CN114462011A - Safety browser with identity authentication screen locking interface and terminal authority control - Google Patents

Safety browser with identity authentication screen locking interface and terminal authority control Download PDF

Info

Publication number
CN114462011A
CN114462011A CN202210055896.8A CN202210055896A CN114462011A CN 114462011 A CN114462011 A CN 114462011A CN 202210055896 A CN202210055896 A CN 202210055896A CN 114462011 A CN114462011 A CN 114462011A
Authority
CN
China
Prior art keywords
browser
login
terminal
screen locking
locking interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210055896.8A
Other languages
Chinese (zh)
Inventor
聂奇彪
王皓
孙宇鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian Ninelock Network Co ltd
Original Assignee
Dalian Ninelock Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian Ninelock Network Co ltd filed Critical Dalian Ninelock Network Co ltd
Priority to CN202210055896.8A priority Critical patent/CN114462011A/en
Publication of CN114462011A publication Critical patent/CN114462011A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9554Retrieval from the web using information identifiers, e.g. uniform resource locators [URL] by using bar codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a safe browser with an identity authentication screen locking interface and terminal authority management, relates to the technical field of information safety, and is additionally provided with functions of login screen locking, authority control, shared login and the like. The login screen locking part comprises three login modes of one-key login, code scanning login and PIN code login; the authority control comprises two parts of application program running control and U disk reading control. The browser is suitable for a sharing scene, when a user uses the browser for the first time, a unified default strategy is configured, all usage records generated during personal account login are uploaded to a server for backup, and after the user logs in browsers of different hosts through the personal account, the user can only see the usage records, the personal settings and the like. The invention achieves the purpose of simultaneously protecting the shared terminal and the browser by carrying out user personalized authority configuration after the user is bound with the identity of the user login operating system.

Description

Safety browser with identity authentication screen locking interface and terminal authority control
Technical Field
The invention relates to the field of information security, in particular to a secure browser with an identity authentication screen locking interface and terminal authority management.
Background
A browser is an application that displays files within a web server or file system and lets a user interact with those files. The general browser has the functions of browsing web pages, bookmarks, collecting, downloading, searching and the like, and under the scenes of offices, study, entertainment and the like of enterprises, schools, internet bars and the like which need a plurality of people to share the terminal, the browser also has the function of realizing the sharing of the terminal.
However, when implementing a shared terminal by a browser, only the security of the terminal is often considered, but the protection of the browser is ignored.
Disclosure of Invention
In view of the above, the present invention provides a secure browser with an identity authentication screen locking interface and a terminal authority control function, which can control a controlled terminal, implement a shared terminal that is logged in by multiple people at the same terminal, is not interfered with each other, is not visible, and ensure that the terminal is in a secure state during the use of the browser; more importantly, the invention achieves the purpose of simultaneously protecting the shared terminal and the shared browser by carrying out user personalized authority configuration after the user personalized authority configuration is bound with the identity of the user login operating system.
Therefore, the invention provides the following technical scheme:
the invention provides a security browser with an identity authentication screen locking interface and terminal authority control, wherein the security browser is installed at a controlled terminal and is self-started after the controlled terminal is started, and comprises a screen locking interface; the screen locking interface pops up after the safe browser is started; the safety browser manages and controls the controlled terminal according to the following modes:
the safe browser receives login identity information of a terminal user through the screen locking interface; and authenticating the login identity information of the terminal user;
if the authentication is successful, allowing the terminal user to log in the secure browser and using the controlled terminal through the secure browser; and if the authentication is unsuccessful, prohibiting the terminal user from logging in the secure browser.
Further, the receiving, by the secure browser, login identity information of the terminal user through the lock screen interface includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface, and submits browser information to a server side;
the browser secondary login process receives a two-dimensional code generated by a background server and displays the two-dimensional code on the screen locking interface, so that a terminal user can scan the two-dimensional code through a mobile terminal;
the background server receives a two-dimensional code scanning success notification fed back by the user mobile terminal and login identity information of the terminal user;
correspondingly, the authentication of the login identity information of the terminal user comprises the following steps:
the background server verifies the received login identity information, and if the verification fails, a verification failure notice is fed back to the user mobile terminal; and if the verification is successful, feeding back a two-dimensional code scanning success notice, login identity information and a history record corresponding to the login identity information to the secondary login process of the browser.
Further, the receiving, by the secure browser, login identity information of the terminal user through the lock screen interface includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the secondary login process of the browser receives personal account information input by the terminal user on the screen locking interface;
the browser secondary login process submits browser information and the received personal account information to a background server;
the background server of the browser verifies whether the personal account information exists, and if so, a one-key login request is sent to the mobile terminal of the terminal user, so that the mobile terminal of the terminal user pops up a one-key login request interface after receiving the one-key login request;
the background server receives login feedback information and login identity information sent by a mobile terminal of the terminal user through the one-key login request interface;
correspondingly, the authentication of the login identity information of the terminal user comprises the following steps:
the background server verifies the received login identity information, and if the verification fails, a verification failure notice is fed back to the user mobile terminal; and if the verification is successful, feeding back a two-dimensional code scanning success notice, login identity information and a history record corresponding to the login identity information to the secondary login process of the browser.
Further, the receiving, by the secure browser, login identity information of the terminal user through the lock screen interface includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the browser secondary login process receives personal account information input by a terminal user on the screen locking interface, and calls out a calculation formula corresponding to the personal account in a local background;
randomly generating a string of numbers by the secondary login process of the browser and displaying the string of numbers on the screen locking interface;
the secondary login process of the browser calculates the numbers according to the calculation formula to obtain a calculation result;
the secondary login process of the browser receives a PIN code input by the terminal user through the screen locking interface, and the PIN code is obtained by calculating the number by a mobile terminal of the terminal user according to a calculation formula corresponding to a personal account;
correspondingly, the authentication of the login identity information of the terminal user comprises the following steps:
and the secondary login process of the browser compares the calculation result with the PIN code, if the calculation result is consistent with the PIN code, the verification is successful, and if the calculation result is inconsistent with the PIN code, the verification is failed.
Furthermore, a background server of the secure browser is provided with an authority white list for performing authority control on the U disk and the application program.
Further, the security browser performs authority control on the usb disk, including:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the browser secondary login process receives a USB flash disk access notification sent by the controlled terminal;
the browser secondary login process reads the characteristic value of the accessed U disk;
the secondary login process of the browser judges whether the characteristic value of the accessed U disk is in a U disk authority white list or not, and if the characteristic value of the accessed U disk is not in the U disk authority white list, an instruction that the U disk is not allowed to be read is sent to a controlled terminal; and if the current USB flash disk is in the USB flash disk authority white list, sending an instruction for allowing the USB flash disk to be read to the controlled terminal.
Further, the secure browser performs authority control on the application program, including:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the secondary login process of the browser receives an application program starting notice sent by the controlled terminal;
the browser secondary login process reads the characteristic value of the application program;
the secondary login process of the browser judges whether the characteristic value of the application program is in an application program authority white list, and if the characteristic value of the application program is not in the application program authority white list, an instruction which does not allow the application program to be started is sent to a controlled terminal; and if the authority of the application program is in the white list, sending an instruction for allowing the application program to be started to the controlled terminal.
Further, still include: and binding the personal account of the mobile terminal of the user with the enterprise account through a background server of the browser.
The invention has the advantages and positive effects that:
according to the invention, the terminal login is controlled through the safety browser, the browser is automatically popped up when the controlled terminal is started, and the screen locking interface is popped up, so that the screen locking interface of operating systems such as Windows, Linux and the like can be completely replaced, all the use records are associated with the personal account, the use records of the personal account are uploaded to the cloud through the network, when the shared terminal logs out, the account clears all the internal memories and the use records of the account in the shared terminal, and the non-interference, complementation and visibility of the multi-user login terminal (non-simultaneous login) can be realized. The method is mainly applied to the scenes of offices, schools, internet bars and the like, learning, entertainment and the need of sharing the terminal by multiple people.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a diagram illustrating a binding process according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a screen lock login process according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating another screen lock login process according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating another lock screen login process according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a privilege setting process according to an embodiment of the present invention;
FIG. 6 is a schematic flow chart of the U-coil control in the embodiment of the present invention;
fig. 7 is a schematic view illustrating an application management and control flow according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention provides a safe browser with an identity authentication screen locking interface and terminal authority management, which is added with functions of login screen locking, authority control, shared login and the like on the basis of functions of browsing a webpage, bookmarking, collecting, downloading, searching and the like of a common browser. The login screen locking part comprises three login modes of one-key login, code scanning login and PIN code login; the authority control comprises two parts of application program running control and U disk reading control. The browser is suitable for a shared terminal scene, when a user uses the browser for the first time, a unified default strategy is configured, all usage records generated during personal account login are uploaded to a server for backup, and after the user logs in browsers of different hosts through the personal account, the user can only see the usage records, the personal settings and the like.
The following procedures mainly related to the security browser in the present invention are a binding procedure, a login procedure (scanning two-dimensional code login, one-key login, PIN code login), an authority setting procedure, and an authority control procedure (usb disk reading control, application program operation control):
binding process
After the enterprise registers the enterprise account, the personal account and the enterprise account are bound, so that the personal account bound with the enterprise account can use the controlled terminal, and personalized settings and personal records are stored. As shown in fig. 1, the binding process specifically includes:
s101, registering an enterprise account exclusive to an enterprise at a server, importing a personal account subordinate to the enterprise account into the server, and generating a personal account list;
the server side refers to a server corresponding to the browser. Registering an enterprise account specific to an enterprise at a server terminal refers to: an administrator of an enterprise directly imports an enterprise account at a server, which is equivalent to a registration account.
S102, carrying out enterprise initialization configuration in a host;
the enterprise initialization configuration includes but is not limited to opening partial host authority, closing a Windows lock screen interface, closing a Windows lock screen password, exiting Windows account login and the like. The host refers to a host selected by an enterprise and needing to install the browser.
S103, a user registers a personal account at a mobile phone terminal;
s104, inputting an enterprise account number by the mobile phone terminal, and binding the personal account number with the enterprise account number;
after the personal account is sent to the server, the personal account is compared with the imported personal account list, and if the personal account exists in the personal account list, the binding is regarded as successful.
S105, the server side checks whether the personal account is bound successfully and is a person belonging to the enterprise, and if the personal account is bound successfully or is not the person belonging to the enterprise, the personal account is not approved; if the personal account is successfully bound and belongs to the enterprise, the personal account passes the examination and approval;
s106, sending a verification result to a mobile phone end;
and S107, logging in a screen locking interface of the browser by the user through the personal account, and entering and using the browser.
Second, lock screen login flow-scan two-dimensional code login
The login mode is a code scanning login mode, the user operation can be reduced to the maximum extent, complicated passwords do not need to be input, the traditional password login is replaced by three-terminal (mobile phone terminal, server terminal and browser terminal) authentication, and the password-free login mode is realized. As shown in fig. 2, the specific process of scanning the two-dimensional code for registration includes:
s201, the controlled terminal executes a starting instruction;
s202, automatically starting a browser host process after the controlled terminal is started;
s203, after the browser host process is started, starting a secondary login process of the browser and popping up a screen locking interface;
because the browser host process cannot directly cover the Windows or Linux lock screen interface unless the user manually closes, a second login process behind the login part of the operating system needs to be started, which is referred to as a secondary login process.
S204, submitting browser information to a server by a browser secondary login process;
the browser information is initialization information submitted to a server side by a secondary browser login process and comprises information such as a terminal ID, a browser model and a browser ID;
s205, the server side sends the generated two-dimensional code to a secondary login process of the browser and displays the two-dimensional code on a screen locking interface;
s206, the mobile phone end scans the two-dimensional code on the screen locking interface;
s207, after the mobile phone terminal successfully scans the two-dimensional code, feeding back a notice of successful scanning of the two-dimensional code to the server terminal, and sending mobile phone terminal login identity information to the server terminal;
s208, the server side verifies the login identity information, and if the login identity information is failed to be verified, a login identity information verification failure notification is fed back to the mobile phone side;
the login identity information refers to a personal account, the mobile phone end sends the login identity information to the server end, and the server end compares whether the login identity information is a bound personal account or not to complete verification of the login identity information.
S209, if the login identity information is successfully verified, the server feeds back a two-dimensional code scanning success notice, login identity information and a history record corresponding to the login identity information to the secondary login process of the browser;
s210, unlocking the secondary login process of the browser and successfully logging in; after login is successful, the browser, namely the browser host process, can be directly popped up, the browser cannot be quitted when the user uses the browser, and the quitting of the browser means quitting the login.
S211, the secondary login process of the browser feeds back unlocking and login success notifications to the main process of the browser and synchronizes the history corresponding to the login identity information;
s212, the browser host process synchronizes the operation records to the server side in real time.
Third, lock screen login flow-one-key login
The login mode is a one-key login mode, password leakage possibility is reduced, complicated passwords do not need to be input, the traditional password login is replaced by three-terminal (a mobile phone terminal, a server terminal and a browser terminal) authentication, and a password-free login mode is realized. As shown in fig. 3, the specific process of performing login by one-touch login includes:
s301, the controlled terminal executes a starting instruction;
s302, automatically starting a browser host process after the controlled terminal is started;
s303, after the browser host process is started, starting a secondary login process of the browser and popping up a screen locking interface;
s304, inputting a personal account number on a screen locking interface by a user;
s305, submitting browser information and personal account information to a server side by a browser secondary login process;
s306, the server side verifies the received browser information and the received personal account information, and verifies whether the personal account exists or not;
s307, if the personal account exists, sending a one-key login request to the account mobile phone end;
s308, a one-key login request interface is popped up by the mobile phone end of the user, whether login is required or not is selected, and if login is refused, the process is terminated; if the login is approved, feeding back information;
s309, the mobile phone end feeds back a one-key login notification to the server end and sends login identity information;
s310, the server side verifies the login identity information, and if the login identity information is verified to be failed, a login identity information verification failure notification is fed back to the mobile phone side;
s311, if the login identity information is successfully verified, the server side feeds back a one-key login success notification, login identity information and a history record of the synchronous corresponding login identity information to the secondary login process of the browser;
the login identity information refers to a personal account, the mobile phone side sends the login identity information to the server side, and the server side compares whether the login identity information is a bound personal account or not to complete verification of the login identity information.
S312, unlocking the secondary login process of the browser and successfully logging in; after login is successful, the browser, namely the browser host process, can be directly popped up, the browser cannot be quitted when the user uses the browser, and the quitting of the browser means quitting the login.
S313, the secondary login process of the browser feeds back an unlocking and login success notification to the main process of the browser and synchronizes the history corresponding to the login identity information;
and S314, synchronizing the operation records to the server side in real time by the browser host process.
Fourth, lock screen login process-PIN code login (off-line)
The login mode is a PIN code login mode, normal login use can be guaranteed in an off-line state, the operation record can be synchronized to the server side after the controlled terminal is networked, information cannot be lost, traditional password login is replaced by three-terminal (mobile terminal, server side and browser side) authentication, and input numbers required by login each time are random, so that account security is guaranteed to the maximum extent. After logging in this way, the controlled terminal will keep the initialized default configuration and cannot synchronize the history records. As shown in fig. 4, the specific process of performing login by one-touch login includes:
s401, the controlled terminal executes a starting instruction;
s402, automatically starting a browser host process after the controlled terminal is started;
s403, after the browser host process is started, starting a secondary login process of the browser and popping up a screen locking interface;
s404, inputting a personal account number through a login interface of a secondary login process of the browser, and calling out a calculation formula corresponding to the personal account number in a local background, wherein each account number has one and only one corresponding calculation formula;
the calculation formula is generated randomly when the user initially registers the personal account, and the calculation formula of each personal account is unique and unchangeable.
S405, displaying a string of randomly generated numbers on a login interface of a secondary login process of the browser, and calculating a result obtained by calculating the random numbers through a calculation formula corresponding to the personal account;
s406, inputting a random number displayed on a login interface of a secondary login process of the browser by the mobile phone end;
s407, the mobile phone substitutes the input random number according to a calculation formula corresponding to the personal account number, and outputs a calculation result, namely the login PIN code;
s408, inputting the PIN generated by the mobile phone end into a login interface of the secondary login process of the browser, comparing the PIN with a result obtained by calculation of the secondary login process of the browser, and if the result is inconsistent, failing to unlock;
s409, if the results are consistent, unlocking the secondary login process of the browser successfully;
s410, successfully unlocking the browser secondary login process and feeding back a notification to the browser main process;
s411, the browser main process stores the operation record to the local controlled terminal;
and S412, after networking, synchronizing the operation records stored in the local to the server side by the browser host process.
Fifth, permission setting process
The safety browser can manage and control the authority of the U disk and the application program, controls the accessible U disk and the executable application program by setting a white list mode, enhances the safety of the controlled terminal, greatly reduces malicious viruses and hacker attacks for the controlled terminal, and greatly reduces the possibility of information leakage. As shown in fig. 5, the specific process of setting the permission includes:
s501, the controlled terminal executes a starting command;
s502, automatically starting a browser host process after the controlled terminal is started;
s503, after the browser host process is started, starting a secondary login process of the browser and popping up a screen locking interface;
s504, successfully logging in the secondary login process part of the browser;
s505, after the secondary login process part of the browser successfully logs in, authority control of a U disk, an application program and the like is started;
s506, setting an authority white list by the server side;
and S507, synchronizing the authority white list content set by the server side to the browser.
Six, U coil pipe flow control process
As shown in fig. 6, the flow of U-disk management and control specifically includes:
s601, the controlled terminal executes a starting instruction;
s602, automatically starting a browser host process after the controlled terminal is started;
s603, after the browser main process is started, starting a browser secondary login process and popping up a screen locking interface;
s604, successfully logging in a secondary login process part of the browser and starting U disk authority control;
s605, accessing the unknown USB flash disk to a controlled terminal;
s606, the controlled terminal sends a USB flash disk access notification to the secondary login process of the browser;
s607, the browser secondary login process reads the characteristic value of the accessed U disk;
s608, after the characteristic value of the accessed USB flash disk is read by the secondary login process of the browser, comparing the characteristic value with a preset USB flash disk authority white list, and if the USB flash disk is not in the preset USB flash disk authority white list, not allowing the controlled terminal to read the USB flash disk; if the USB flash disk is in a preset USB flash disk authority white list, allowing the controlled terminal to read the USB flash disk;
s609, the controlled terminal executes a secondary login process of the browser to issue an instruction;
and S610, the browser secondary login process sends the execution result to the server side for recording.
Seventh, application program management and control flow
As shown in fig. 7, the process of application program management and control specifically includes:
s701, the controlled terminal executes a starting instruction;
s702, automatically starting a browser host process after the controlled terminal is started;
s703, after the browser main process is started, starting a browser secondary login process and popping up a screen locking interface;
s704, successfully logging in a secondary login process part of the browser and starting the authority control of the application program;
s705, starting an unknown application program by the controlled terminal;
s706, the controlled terminal sends an unknown application program starting notice to the secondary login process of the browser;
s707, reading a characteristic value of the application program started in the secondary login process of the browser;
s708, after reading the characteristic value of the application program, the secondary login process of the browser compares the characteristic value with a preset application program authority white list, and if the application program is not in the preset application program authority white list, the controlled terminal is not allowed to run the application program; if the application program is in a preset application program authority white list, allowing the controlled terminal to run the application program;
and S709, the controlled terminal executes the secondary login process of the browser to issue an instruction.
And S710, the browser secondary login process sends the execution result to the server side for recording.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (8)

1. A safety browser with an identity authentication screen locking interface and terminal authority control is characterized in that the safety browser is installed on a controlled terminal and is started automatically after the controlled terminal is started, and the safety browser comprises a screen locking interface; the screen locking interface pops up after the safe browser is started; the safety browser manages and controls the controlled terminal according to the following modes:
the safe browser receives login identity information of a terminal user through the screen locking interface; and authenticating the login identity information of the terminal user;
if the authentication is successful, allowing the terminal user to log in the secure browser and using the controlled terminal through the secure browser; and if the authentication is unsuccessful, prohibiting the terminal user from logging in the secure browser.
2. The secure browser with the identity authentication screen locking interface and the terminal authority control according to claim 1, wherein the secure browser receives login identity information of a terminal user through the screen locking interface, and the method includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface, and submits browser information to a server side;
the browser secondary login process receives a two-dimensional code generated by a background server and displays the two-dimensional code on the screen locking interface, so that a terminal user can scan the two-dimensional code through a mobile terminal;
the background server receives a two-dimensional code scanning success notification fed back by the user mobile terminal and login identity information of the terminal user;
correspondingly, the authentication of the login identity information of the terminal user comprises the following steps:
the background server verifies the received login identity information, and if the verification fails, a verification failure notice is fed back to the user mobile terminal; and if the verification is successful, feeding back a two-dimensional code scanning success notice, login identity information and a history record corresponding to the login identity information to the secondary login process of the browser.
3. The secure browser with the identity authentication screen locking interface and the terminal authority control according to claim 1, wherein the secure browser receives login identity information of a terminal user through the screen locking interface, and the method includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the secondary login process of the browser receives personal account information input by the terminal user on the screen locking interface;
the browser secondary login process submits browser information and the received personal account information to a background server;
the background server of the browser verifies whether the personal account information exists, and if so, a one-key login request is sent to the mobile terminal of the terminal user, so that the mobile terminal of the terminal user pops up a one-key login request interface after receiving the one-key login request;
the background server receives login feedback information and login identity information sent by a mobile terminal of the terminal user through the one-key login request interface;
correspondingly, the authentication of the login identity information of the terminal user comprises the following steps:
the background server verifies the received login identity information, and if the verification fails, a verification failure notice is fed back to the user mobile terminal; and if the verification is successful, feeding back a two-dimensional code scanning success notice, login identity information and a history record corresponding to the login identity information to the secondary login process of the browser.
4. The secure browser with the identity authentication screen locking interface and the terminal authority control according to claim 1, wherein the secure browser receives login identity information of a terminal user through the screen locking interface, and the method includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the browser secondary login process receives personal account information input by a terminal user on the screen locking interface, and calls out a calculation formula corresponding to the personal account in a local background;
randomly generating a string of numbers by the secondary login process of the browser and displaying the string of numbers on the screen locking interface;
the secondary login process of the browser calculates the numbers according to the calculation formula to obtain a calculation result;
the secondary login process of the browser receives a PIN code input by the terminal user through the screen locking interface, and the PIN code is obtained by calculating the number by a mobile terminal of the terminal user according to a calculation formula corresponding to a personal account;
correspondingly, the authentication of the login identity information of the terminal user comprises the following steps:
and the secondary login process of the browser compares the calculation result with the PIN code, if the calculation result is consistent with the PIN code, the verification is successful, and if the calculation result is inconsistent with the PIN code, the verification is failed.
5. The secure browser with the identity authentication screen locking interface and the terminal authority control function according to claim 1, wherein a background server of the secure browser is provided with an authority white list for authority control over a U disk and an application program.
6. The secure browser with the identity authentication screen locking interface and the terminal authority control according to claim 5, wherein the secure browser performs authority control on a USB flash disk, and the method comprises the following steps:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the browser secondary login process receives a USB flash disk access notification sent by the controlled terminal;
the browser secondary login process reads the characteristic value of the accessed U disk;
the secondary login process of the browser judges whether the characteristic value of the accessed U disk is in a U disk authority white list or not, and if the characteristic value of the accessed U disk is not in the U disk authority white list, an instruction that the U disk is not allowed to be read is sent to a controlled terminal; and if the current USB flash disk is in the USB flash disk authority white list, sending an instruction for allowing the USB flash disk to be read to the controlled terminal.
7. The secure browser with the identity authentication screen locking interface and the terminal authority control function according to claim 5, wherein the secure browser performs authority control on an application program, and the method includes:
the safe browser starts a secondary login process of the browser while popping up a screen locking interface;
the secondary login process of the browser receives an application program starting notice sent by the controlled terminal;
the browser secondary login process reads the characteristic value of the application program;
the secondary login process of the browser judges whether the characteristic value of the application program is in an application program authority white list or not, and if the characteristic value of the application program is not in the application program authority white list, an instruction of not allowing the application program to be started is sent to a controlled terminal; and if the authority of the application program is in the white list, sending an instruction for allowing the application program to be started to the controlled terminal.
8. The secure browser with the function of identity authentication screen locking interface and terminal authority control according to claim 1, further comprising: and binding the personal account of the mobile terminal of the user with the enterprise account through a background server of the browser.
CN202210055896.8A 2022-01-18 2022-01-18 Safety browser with identity authentication screen locking interface and terminal authority control Pending CN114462011A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210055896.8A CN114462011A (en) 2022-01-18 2022-01-18 Safety browser with identity authentication screen locking interface and terminal authority control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210055896.8A CN114462011A (en) 2022-01-18 2022-01-18 Safety browser with identity authentication screen locking interface and terminal authority control

Publications (1)

Publication Number Publication Date
CN114462011A true CN114462011A (en) 2022-05-10

Family

ID=81409337

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210055896.8A Pending CN114462011A (en) 2022-01-18 2022-01-18 Safety browser with identity authentication screen locking interface and terminal authority control

Country Status (1)

Country Link
CN (1) CN114462011A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116743731A (en) * 2023-07-17 2023-09-12 广东精工智能系统有限公司 Method and system for controlling large-screen billboard through mobile terminal App

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116743731A (en) * 2023-07-17 2023-09-12 广东精工智能系统有限公司 Method and system for controlling large-screen billboard through mobile terminal App

Similar Documents

Publication Publication Date Title
EP2442204B1 (en) System and method for privilege delegation and control
US10333916B2 (en) Disposable browsers and authentication techniques for a secure online user environment
CA2923431C (en) Network connection automation
US10754826B2 (en) Techniques for securely sharing files from a cloud storage
US20090235345A1 (en) Authentication system, authentication server apparatus, user apparatus and application server apparatus
US9306943B1 (en) Access point—authentication server combination
WO2015165423A1 (en) Account login method, apparatus, and system
US20020112183A1 (en) Apparatus and method for authenticating access to a network resource
EP2491673A2 (en) Authentication using cloud authentication
CN101986598B (en) Authentication method, server and system
CN108881218B (en) Data security enhancement method and system based on cloud storage management platform
JP2007156959A (en) Access control program, information processor, and access control method
CN107145531B (en) Distributed file system and user management method of distributed file system
CN107113613A (en) Server, mobile terminal, real-name network authentication system and method
CN102368230A (en) Mobile memory and access control method thereof as well as system
CN108256302A (en) Data Access Security method and device
CN114462011A (en) Safety browser with identity authentication screen locking interface and terminal authority control
CN101330428A (en) Apparatus for safe mobile client terminal of virtual special network and use method thereof
CN110633172A (en) USB flash disk and data synchronization method thereof
DE102017121648B3 (en) METHOD FOR REGISTERING A USER AT A TERMINAL DEVICE
CN110807186B (en) Method, device, equipment and storage medium for safe storage of storage equipment
CN106856471B (en) AD domain login authentication method under 802.1X
CN112738005A (en) Access processing method, device, system, first authentication server and storage medium
CN105451225A (en) An access authentication method and an access authentication device
US20050097322A1 (en) Distributed authentication framework stack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination