CN114257445A - Signal control method for preventing instant multi-dialing authentication access of user - Google Patents

Signal control method for preventing instant multi-dialing authentication access of user Download PDF

Info

Publication number
CN114257445A
CN114257445A CN202111563851.3A CN202111563851A CN114257445A CN 114257445 A CN114257445 A CN 114257445A CN 202111563851 A CN202111563851 A CN 202111563851A CN 114257445 A CN114257445 A CN 114257445A
Authority
CN
China
Prior art keywords
user
authentication
dialing
time
blacklist
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111563851.3A
Other languages
Chinese (zh)
Other versions
CN114257445B (en
Inventor
李永明
曹万俊
王雄奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Fufu Information Technology Co Ltd
Original Assignee
China Telecom Fufu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Fufu Information Technology Co Ltd filed Critical China Telecom Fufu Information Technology Co Ltd
Priority to CN202111563851.3A priority Critical patent/CN114257445B/en
Publication of CN114257445A publication Critical patent/CN114257445A/en
Application granted granted Critical
Publication of CN114257445B publication Critical patent/CN114257445B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention discloses a signal control method for preventing a user from accessing an instant multi-dialing authentication, which is characterized in that a corresponding blacklist management mechanism is established, whether the user is a blacklist user and the latest Internet access authentication time information are obtained when the user is authenticated, if the user is in the blacklist and the latest Internet access time is out of the forbidden dialing time range of surfing the Internet again, the Internet access authentication time of the user in the blacklist is updated, the time is accurate to microsecond, and a service system is used for solving the problem that the user cannot perform session number verification on the Internet access authentication request at the same time under the condition of avoiding sessions by using a database line-level locking mechanism.

Description

Signal control method for preventing instant multi-dialing authentication access of user
Technical Field
The invention relates to the technical field of width access, in particular to a signal control method for preventing a user from instant multi-dial authentication access.
Background
In the daily operation and maintenance process of broadband network service of telecom operators, under the operation environment of high-flow and high-concurrency service, users are often found to utilize dialing software to carry out instantaneous concurrent dialing, and in this case, because a telecom operator authentication system does not establish user session information, the aim of controlling the session number service by the telecom operators is achieved, and the purpose of occupying more bandwidth resources is achieved.
Disclosure of Invention
The invention aims to provide a signal control method for preventing a user from accessing to multi-dial authentication instantly.
The technical scheme adopted by the invention is as follows:
a method of signaling to prevent instant multi-dial authentication access by a user, comprising the steps of:
step 1, establishing a black and white list user mechanism, establishing a new broadband user which defaults to a black list user,
step 2, when the user dials the number on the internet, the user information is acquired to carry out preposed authentication;
step 3, judging whether the preposed authentication passes; if yes, reading a user blacklist and the latest internet access authentication time information and executing the step 4; otherwise, the authentication fails and the current dialing is disconnected;
step 4, judging whether the user is a blacklist user or not; if yes, executing step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the dial-up for surfing the Internet again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails and the current dialing is disconnected;
step 6, judging whether the current dialing affair is in lock conflict, namely one record is modified by another affair at the same time (one record is only allowed to be modified by one affair at the same time by using a database affair lock management mechanism); if yes, the current dialing is disconnected due to authentication failure; otherwise, executing step 7;
step 7, judging whether the user carries out the Nonly authentication, namely judging whether the number of the online sessions of the user account is legal or not, wherein the number of the online sessions of the user account is not more than the specified number (an algorithm that an application system controls the user account to only allow the specified number of sessions to be online at the same time); if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
Further, in the step 1, only the user who designates the white list domain name is prohibited to be placed in the black list user management table; when the user sells the user, the data in the blacklist user table is cleared.
Further, the pre-authentication in step 2 includes username and password verification, shutdown verification, and binding verification.
Further, in step 5, the condition of the dial-up time allowed for surfing the internet again is that the dial-up time can not be redialed 10 seconds after the last dial-up time.
Further, in step 5, in order to adapt to a high-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level.
Further, a database row-level lock mechanism is used in step 6, so that the problem that the service system cannot perform session number verification when processing the user internet access authentication request at the same time under the condition of no session is avoided.
By adopting the technical scheme, whether the user is blacklisted and the latest internet access authentication time information are obtained when the user is authenticated by accessing the internet through establishing a corresponding blacklist management mechanism, if the user is in the blacklist and the user is prohibited from accessing the internet again within the time range of the latest internet access time (in order to adapt to the large-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level), the internet access authentication time of the user in the blacklist is updated, the time is accurate to microsecond level, and the problem that the session number cannot be verified when the user simultaneously accesses the internet authentication request is processed by a service system under the condition of no session is solved by utilizing a database line level locking mechanism.
Drawings
The invention is described in further detail below with reference to the accompanying drawings and the detailed description;
FIG. 1 is a schematic diagram of a configuration of a method for preventing a user from accessing an instant multi-dial authentication according to the present invention;
fig. 2 is a flow chart illustrating a method for preventing a user from accessing to a multi-dial authentication device instantly according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
As shown in fig. 1 or 2, the invention discloses a signal control method for preventing a user from instant multi-dialing authentication access, which comprises the following steps:
step 1, establishing a black and white list user mechanism, establishing a new broadband user which defaults to a black list user,
step 2, when the user dials the number on the internet, the user information is acquired to carry out preposed authentication;
step 3, judging whether the preposed authentication passes; if yes, reading a user blacklist and the latest internet access authentication time information and executing the step 4; otherwise, the authentication fails and the current dialing is disconnected;
step 4, judging whether the user is a blacklist user or not; if yes, executing step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the dial-up for surfing the Internet again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails and the current dialing is disconnected;
step 6, judging whether the current dialing affair is in lock conflict, namely one record is modified by another affair at the same time (one record is only allowed to be modified by one affair at the same time by using a database affair lock management mechanism); if yes, the current dialing is disconnected due to authentication failure; otherwise, executing step 7;
step 7, judging whether the user carries out the Nonly authentication, namely judging whether the number of the online sessions of the user account is legal or not, wherein the number of the online sessions of the user account is not more than the specified number (an algorithm that an application system controls the user account to only allow the specified number of sessions to be online at the same time); if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
Further, in the step 1, only the user who designates the white list domain name is prohibited to be placed in the black list user management table; when the user sells the user, the data in the blacklist user table is cleared.
Further, the pre-authentication in step 2 includes username and password verification, shutdown verification, and binding verification.
Further, in step 5, the condition of the dial-up time allowed for surfing the internet again is that the dial-up time can not be redialed 10 seconds after the last dial-up time.
Further, in step 5, in order to adapt to a high-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level.
Further, a database row-level lock mechanism is used in step 6, so that the problem that the service system cannot perform session number verification when processing the user internet access authentication request at the same time under the condition of no session is avoided.
By adopting the technical scheme, whether the user is blacklisted and the latest internet access authentication time information are obtained when the user is authenticated by accessing the internet through establishing a corresponding blacklist management mechanism, if the user is in the blacklist and the user is prohibited from accessing the internet again within the time range of the latest internet access time (in order to adapt to the large-flow high-concurrency service operation environment, the time comparison is accurate to microsecond level), the internet access authentication time of the user in the blacklist is updated, the time is accurate to microsecond level, and the problem that the session number cannot be verified when the user simultaneously accesses the internet authentication request is processed by a service system under the condition of no session is solved by utilizing a database line level locking mechanism.
It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. The embodiments and features of the embodiments in the present application may be combined with each other without conflict. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the detailed description of the embodiments of the present application is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

Claims (7)

1. A signal control method for preventing instant multi-dialing authentication access of a user is characterized in that: which comprises the following steps:
step 1, establishing a black and white list user mechanism, establishing a new broadband user which defaults to a black list user,
step 2, when the user dials the number on the internet, the user information is acquired to carry out preposed authentication;
step 3, judging whether the preposed authentication passes; if yes, reading a user blacklist and the latest internet access authentication time information and executing the step 4; otherwise, the authentication fails and the current dialing is disconnected;
step 4, judging whether the user is a blacklist user or not; if yes, executing step 5; otherwise, carrying out subsequent dialing;
step 5, judging whether the blacklist user is in the time range of allowing the dial-up for surfing the Internet again; if yes, updating the latest dialing time of the corresponding user in the user one-number multi-dialing information table and executing the step 6; otherwise, the authentication fails and the current dialing is disconnected;
step 6, judging whether the current dialing affair is in lock conflict, namely one record is modified by another affair at the same time; if yes, the current dialing is disconnected due to authentication failure; otherwise, executing step 7;
step 7, judging whether the user carries out the Nonly authentication, namely the number of the online sessions of the user account does not exceed the specified number; if yes, carrying out subsequent dialing; otherwise, the authentication fails to disconnect the current dialing.
2. The method of claim 1, wherein the method comprises: in step 1, only users with specified white list domain names are prohibited from being placed in a black list user management table.
3. The method of claim 1, wherein the method comprises: and (3) when the user gives the account in the step 1, clearing the data in the blacklist user table.
4. The method of claim 1, wherein the method comprises: the pre-authentication in the step 2 comprises user name and password verification, halt verification and binding verification.
5. The method of claim 1, wherein the method comprises: in step 5, the condition of the dial-up time allowed for surfing the internet again is that the dial-up time can be redialed only 10 seconds after the last dial-up time.
6. The method of claim 1, wherein the method comprises: and under the high-flow high-concurrency service operation environment, the time comparison in the step 5 is accurate to microsecond level.
7. The method of claim 1, wherein the method comprises: and 6, a database row-level locking mechanism is utilized to avoid the problem that the service system cannot perform session number verification when processing the user simultaneous internet access authentication request under the condition of no session.
CN202111563851.3A 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access Active CN114257445B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111563851.3A CN114257445B (en) 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111563851.3A CN114257445B (en) 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access

Publications (2)

Publication Number Publication Date
CN114257445A true CN114257445A (en) 2022-03-29
CN114257445B CN114257445B (en) 2023-05-26

Family

ID=80796020

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111563851.3A Active CN114257445B (en) 2021-12-20 2021-12-20 Information control method for preventing user from instant multi-dialing authentication access

Country Status (1)

Country Link
CN (1) CN114257445B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085973A (en) * 2022-05-17 2022-09-20 度小满科技(北京)有限公司 White list processing method and device, storage medium and computer terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
US20020090089A1 (en) * 2001-01-05 2002-07-11 Steven Branigan Methods and apparatus for secure wireless networking
JP2003178029A (en) * 2001-12-12 2003-06-27 Nec Corp Authentication managing system and method, authentication server, session managing server and program
US20080220740A1 (en) * 2007-03-09 2008-09-11 Cisco Technology, Inc. Blacklisting of unlicensed mobile access (UMA) users via AAA policy database
CN102257790A (en) * 2009-11-26 2011-11-23 华为技术有限公司 Method, system and device for user dial authentication
CN105516064A (en) * 2014-09-26 2016-04-20 中国移动通信集团浙江有限公司 Dialing device bandwidth access method, dialing device bandwidth access device, and server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6088451A (en) * 1996-06-28 2000-07-11 Mci Communications Corporation Security system and method for network element access
US20020090089A1 (en) * 2001-01-05 2002-07-11 Steven Branigan Methods and apparatus for secure wireless networking
JP2003178029A (en) * 2001-12-12 2003-06-27 Nec Corp Authentication managing system and method, authentication server, session managing server and program
US20080220740A1 (en) * 2007-03-09 2008-09-11 Cisco Technology, Inc. Blacklisting of unlicensed mobile access (UMA) users via AAA policy database
CN102257790A (en) * 2009-11-26 2011-11-23 华为技术有限公司 Method, system and device for user dial authentication
CN105516064A (en) * 2014-09-26 2016-04-20 中国移动通信集团浙江有限公司 Dialing device bandwidth access method, dialing device bandwidth access device, and server

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
叶群桥 等: "宽带接入中的认证技术分析", 《电脑知识与技术》 *
李林江: "WLAN无感知认证关键技术探讨", 《电信科学》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085973A (en) * 2022-05-17 2022-09-20 度小满科技(北京)有限公司 White list processing method and device, storage medium and computer terminal
CN115085973B (en) * 2022-05-17 2024-03-12 度小满科技(北京)有限公司 White list processing method, white list processing device, storage medium and computer terminal

Also Published As

Publication number Publication date
CN114257445B (en) 2023-05-26

Similar Documents

Publication Publication Date Title
US20220078179A1 (en) Zero sign-on authentication
AU760714B2 (en) Method and system for verifying the authenticity of a first communication participants in a communications network
US5721780A (en) User-transparent security method and apparatus for authenticating user terminal access to a network
EP1221098B1 (en) An access control method
KR20060117319A (en) Method for managing the security of applications with a security module
US9942391B2 (en) Conference access method and apparatus
CN106060034A (en) Account login method and device
CN112492602B (en) 5G terminal safety access device, system and equipment
US20090260066A1 (en) Single Sign-On To Administer Target Systems with Disparate Security Models
GB2573262A (en) Mobile identification method based on SIM card and device-related parameters
CN114257445A (en) Signal control method for preventing instant multi-dialing authentication access of user
CN107766717B (en) Access control method, device and system
CN111245791B (en) Single sign-on method for realizing management and IT service through reverse proxy
CN115567310A (en) Client secure distribution method based on network stealth in zero trust mode
CN115277237A (en) Control method and device for accessing mobile terminal to enterprise intranet
CN112534880B (en) Computer-implemented method and network access server for connecting a network component to a network, in particular a mobile radio network, using an extended network access identifier
JP3703477B1 (en) Connection position validity judgment method and apparatus
KR100964505B1 (en) Security method and apparatus for web-applications using security tag
KR20090126798A (en) Login authentication method using call to communication terminal
KR101015402B1 (en) Security method and apparatus for web-applications using security tag
US8595795B2 (en) Administration of computer telephony applications that are connected to a private branch exchange via a local network
CN117579749A (en) IP telephone access method, device, equipment and storage medium
KR20230100183A (en) Reverse access system for network using dynamic port
CN113849719A (en) Cross-platform and cross-region website content monitoring and shutdown system
CN113573315A (en) Privacy number platform control system and method for protecting core network security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant