perform session number verification when processing the user simultaneous internet access authentication request under the condition of no session.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111563851.3A CN114257445B (en) | 2021-12-20 | 2021-12-20 | Information control method for preventing user from instant multi-dialing authentication access |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111563851.3A CN114257445B (en) | 2021-12-20 | 2021-12-20 | Information control method for preventing user from instant multi-dialing authentication access |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114257445A true CN114257445A (en) | 2022-03-29 |
CN114257445B CN114257445B (en) | 2023-05-26 |
Family
ID=80796020
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111563851.3A Active CN114257445B (en) | 2021-12-20 | 2021-12-20 | Information control method for preventing user from instant multi-dialing authentication access |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114257445B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115085973A (en) * | 2022-05-17 | 2022-09-20 | 度小满科技(北京)有限公司 | White list processing method and device, storage medium and computer terminal |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6088451A (en) * | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US20020090089A1 (en) * | 2001-01-05 | 2002-07-11 | Steven Branigan | Methods and apparatus for secure wireless networking |
JP2003178029A (en) * | 2001-12-12 | 2003-06-27 | Nec Corp | Authentication managing system and method, authentication server, session managing server and program |
US20080220740A1 (en) * | 2007-03-09 | 2008-09-11 | Cisco Technology, Inc. | Blacklisting of unlicensed mobile access (UMA) users via AAA policy database |
CN102257790A (en) * | 2009-11-26 | 2011-11-23 | 华为技术有限公司 | Method, system and device for user dial authentication |
CN105516064A (en) * | 2014-09-26 | 2016-04-20 | 中国移动通信集团浙江有限公司 | Dialing device bandwidth access method, dialing device bandwidth access device, and server |
-
2021
- 2021-12-20 CN CN202111563851.3A patent/CN114257445B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6088451A (en) * | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US20020090089A1 (en) * | 2001-01-05 | 2002-07-11 | Steven Branigan | Methods and apparatus for secure wireless networking |
JP2003178029A (en) * | 2001-12-12 | 2003-06-27 | Nec Corp | Authentication managing system and method, authentication server, session managing server and program |
US20080220740A1 (en) * | 2007-03-09 | 2008-09-11 | Cisco Technology, Inc. | Blacklisting of unlicensed mobile access (UMA) users via AAA policy database |
CN102257790A (en) * | 2009-11-26 | 2011-11-23 | 华为技术有限公司 | Method, system and device for user dial authentication |
CN105516064A (en) * | 2014-09-26 | 2016-04-20 | 中国移动通信集团浙江有限公司 | Dialing device bandwidth access method, dialing device bandwidth access device, and server |
Non-Patent Citations (2)
Title |
---|
叶群桥 等: "宽带接入中的认证技术分析", 《电脑知识与技术》 * |
李林江: "WLAN无感知认证关键技术探讨", 《电信科学》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115085973A (en) * | 2022-05-17 | 2022-09-20 | 度小满科技(北京)有限公司 | White list processing method and device, storage medium and computer terminal |
CN115085973B (en) * | 2022-05-17 | 2024-03-12 | 度小满科技(北京)有限公司 | White list processing method, white list processing device, storage medium and computer terminal |
Also Published As
Publication number | Publication date |
---|---|
CN114257445B (en) | 2023-05-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220078179A1 (en) | Zero sign-on authentication | |
AU760714B2 (en) | Method and system for verifying the authenticity of a first communication participants in a communications network | |
US5721780A (en) | User-transparent security method and apparatus for authenticating user terminal access to a network | |
EP1221098B1 (en) | An access control method | |
KR20060117319A (en) | Method for managing the security of applications with a security module | |
US9942391B2 (en) | Conference access method and apparatus | |
CN106060034A (en) | Account login method and device | |
CN112492602B (en) | 5G terminal safety access device, system and equipment | |
US20090260066A1 (en) | Single Sign-On To Administer Target Systems with Disparate Security Models | |
GB2573262A (en) | Mobile identification method based on SIM card and device-related parameters | |
CN114257445A (en) | Signal control method for preventing instant multi-dialing authentication access of user | |
CN107766717B (en) | Access control method, device and system | |
CN111245791B (en) | Single sign-on method for realizing management and IT service through reverse proxy | |
CN115567310A (en) | Client secure distribution method based on network stealth in zero trust mode | |
CN115277237A (en) | Control method and device for accessing mobile terminal to enterprise intranet | |
CN112534880B (en) | Computer-implemented method and network access server for connecting a network component to a network, in particular a mobile radio network, using an extended network access identifier | |
JP3703477B1 (en) | Connection position validity judgment method and apparatus | |
KR100964505B1 (en) | Security method and apparatus for web-applications using security tag | |
KR20090126798A (en) | Login authentication method using call to communication terminal | |
KR101015402B1 (en) | Security method and apparatus for web-applications using security tag | |
US8595795B2 (en) | Administration of computer telephony applications that are connected to a private branch exchange via a local network | |
CN117579749A (en) | IP telephone access method, device, equipment and storage medium | |
KR20230100183A (en) | Reverse access system for network using dynamic port | |
CN113849719A (en) | Cross-platform and cross-region website content monitoring and shutdown system | |
CN113573315A (en) | Privacy number platform control system and method for protecting core network security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |