CN114666299B - Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system - Google Patents
Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system Download PDFInfo
- Publication number
- CN114666299B CN114666299B CN202210404365.5A CN202210404365A CN114666299B CN 114666299 B CN114666299 B CN 114666299B CN 202210404365 A CN202210404365 A CN 202210404365A CN 114666299 B CN114666299 B CN 114666299B
- Authority
- CN
- China
- Prior art keywords
- satellite
- user
- mailbox
- access request
- verifying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18513—Transmission in a satellite or space-based system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Abstract
The application relates to a mail receiving and sending method and device of a satellite measurement, operation and control system, electronic equipment and a computer readable medium. The method comprises the following steps: receiving a mailbox access request from a user through a preset port of a mailbox gateway; extracting the terminal attribute currently operated by the user based on the access request; determining a login strategy for the user according to the terminal attribute; verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism; and after the verification is passed, allowing the user to log in a mailbox of the satellite measurement, operation and control system for sending and receiving mails. The method, the device, the electronic equipment and the computer readable medium for sending and receiving the mails of the satellite measurement, operation and control system can provide a plurality of flexible ways for users to log in the mailbox of the satellite measurement, operation and control system, and meet the requirement of user logging diversity while ensuring the safety of the satellite measurement, operation and control system.
Description
Technical Field
The application relates to the field of computer information processing, in particular to a mail receiving and sending method and device of a satellite measurement, operation and control system, electronic equipment and a computer readable medium.
Background
Because the satellite measurement, operation and control platform needs to provide mail sending service for subscribers, the mailbox server is very insecure when being directly exposed on the public network, I P of the mail server is mapped to the external network possibly, the architecture is easy to be taken by attackers to the authority of the server through the security loophole of a Wi windows operating system, data leakage is caused, and even more, other important systems in the company intranet are further penetrated by the architecture by taking the mailbox server as a springboard.
The general solution is to put the mailbox server into the intranet, and to send and receive mails, it needs to dial in the VPN of the company. But in this case, it is easy to miss important mails. 443 ports need to be opened for convenience of office work, and outgoing office work and mobile-side WEB segments can also be used. 443 ports are easily attacked.
Therefore, a new method, apparatus, electronic device and computer readable medium for sending and receiving mails of a satellite measurement, operation and control system are needed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, an electronic device, and a computer readable medium for sending and receiving a mail of a satellite measurement, operation, and control system, which can provide a user with multiple flexible ways to log in a mailbox of the satellite measurement, operation, and control system, and meet the requirement of the user on the diversity of log-in while ensuring the security of the satellite measurement, operation, and control system.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of the present application, a method for sending and receiving mails of a satellite measurement, transportation and control system is provided, the method comprising: receiving a mailbox access request from a user through a preset port of a mailbox gateway; extracting the terminal attribute currently operated by the user based on the access request; determining a login strategy for the user according to the terminal attribute; verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism; and after the verification is passed, allowing the user to log in a mailbox of the satellite measurement, operation and control system for sending and receiving mails.
In an exemplary embodiment of the present application, when the attribute of the terminal is a web end, verifying the mailbox access request based on a login policy and a satellite-ground two-factor authentication mechanism includes: a mailbox gateway acquires a satellite dynamic password; acquiring a user password and a user dynamic password from the mailbox access request; verifying the user password; and verifying the user dynamic password based on the satellite dynamic password.
In an exemplary embodiment of the present application, the acquiring, by the mailbox gateway, the satellite dynamic password includes: and telemetering data by a satellite or acquiring data of a preset position as the dynamic password of the satellite.
In an exemplary embodiment of the present application, when the terminal attribute is a client, verifying the mailbox access request based on a login policy and a satellite-ground two-factor authentication mechanism includes: acquiring a plurality of specified I P addresses from the mailbox access request; and verifying the plurality of specified I P addresses respectively based on a satellite-ground two-factor authentication mechanism.
In an exemplary embodiment of the present application, after the verification is passed, allowing the user to log in a mailbox of a satellite operation and control system for sending and receiving mails, including: after the verification is passed, activating a trusted I P address for the user; and the user logs in a mailbox of the satellite measurement, transportation and control system to send and receive mails based on the trusted I P address.
In an exemplary embodiment of the present application, when the terminal attribute is a mobile terminal, verifying the mailbox access request based on a login policy and a satellite-ground two-factor authentication mechanism includes: acquiring current equipment information from the mailbox access request; and verifying the current equipment information based on a satellite ground two-factor authentication mechanism.
In an exemplary embodiment of the present application, further comprising: and when the mailbox gateway does not contain the current equipment information, registering and activating the current equipment.
According to an aspect of the present application, a mail receiving and sending device of a satellite measurement, operation and control system is provided, the device including: the request module is used for receiving a mailbox access request from a user by the mailbox gateway; the attribute module is used for extracting the terminal attribute of the current operation of the user based on the access request; the strategy module is used for determining a login strategy for the user according to the terminal attribute; the verification module is used for verifying the mailbox access request based on login strategy verification; and the login module is used for allowing the user to log in a mailbox of the satellite measurement, operation and control system to receive and send mails after the verification is passed.
According to an aspect of the present application, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the application, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the mail receiving and sending method, the mail receiving and sending device, the electronic equipment and the computer readable medium of the satellite measurement, operation and control system, a mail box access request from a user is received through a preset port of a mail box gateway; extracting the terminal attribute currently operated by the user based on the access request; determining a login strategy for the user according to the terminal attribute; verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism; after the verification is passed, the user is allowed to log in the mailbox of the satellite measurement, operation and control system to carry out a mail receiving and sending mode, various flexible modes can be provided for the user to log in the mailbox of the satellite measurement, operation and control system, the safety of the satellite measurement, operation and control system is guaranteed, and meanwhile the requirement of the user on logging diversity is met.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application, and other drawings may be derived from those drawings by those skilled in the art without inventive effort.
Fig. 1 is a system block diagram illustrating a mail sending and receiving method and apparatus of a satellite measurement, operation and control system according to an exemplary embodiment.
Fig. 2 is a flowchart illustrating a mailing method for a satellite operation and control system according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating a mailing method for a satellite test, operation, and control system according to another exemplary embodiment.
Fig. 4 is a flowchart illustrating a mailing method for a satellite test, operation, and control system according to another exemplary embodiment.
Fig. 5 is a flowchart illustrating a mailing method for a satellite test, operation, and control system according to another exemplary embodiment.
Fig. 6 is a block diagram illustrating a mailer of a satellite measurement, transportation, and control system according to an example embodiment.
FIG. 7 is a block diagram of an electronic device shown in accordance with an example embodiment.
FIG. 8 is a block diagram illustrating a computer-readable medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the present concepts. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be appreciated by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present application and are, therefore, not intended to limit the scope of the present application.
Fig. 1 is a system block diagram illustrating a mail sending and receiving method and device of a satellite operation and control system according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may use terminal devices 101, 102, 103 to interact with a server 105 over a network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a mailbox gateway server providing support for a satellite data platform browsed by a user using the terminal devices 101, 102, 103. The background management server can analyze and process the received satellite telemetering and remote control data, and store the processing result in a preset position, and the terminal devices 101, 102 and 103 can log in and read.
The server 105 may receive a mailbox access request from a user, for example, through a preset port; the server 105 may extract the terminal attribute currently operated by the user, for example, based on the access request; server 105 may determine a login policy for the user, e.g., based on the terminal attributes; the server 105 may validate the mailbox access request, for example, based on a login policy and a satellite-terrestrial two-factor authentication mechanism; the server 105 may allow the user to log into a mailbox of the satellite instrumentation and control system for mailing, for example, after the authentication is passed.
The server 105 may be a physical server, or may be composed of a plurality of servers, for example, it should be noted that the method for sending and receiving mail of the satellite measurement, operation and control system provided in the embodiment of the present application may be executed by the server 105, and accordingly, the mail sending and receiving device of the satellite measurement, operation and control system may be disposed in the server 105. And the terminal devices 101, 102 and 103 provided for the user to log in the mailbox can be a smart phone, a tablet computer, a laptop portable computer, a desktop computer and the like.
Fig. 2 is a flowchart illustrating a mailing method for a satellite operation and control system according to an exemplary embodiment. The mail sending and receiving method 20 of the satellite measurement, operation and control system at least comprises steps S202 to S210.
As shown in fig. 2, in S202, the preset port of the mailbox gateway receives a mailbox access request from a user. The mailbox gateway can only open HTTP and HTTPS ports outwards, and the request of the 80 port jumps to the 443 port, thereby ensuring the safety of the transmission channel.
In S204, the terminal attribute currently operated by the user is extracted based on the access request. The terminal attributes can be accessed by a Web end, a mobile device and a client.
In S206, a login policy is determined for the user according to the terminal attribute. Different login processing flows can be respectively designated for the access of a Web end, mobile equipment and a client.
In one embodiment, when the terminal attribute is a web end, the verifying the mailbox access request based on a login policy and a satellite ground two-factor authentication mechanism includes: the mailbox gateway acquires a satellite dynamic password; acquiring a user password and a user dynamic password from the mailbox access request; verifying the user password; and verifying the user dynamic password based on the satellite dynamic password.
More specifically, data may be telemetered from a satellite or data may be obtained for a predetermined location as the satellite dynamic password.
In one embodiment, when the terminal attribute is a client, the verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism includes: acquiring a plurality of specified I P addresses from the mailbox access request; and verifying the plurality of specified I P addresses respectively based on a satellite-ground two-factor authentication mechanism. After the verification is passed, activating a trusted I P address for the user; and the user logs in a mailbox of the satellite measurement, transportation and control system to send and receive mails based on the trusted I P address.
In one embodiment, when the terminal attribute is a mobile terminal, verifying the mailbox access request based on a login policy and a satellite-ground two-factor authentication mechanism includes: acquiring current equipment information from the mailbox access request; and verifying the current equipment information based on a satellite ground two-factor authentication mechanism. And when the mailbox gateway does not contain the current equipment information, registering and activating the current equipment.
An embodiment corresponding to 3,4,5 is seen in more detail.
In S208, the mailbox access request is verified based on the login policy and the satellite-terrestrial two-factor authentication mechanism.
In S210, after the verification is passed, the user is allowed to log in a mailbox of the satellite measurement, transportation and control system for sending and receiving mails. After the verification is passed, the user can send and receive the mail under the condition of being separated from the VPN, and can safely send and receive the mail in an untrusted network to check the push information.
According to the mail receiving and sending method of the satellite measuring, transporting and controlling system, a mailbox access request from a user is received through a preset port of a mailbox gateway; extracting the terminal attribute currently operated by the user based on the access request; determining a login strategy for the user according to the terminal attribute; verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism; after the verification is passed, the user is allowed to log in the mailbox of the satellite measurement, operation and control system to carry out a mail receiving and sending mode, various flexible modes can be provided for the user to log in the mailbox of the satellite measurement, operation and control system, the safety of the satellite measurement, operation and control system is guaranteed, and meanwhile the requirement of the user on logging diversity is met.
It should be clearly understood that this application describes how to make and use particular examples, but the principles of this application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a mailing method for a satellite test, operation, and control system according to another exemplary embodiment. The flow 30 shown in fig. 3 is a detailed description of the authentication process when the terminal attribute is web-end.
As shown in fig. 3, in S301, a user inputs a domain name of a mailbox of a satellite operation and control system at a web end to generate a login request.
In S302, the mailbox gateway redirects the user login request to the login page of the HTTPS.
In S303, a dynamic password from the satellite is acquired.
In S304, the user inputs the user password and the dynamic password.
In S305, the dynamic password is authenticated.
In S306, the user password is authenticated.
In S307, the user is allowed to log in and send and receive mail normally.
For safety, the dynamic password is applied as satellite measurement, operation and control data, the 4 th-8 th bit dynamic password in the satellite measurement, operation and control data can be defined, an instruction is added in a program, and 4-8 bits in the data are extracted when the satellite measurement, operation and control data are received. At the plug-in end, several functions are added as follows:
add _ otp _ token _ form: adding a dynamic password input box on a user access login page;
auth _ otp _ token intercepts the account, password and dynamic password when the user submits the dynamic password, judges the dynamic password, submits login information if the dynamic password is correct, and jumps to a login interface if the dynamic password is not correct.
And a push application is added in an automatic scheduling system of the satellite measurement, operation and control platform, and after a login message of a user web end is received, an appointed byte of a frame structure of the latest transit satellite is sent to a mobile phone registered by the user or a mailbox as a dynamic password of the user.
Fig. 4 is a flowchart illustrating a mailing method for a satellite test, operation, and control system according to another exemplary embodiment. The flow 40 shown in fig. 4 is a detailed description of the authentication process "when the terminal attribute is a client".
As shown in fig. 4, in S401, the user generates a user login request through a client installed on a computer.
In S402, it is determined whether it is a company outlet I P address.
In S403, it is the trusted I P address.
In S404, whether the I P address is already registered.
In S405, registration is performed.
In S406, activation is performed.
In S407, the trusted I P address is activated.
In S408, whether activation is successful.
In S409, a mailbox is logged in to send and receive mail.
The authorization mechanisms of a trusted mail client and a trusted I P are added in an original mailbox system, when a user logs in by using a correct account and a correct password, the user is required to authorize the current client and I P, and the mail can be sent and received only under the condition that I P and the client are trusted.
Adding the following functions to the client:
act i ve _ code: and generating, resetting, deleting and setting the expiration time of the verification code, and calling the activation page to judge whether the verification code is valid.
Bas i c _ auth: the user information is decoded from the authentication mode.
Send _ not i c: and pushing the boot information activated by the trusted device to the user.
A computer I P strategy engine is added at a satellite measurement, operation and control system end, and the following data are named:
the Username is the name of a registered employee in a satellite measurement, transportation and control system user;
i P is I P which can be reported by trusty;
off i ce _ i ps is egress I P, which is considered trusted if the user's access comes from egress I P.
And writing an activation I P strategy at the satellite measurement, operation and control system end according to the data structure, wherein the activation I P strategy can be activated after being determined by the satellite end factor and the ground end factor. The mailbox security gateway judges whether the current user and I P are credible. The specific policy code is not described in detail.
Fig. 5 is a flowchart illustrating a mailing method for a satellite test, operation, and control system according to another exemplary embodiment. The flow 50 shown in fig. 5 is a detailed description of the authentication process "when the terminal attribute is a mobile terminal".
As shown in fig. 5, in S501, the user generates a login request through the mobile application.
In S502, it is determined whether it is a registered user equipment.
In S503, registration is performed.
In S504, whether the device is already active.
In S505, activation is performed.
In S506, the device activates.
In S507, whether activation is successful.
In S508, login is performed to send and receive mail.
When the mobile equipment accesses mailbox service for the first time, the security gateway can judge whether the equipment is registered, the registration method and the registration process of the client are the same, a judgment strategy for binding the existing user name and equipment information is added in the satellite measurement, operation and control system, and the judgment strategy can be determined through satellite side factors and ground side factors.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the methods provided herein. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to exemplary embodiments of the present application and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed, for example, synchronously or asynchronously in multiple modules.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Fig. 6 is a block diagram illustrating a mailer of a satellite measurement, transportation, and control system according to an example embodiment. As shown in fig. 6, the mail sending/receiving device 60 of the satellite measurement, transportation and control system includes: a request module 602, an attribute module 604, a policy module 606, an authentication module 608, and a login module 610.
The request module 602 is used for receiving a mailbox access request from a user by a mailbox gateway;
the attribute module 604 is configured to extract a terminal attribute of the current operation of the user based on the access request;
the policy module 606 is configured to determine a login policy for the user according to the terminal attribute;
the verification module 608 is configured to verify the mailbox access request based on login policy verification;
the login module 610 is configured to allow the user to log in a mailbox of the satellite measurement, transportation and control system for sending and receiving mails after the verification is passed.
According to the mail receiving and sending device of the satellite measuring, transporting and controlling system, a mail box access request from a user is received through a preset port of a mail box gateway; extracting the terminal attribute currently operated by the user based on the access request; determining a login strategy for the user according to the terminal attribute; verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism; after the verification is passed, the user is allowed to log in the mailbox of the satellite measurement, operation and control system to carry out a mail receiving and sending mode, various flexible modes can be provided for the user to log in the mailbox of the satellite measurement, operation and control system, the safety of the satellite measurement, operation and control system is guaranteed, and meanwhile the requirement of the user on logging diversity is met.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
An electronic device 700 according to this embodiment of the present application is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 7, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 that connects the various system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that can be executed by the processing unit 710 such that the processing unit 710 performs the steps according to various exemplary embodiments of the present application described in the present specification. For example, the processing unit 710 may perform the steps as shown in fig. 2, 3,4, 5.
The memory unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM) 7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.
The memory unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), such that a user can communicate with devices with which the electronic device 700 interacts, and/or any devices (e.g., router, modem, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 760. The network adapter 760 may communicate with other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAI D systems, tape drives, and data backup storage systems, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, as shown in fig. 8, the technical solution according to the embodiment of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of: receiving a mailbox access request from a user through a preset port of a mailbox gateway; extracting the terminal attribute currently operated by the user based on the access request; determining a login strategy for the user according to the terminal attribute; verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism; and after the verification is passed, allowing the user to log in a mailbox of the satellite measurement, transportation and control system for sending and receiving mails.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiment of the present application.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that the application is not limited to the details of construction, arrangement, or method of implementation described herein; on the contrary, the intention is to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (6)
1. A mail receiving and sending method of a satellite measurement, operation and control system is characterized by comprising the following steps:
receiving a mailbox access request from a user through a preset port of a mailbox gateway, wherein the preset port is an HTTP and HTTPS port, and the request of an 80 port jumps to a 443 port;
extracting the terminal attribute of the current operation of the user based on the access request, wherein the terminal attribute comprises: the Web end, the mobile equipment and the client end access;
determining a login strategy for the user according to the terminal attribute;
verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism;
determining an activation strategy according to the satellite end factor and the ground end factor;
after the verification is passed, activating a trusted I P address for the user according to an activation strategy;
the user logs in a mailbox of the satellite measurement, transportation and control system based on the trusted I P address to send and receive mails;
when the terminal attribute is a client, verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism, wherein the verification comprises the following steps:
acquiring a plurality of specified IP addresses from the mailbox access request;
verifying the plurality of specified I P addresses respectively based on a satellite-ground two-factor authentication mechanism;
determining whether the IP address is a company export IP address, if not, determining whether the IP address is a credible IP, if not, determining whether the IP is registered, if not, registering the IP, activating the registered IP, activating the credible IP address, determining whether the activation is successful, and if not, activating the registered IP again;
when the terminal attribute is a web-end,
verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism, wherein the verification comprises the following steps:
a mailbox gateway acquires a satellite dynamic password;
acquiring a user password and a user dynamic password from the mailbox access request;
verifying the user password;
verifying the user dynamic password based on the satellite dynamic password;
the mailbox gateway acquires the satellite dynamic password, and comprises the following steps:
telemetering data by a satellite or acquiring data of a preset position as the dynamic password of the satellite;
after receiving the login message of the user web end, sending the appointed byte of the frame structure of the recent transit satellite to a mobile phone registered by the user or a mailbox as a user dynamic password.
2. The method of claim 1, wherein, when the terminal attribute is a mobile terminal,
verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism, wherein the verification comprises the following steps:
acquiring current equipment information from the mailbox access request;
and verifying the current equipment information based on a satellite ground two-factor authentication mechanism.
3. The method of claim 2, further comprising:
and when the mailbox gateway does not contain the current equipment information, registering and activating the current equipment.
4. A mail receiving and sending device of a satellite measurement, operation and control system is characterized by comprising:
the request module is used for receiving a mailbox access request from a user by the mailbox gateway, wherein the preset port is an HTTP and HTTPS port, and the request of the 80 port is switched to the 443 port;
an attribute module, configured to extract, based on the access request, a terminal attribute of the current operation of the user, where the terminal attribute includes: the Web end, the mobile equipment and the client end access;
the strategy module is used for determining a login strategy for the user according to the terminal attribute;
the verification module is used for verifying the mailbox access request based on login strategy verification; when the terminal attribute is a client, verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism, wherein the verification comprises the following steps: acquiring a plurality of specified IP addresses from the mailbox access request; verifying the designated IP addresses respectively based on a satellite ground two-factor authentication mechanism; determining whether the address is a company export I P address, if not, determining whether the address is a credible I P, if not, determining whether the IP is registered, if not, registering the IP, activating the registered IP, activating the credible IP address, determining whether the activation is successful, and if not, activating the registered I P; when the terminal attribute is a web terminal, verifying the mailbox access request based on a login strategy and a satellite ground two-factor authentication mechanism, wherein the verification comprises the following steps: the mailbox gateway acquires a satellite dynamic password; acquiring a user password and a user dynamic password from the mailbox access request; verifying the user password; verifying the user dynamic password based on the satellite dynamic password; the mailbox gateway acquires the satellite dynamic password, and comprises the following steps: data are telemetered by a satellite or data of a preset position are acquired as the dynamic password of the satellite; after receiving a login message of a user web end, sending an appointed byte of a frame structure of a recent transit satellite to a mobile phone registered by a user or a mailbox to be used as a user dynamic password;
the login module is used for jointly determining an activation strategy according to the satellite-side factors and the ground-side factors; after the verification is passed, activating a trusted I P address for the user according to an activation strategy; and the user logs in a mailbox of the satellite measurement, transportation and control system based on the trusted I P address to send and receive mails.
5. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-3.
6. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210404365.5A CN114666299B (en) | 2022-04-18 | 2022-04-18 | Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210404365.5A CN114666299B (en) | 2022-04-18 | 2022-04-18 | Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666299A CN114666299A (en) | 2022-06-24 |
| CN114666299B true CN114666299B (en) | 2023-03-21 |
Family
ID=82035591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210404365.5A Active CN114666299B (en) | 2022-04-18 | 2022-04-18 | Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666299B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572395A (en) * | 2019-09-09 | 2019-12-13 | 车智互联(北京)科技有限公司 | Identity verification method and system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428077B (en) * | 2013-08-22 | 2016-08-17 | 北京明朝万达科技股份有限公司 | A kind of method and system being safely receiving and sending mails |
| US9727661B2 (en) * | 2014-06-20 | 2017-08-08 | Lg Electronics Inc. | Display device accessing broadcast receiver via web browser and method of controlling therefor |
| CN104683356B (en) * | 2015-03-26 | 2018-12-28 | 上海众人网络安全技术有限公司 | Dynamic password authentication method and system based on software token |
| CN104683358A (en) * | 2015-03-26 | 2015-06-03 | 上海众人网络安全技术有限公司 | Anti-repudiation dynamic password generating method and dynamic password verification system |
| US10686907B2 (en) * | 2017-08-25 | 2020-06-16 | Hughes Network Systems, Llc | Reducing bandwidth consumption and latency in satellite communications |
| CN112398787B (en) * | 2019-08-15 | 2022-09-30 | 奇安信安全技术(珠海)有限公司 | Mailbox login verification method and device, computer equipment and storage medium |
| CN110661695A (en) * | 2019-08-27 | 2020-01-07 | 紫光云(南京)数字技术有限公司 | Method for unified login of e-mail box to entrance |
-
2022
- 2022-04-18 CN CN202210404365.5A patent/CN114666299B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110572395A (en) * | 2019-09-09 | 2019-12-13 | 车智互联(北京)科技有限公司 | Identity verification method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666299A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194673B (en) | Authentication method, system, equipment and storage medium based on user authorization information | |
| US9832218B2 (en) | Interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server | |
| US10171455B2 (en) | Protection of application passwords using a secure proxy | |
| CN109347855B (en) | Data access method, device, system, electronic design and computer readable medium | |
| US8762724B2 (en) | Website authentication | |
| US10460002B2 (en) | Identifying webpages accessible by unauthorized users via URL guessing or network sniffing | |
| CN104253812B (en) | Entrust the certification for WEB service | |
| CN111416811B (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| US20080148377A1 (en) | Management of Network Login Identities | |
| US20080015986A1 (en) | Systems, methods and computer program products for controlling online access to an account | |
| KR20110117136A (en) | Secure system access without password sharing | |
| AU2017301441B2 (en) | Login proxy for third-party applications | |
| US20060282884A1 (en) | Method and apparatus for using a proxy to manage confidential information | |
| Kellezi et al. | Towards secure open banking architecture: an evaluation with OWASP | |
| CN113904876B (en) | Security protection method and device, electronic equipment and computer readable medium | |
| CN111488581A (en) | Weak password vulnerability detection method and device, electronic equipment and computer readable medium | |
| CN111901289B (en) | Identity authentication method, device, equipment and storage medium | |
| CN114666299B (en) | Mail receiving and sending method, device, equipment and medium for satellite measurement, operation and control system | |
| CN112433985A (en) | Controlling the composition of information submitted to a computing system | |
| CN110401674B (en) | Data access method, device, system, electronic equipment and computer readable medium | |
| US11580210B2 (en) | Password authentication | |
| CN111901290B (en) | Identity authentication method and device | |
| US10826978B1 (en) | Systems and methods for server load control | |
| US9003535B1 (en) | Systems and methods for certifying client-side security for internet sites | |
| US20100005521A1 (en) | Method of Securing Password in Web Page and Computer-Readable Recording Medium Storing Program for Executing the Same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |