CN115190483A - Method and device for accessing network - Google Patents

Method and device for accessing network Download PDF

Info

Publication number
CN115190483A
CN115190483A CN202210520086.5A CN202210520086A CN115190483A CN 115190483 A CN115190483 A CN 115190483A CN 202210520086 A CN202210520086 A CN 202210520086A CN 115190483 A CN115190483 A CN 115190483A
Authority
CN
China
Prior art keywords
target
access
network
authentication
sim card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210520086.5A
Other languages
Chinese (zh)
Other versions
CN115190483B (en
Inventor
陈芨
郑磊
胡能鹏
方嘉宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Internet Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202210520086.5A priority Critical patent/CN115190483B/en
Publication of CN115190483A publication Critical patent/CN115190483A/en
Application granted granted Critical
Publication of CN115190483B publication Critical patent/CN115190483B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a method and a device for accessing a network, wherein the method comprises the following steps: receiving an access request initiated by a first device for a target network, wherein the access request carries authentication information generated by a target gateway according to a number identifier bound by the first device, and the authentication information comprises the number identifier and disposable identification information; verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; and under the condition that the verification result indicates that the one-time identification information passes the verification, establishing an access channel between the first device and the target network so that the first device accesses the target network through the access channel.

Description

Method and device for accessing network
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for accessing a network.
Background
With the popularization of internet mobile office, a business system for accessing an intranet by carrying terminal equipment of an enterprise worker through internet remote access becomes a normal state, and the access security of the intranet faces challenges.
In some scenarios, a terminal device of a user is used as an entrance for the user to access an intranet, the user usually applies for access to the intranet by using an account number password or a short message code, before establishing the secure connection between the user and the intranet, the legitimacy of access is verified by an authentication system, and after the authentication system confirms that access is allowed, an access channel between the user and the intranet is established through a security gateway. However, by adopting an authentication technology such as an account password or a short message code, security problems such as user account sharing, password leakage, short message code leakage and the like may exist, and under the condition that the security problems exist, an illegal user may have a malicious access behavior to the intranet after passing the authentication, thereby damaging the safe and stable operation of the intranet. Therefore, how to improve the access security of the intranet and the stability of the intranet is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
The embodiment of the application aims to provide a method and a device for accessing a network so as to solve the problems of access security and stability of an intranet.
In order to solve the above technical problem, the embodiments of the present application are implemented as follows:
in a first aspect, an embodiment of the present application provides a method for accessing a network, including: receiving an access request initiated by a first device for a target network, wherein the access request carries authentication information generated by a target gateway according to a number identifier bound by the first device, and the authentication information comprises the number identifier and disposable identification information; verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; and under the condition that the verification result indicates that the one-time identification information passes the verification, establishing an access channel between the first device and the target network so that the first device accesses the target network through the access channel.
In a second aspect, an embodiment of the present application provides a method for accessing a network, including: receiving an access request initiated by a first device for a target network, wherein the access request carries a number identifier; authenticating the SIM card corresponding to the number identification to obtain an authentication result of the SIM card; and under the condition that the authentication result of the SIM card indicates that the SIM card is verified, establishing an access channel between the first equipment and a target network so that the first equipment accesses the target network through the access channel.
In a third aspect, an embodiment of the present application provides an apparatus for accessing a network, including: a receiving module, configured to receive an access request initiated by a first device for a target network, where the access request carries authentication information generated by a target gateway according to a number identifier bound to the first device, and the authentication information includes the number identifier and one-time identification information; the verification module is used for verifying the number identification, and under the condition that the number identification passes the verification, the one-time identification information is verified through the target gateway to obtain a verification result of the one-time identification information; and the establishing module is used for establishing an access channel between the first equipment and the target network under the condition that the verification result indicates that the one-time identification information passes the verification so as to enable the first equipment to access the target network through the access channel.
In a fourth aspect, an embodiment of the present application provides an apparatus for accessing a network, including: a receiving module, configured to receive an access request initiated by a first device for a target network, where the access request carries a number identifier; the authentication module is used for authenticating the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card; and the establishing module is used for establishing an access channel between the first equipment and a target network under the condition that the authentication result of the SIM card indicates that the SIM card is verified, so that the first equipment can access the target network through the access channel.
In a fifth aspect, an embodiment of the present application provides an electronic device, including a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory are communicated with each other through a communication bus; the memory is used for storing a computer program; the processor is configured to execute the program stored in the memory to implement the method steps for accessing a network as mentioned in the first aspect or the second aspect.
In a sixth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method steps for accessing a network as mentioned in the first or second aspect.
According to the technical scheme provided by the embodiment of the application, the access request initiated by the first device for the target network is received, the access request carries authentication information generated by the target gateway according to the number identifier bound by the first device, and the authentication information comprises the number identifier and the disposable identification information; verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; and under the condition that the verification result indicates that the one-time identification information passes the verification, establishing an access channel between the first device and the target network so that the first device accesses the target network through the access channel. The number identification that can bind first equipment and verify disposable identification information through the target gateway, if the user adopts this number identification to visit the intranet on other equipment, because of this number identification and disposable identification information bind with first equipment mutually, then unable pass through verification, avoid revealing and cause illegal user to log in because of the account number password and visit the intranet, improved the security and the stability that the intranet visited.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a first flowchart of a method for accessing a network according to an embodiment of the present application;
fig. 2 is a first schematic thread diagram of a method for accessing a network according to an embodiment of the present application;
fig. 3 is a second flowchart of a method for accessing a network according to an embodiment of the present application;
fig. 4 is a second schematic thread diagram of a method for accessing a network according to an embodiment of the present application;
fig. 5 is a third flowchart illustrating a method for accessing a network according to an embodiment of the present application;
fig. 6 is a schematic thread diagram of a third method for accessing a network according to an embodiment of the present application;
fig. 7 is a fourth flowchart illustrating a method for accessing a network according to an embodiment of the present application;
fig. 8 is a schematic diagram of a fourth thread of a method for accessing a network according to an embodiment of the present application;
fig. 9 is a schematic diagram illustrating a first module composition of an apparatus for accessing a network according to an embodiment of the present application;
fig. 10 is a schematic diagram illustrating a second module composition of an apparatus for accessing a network according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a method and a device for accessing a network and electronic equipment, and the access security and the access stability of an intranet are improved.
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application.
For example, as shown in fig. 1, an execution subject of the method may be a server, where the server may be an independent server or a server cluster composed of a plurality of servers, and the server may be a server capable of accessing a network, and the method for accessing a network may specifically include the following steps:
in step S101, an access request initiated by a first device for a target network is received.
The access request carries authentication information generated by the target gateway according to the number identifier bound by the first device, and the authentication information comprises the number identifier and the disposable identification information. The authentication information is a one-time number authentication token generated by the target gateway according to the number fetching request sent by the first device and the message insertion number carried in the number fetching request.
Specifically, the first device may be a mobile phone, a tablet or other terminal device, where a Subscriber Identity Module (SIM) card is disposed in the terminal device, the SIM card corresponds to a unique number identifier, the number identifier may be a mobile phone number, the disposable identification information may be mobile phone number authentication token data, and the authentication information may be disposable mobile phone number authentication token, where the mobile phone number authentication token data may be a string of character strings generated by a server of an operator communication gateway, and the mobile phone number authentication token data uniquely corresponds to a mobile phone number of the mobile phone. Further, the network standard of the terminal device may be provided by an operator, for example, the network standard includes, but is not limited to, second Generation Mobile Communication technology (2G), third Generation Mobile Communication technology (3 rd Generation, 3G), fourth Generation Mobile Communication technology (the 4Generation Mobile Communication technology, 4G), fifth Generation Mobile Communication technology (5G), and so on. The target gateway may be an operator communications gateway.
As shown in fig. 2, taking the first device as a mobile phone as an example, a user opens a login page for logging in an intranet through mobile data of the mobile phone, the mobile phone automatically sends a number fetching request to the operator communication gateway, after receiving the number fetching request, the operator communication gateway automatically obtains a mobile phone number corresponding to an SIM card of the mobile phone, inserts a message in the number fetching request into the mobile phone, generates a disposable mobile phone number authentication token for the mobile phone corresponding to the SIM card, and sends the disposable mobile phone number authentication token to the mobile phone.
In step S102, the number identifier is verified, and if the number identifier passes the verification, the target gateway verifies the one-time identification information to obtain a verification result of the one-time identification information.
For example, as shown in fig. 2, a user logs in a mobile phone by one key and initiates an access request through the mobile phone, where the access request carries a one-time mobile phone number authentication token. After receiving the access request, the security gateway server verifies whether the mobile phone number in the disposable mobile phone number authentication token has the login authority, after the security gateway server verifies that the mobile phone number has the authority to log in, the security gateway server forwards the disposable mobile phone number authentication token to the operator communication gateway, the operator communication gateway is requested to verify the mobile phone number authentication token data in the disposable mobile phone number authentication token to verify the identity validity of the mobile phone number, the phenomenon that an illegal user of a mobile phone end tampers the mobile phone number but illegally logs in the intranet is avoided, the safety of logging in the intranet by the user is improved, and after the operator communication gateway verifies the mobile phone number authentication token data, the operator communication gateway returns the identity authentication result of the mobile phone number to the security gateway server. If the mobile phone number authentication token data carried in the access request is consistent with the mobile phone number authentication token data sent to the mobile phone by the security gateway server, the mobile phone number authentication token data carried in the access request passes verification, and the identity authentication of the mobile phone number passes; and if the mobile phone number authentication token data carried in the access request is inconsistent with the mobile phone number authentication token data sent to the mobile phone by the secure gateway server, the mobile phone number authentication token data carried in the access request is not verified, and the identity authentication of the mobile phone number is not passed. And after the operator communication gateway authenticates the mobile phone number authentication token data, returning the authentication result to the security gateway server.
In step S103, in case that the verification result indicates that the one-time identification information is verified, an access channel between the first device and the target network is established, so that the first device accesses the target network through the access channel.
Specifically, after the number identification and the one-time identification information are authenticated, the security gateway server establishes an access channel between the first device and the target network, and returns the authentication result of the number identification and the one-time identification information to the terminal device. For example, as shown in fig. 2, the secure gateway server returns the authentication result of the handset number and the handset number authentication token data to the handset.
According to the technical scheme, the number identification bound to the first equipment and the one-time identification information can be verified through the target gateway, if a user accesses the intranet through the number identification on other equipment, the number identification and the one-time identification information cannot pass verification due to the fact that the number identification and the one-time identification information are bound with the first equipment, the fact that an illegal user logs in to access the intranet due to the fact that an account password is leaked is avoided, and safety and stability of intranet access are improved.
For example, as shown in fig. 3, an execution subject of the method may be a server, where the server may be an independent server or a server cluster composed of multiple servers, and the server may be a server capable of accessing a network, where the method for accessing a network specifically includes the following steps:
in step S301, an access request initiated by a first device for a target network is received.
The access request carries authentication information generated by the target gateway according to the number identifier bound by the first device, and the authentication information comprises the number identifier and the disposable identification information.
In step S302, the number identifier is verified, and if the number identifier passes the verification, the target gateway verifies the one-time identification information to obtain a verification result of the one-time identification information.
In step S303, in the case where the verification result indicates that the one-time identification information passes the verification, a connection is established with the target HTML5 fort based on the target access resource; the authentication information is verified again by the target HTML5 fort, and if the authentication is passed, an access channel between the first device and the target network is established by the target HTML5 fort.
The target network comprises target service resources corresponding to the target access resources.
Specifically, as shown in fig. 4, after initiating an access request to a security gateway server, the access request carries a target access resource, a number identifier, and one-time identifier information, where the target access resource is a resource of an intranet that a user requests to access, and the target access resource includes, but is not limited to, at least one of a Secure Shell (SSH) service resource, a Remote terminal Protocol (Telnet) service resource, a Remote Desktop Protocol (RDP) service resource, a Virtual Network Controller (VNC) service resource, a HyperText Transfer Protocol (HTTP) service resource, and a HyperText Transfer Protocol over Secure packet Layer (HTTPs) service resource.
The security gateway server receives the target access resource, the number identification and the one-time identification information, verifies the number identification by the security gateway server, sends the one-time identification information to the operator gateway server by the security gateway server, verifies the one-time identification information by the operator gateway server, and returns a verification result of the one-time identification information to the security gateway server, if the number identification and the one-time identification information are both verified, the security gateway server establishes connection with the target HTML5 bastion based on the resource to which the user requests to access, the target HTML5 bastion re-verifies the number identification and the one-time identification information by a private protocol, if the number identification and the one-time identification information are both verified, the target HTML5 bastion is connected to the intranet by the target HTML5 bastion, namely the security gateway server establishes connection with the target HTML5 bastion, an access channel of the target HTML5 bastion and the intranet is established, and the target service resource corresponding to the access request of the user is provided by the intranet, wherein the target service resource comprises at least one of SSH service resource, tel service resource, RDP service resource, VNC service resource, HTTP service resource and HTS service resource.
When the user accesses the business operation of the target service resource through the first equipment, the target HTML5 bastion displays the business operation connection back to the interface of the first equipment where the user is located.
It should be noted that steps S301 and S302 have the same or similar implementation manners as steps S101 and S102 in the above embodiments, which may be referred to each other, and the embodiments of the present application are not described herein again.
According to the technical scheme provided by the embodiment of the application, the number identification bound to the first equipment and the disposable identification information are verified through the target gateway, if the user accesses the intranet through the number identification on other equipment, the number identification and the disposable identification information are bound with the first equipment, the verification cannot be passed, the condition that an illegal user logs in to access the intranet due to leakage of an account password is avoided, and the safety and the stability of intranet access are improved. In addition, through target HTML5 fort and intranet communication connection, can connect the intranet service resource of different grade type through the multi-protocol access technical support of target HTML5 fort, realize that first equipment polymorphic type visits intranet service, the long-range convenient polymorphic type business of convenience of customers visits and experiences, satisfies the support of security gateway to intranet service resource adaptation diversity, has promoted user experience and has felt.
For example, as shown in fig. 5, an execution subject of the method may be a server, where the server may be an independent server or a server cluster composed of a plurality of servers, and the server may be a server capable of accessing a network, and the method for accessing a network may specifically include the following steps:
in step S501, an access request initiated by a first device for a target network is received, where the access request carries a number identifier.
Specifically, the first device may be a notebook computer, a desktop computer, a wearable device, and the like, and the SIM card is not configured on the first device, so that when a user accesses an intranet by logging in a mobile phone number in the first device, the SIM card corresponding to the mobile phone number needs to be authenticated, so as to improve security when the user accesses the intranet through the first device. The number identifier may be a mobile phone number configured on the second device, and the second device may be a mobile phone and a tablet that support the SIM card.
For example, as shown in fig. 6, taking the first device as a PC terminal and the second device as a mobile phone as an example, the user inputs a mobile phone number on a login page of the PC terminal, and the PC terminal initiates an access request to the target network.
In step S502, the SIM card corresponding to the number identifier is authenticated to obtain an authentication result of the SIM card.
Specifically, before the SIM card is authenticated, whether the number identifier has a login authority may be verified, so as to further improve the security of accessing the intranet.
Further, the implementation manner of step S502 may be to send, by the SIM card authentication platform, authentication information to the second device, where the authentication information indicates that the user inputs, to the second device, a Personal Identification Number (PIN) code of a SIM card of the second device; and confirming the authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of the input information and the PIN code input by the user in the second equipment, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code.
For example, as shown in fig. 6, after receiving the access request, the security gateway server verifies whether the mobile phone number carried in the access request has a login right, and if the mobile phone number is registered in the target network, the mobile phone number has a login right. After the security gateway server verifies that the mobile phone number has the login authority, an SIM platform authentication interface is called to request for authenticating the SIM card of the mobile phone number, after the SIM platform authentication interface receives an SIM card authentication request sent by the security gateway server, the SIM platform sends a coded authentication short message to the second equipment, after the second equipment receives the authentication short message, the authentication short message is opened to trigger an SIM authentication program, an SIM authentication popup window interface is displayed on the second equipment, a user inputs a PIN code of the SIM card on the SIM authentication popup window interface of the second equipment to complete confirmation operation, the SIM platform confirms the authentication result of the SIM card, and returns the authentication result of the SIM card of the mobile phone number through a callback interface of the security gateway server. If the information input by the user on the SIM authentication popup interface corresponds to the correct PIN code of the SIM card, the authentication result of the SIM card is that the PIN code is correct, and the authentication is passed; and if the information input by the user on the SIM authentication popup interface does not correspond to the correct PIN code of the SIM card, the authentication result of the SIM card is that the PIN code is wrong and the SIM card fails to pass the authentication.
In step S503, in a case that the authentication result of the SIM card indicates that the SIM card is verified, an access channel between the first device and the target network is established, so that the first device accesses the target network through the access channel.
Specifically, after the number identifier and the SIM card are authenticated, the security gateway server establishes an access channel between the first device and the target network, and the security gateway server returns the authentication result of the number identifier and the SIM card to the terminal device. For example, as shown in fig. 6, the security gateway server returns the number identifier and the authentication result of the SIM card to the first device, i.e. to the PC.
According to the technical scheme disclosed by the embodiment of the application, when a user accesses the intranet through the number identifier on the first equipment, the second equipment configured with the SIM card needs to authenticate the SIM card corresponding to the number identifier, and the intranet is allowed to be accessed only under the condition that the SIM card is verified. After the account password or the short message information is leaked, an illegal user is prevented from illegally accessing the intranet to cause loss, and the safety and the stability of intranet access are improved.
For example, as shown in fig. 7, an execution subject of the method may be a server, where the server may be an independent server or a server cluster composed of multiple servers, and the server may be a server capable of accessing a network, where the method for accessing a network specifically includes the following steps:
in step S701, an access request initiated by a first device for a target network is received, where the access request carries a number identifier.
In step S702, the SIM card corresponding to the number identifier is authenticated to obtain an authentication result of the SIM card.
In step S703, a connection is established with the target HTML5 fort based on the target access resource; and the number identification is verified again through the target HTML5 fort, and under the condition that the number identification is verified, an access channel between the first equipment and the target network is established through the target HTML5 fort.
The target network comprises target service resources corresponding to the target access resources.
For example, as shown in fig. 8, after initiating an access request to a security gateway server, the access request carries a target access resource and a number identifier, where the target access resource is a resource of an intranet that a user requests to access, and includes, but is not limited to, at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
After receiving the target access resource and the number identifier, the security gateway server verifies the number identifier, if the number identifier passes the verification, the security gateway server establishes connection with the target HTML5 bastion based on the resource which is requested to be accessed by the user, the target HTML5 bastion verifies the number identifier again through a private protocol, if the number identifiers pass the verification, the security gateway server is connected into the intranet through the target HTML5 bastion, an access channel of the target HTML5 bastion and the intranet is established, and the target service resource corresponding to the user request access is provided by the intranet, wherein the target service resource comprises at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource and an HTTPS service resource.
When the user accesses the business operation of the target service resource through the first device, the target HTML5 bastion displays the business operation connection back to the interface of the first device where the user is located.
It should be noted that steps S701 and S702 have the same or similar implementation manners as steps S501 and S502 in the above embodiments, which may be referred to each other, and the embodiments of the present application are not described herein again.
According to the technical scheme disclosed by the embodiment of the application, when a user accesses the intranet through the number identifier on the first equipment, the second equipment configured with the SIM card needs to authenticate the SIM card corresponding to the number identifier, and the intranet is allowed to be accessed only under the condition that the SIM card is verified. After the account password or the short message information is leaked, an illegal user is prevented from illegally accessing the intranet to cause loss, and the safety and the stability of intranet access are improved. In addition, through target HTML5 fort and intranet communication connection, can connect the intranet service resource of different grade type through the multi-protocol access technical support of target HTML5 fort, realize that first equipment polymorphic type visits intranet service, the long-range convenient polymorphic type business of convenience of customers visits and experiences, satisfies the support of security gateway to intranet service resource adaptation diversity, has promoted user experience and has felt.
On the basis of the same technical concept, a network access apparatus is further provided in the embodiments of the present application corresponding to the method for accessing a network provided in the foregoing embodiments, and fig. 9 is a schematic diagram of modules of the network access apparatus provided in the embodiments of the present application, where the network access apparatus is configured to perform the method for accessing a network described in fig. 1 to 4, and as shown in fig. 9, the network access apparatus 900 includes: a receiving module 901, configured to receive an access request initiated by a first device for a target network, where the access request carries authentication information generated by a target gateway according to a number identifier bound to the first device, and the authentication information includes the number identifier and disposable identification information; the verification module 902 is configured to verify the number identifier, and verify the one-time identification information through the target gateway when the number identifier passes the verification, so as to obtain a verification result of the one-time identification information; an establishing module 903, configured to establish an access channel between the first device and the target network, so that the first device accesses the target network through the access channel, when the verification result indicates that the one-time identification information passes the verification.
In a possible implementation manner, the establishing module 903 is further configured to establish a connection with a target HTML5 bastion based on a target access resource; and verifying the authentication information again through the target HTML5 fort, and under the condition that the authentication is passed, establishing an access channel between the first equipment and a target network through the target HTML5 fort, wherein the target network comprises a target service resource corresponding to the target access resource.
In one possible implementation, the target service resource includes at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
In a possible implementation manner, the authentication information is a one-time number authentication token generated by the target gateway according to the number fetching request sent by the first device for the message insertion number carried in the number fetching request.
On the basis of the same technical concept, a method for accessing a network provided by the foregoing embodiment further provides a device for accessing a network, fig. 10 is a schematic diagram of modules of the device for accessing a network provided by the embodiment of the present application, where the device for accessing a network is configured to execute the method for accessing a network described in fig. 5 to 8, and as shown in fig. 10, the device 1000 for accessing a network includes: a receiving module 1001, configured to receive an access request initiated by a first device for a target network, where the access request carries a number identifier; the authentication module 1002 is configured to authenticate the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card; the establishing module 1003 is configured to, when the authentication result of the SIM card indicates that the SIM card is verified, establish an access channel between the first device and the target network, so that the first device accesses the target network through the access channel.
In a possible implementation manner, the establishing module 1003 is further configured to establish a connection with the target HTML5 bastion based on the target access resource; and verifying the number identifier again through the target HTML5 fort, and under the condition that the number identifier is verified to be passed, establishing an access channel between the first equipment and a target network through the target HTML5 fort, wherein the target network comprises a target service resource corresponding to the target access resource.
In one possible implementation, the target service resource includes at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
In a possible implementation manner, the authentication module 1002 is further configured to send, to the second device through the SIM card authentication platform, authentication information indicating that the user inputs, to the second device, a PIN code of a SIM card of the second device; and confirming the authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of the input information and the PIN code input by the user in the second equipment, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code.
The network access device provided in the embodiment of the present application can implement each process in the embodiment corresponding to the above network access method, and is not described here again to avoid repetition.
It should be noted that the network access apparatus provided in the embodiment of the present application and the network access method provided in the embodiment of the present application are based on the same application concept, and therefore, for specific implementation of the embodiment, reference may be made to implementation of the foregoing network access method, and the same or similar beneficial effects are achieved, and repeated details are not repeated.
On the basis of the same technical concept, the embodiment of the present application further provides an electronic device, which is configured to execute the method for accessing a network, and fig. 11 is a schematic structural diagram of an electronic device implementing the embodiments of the present application, as shown in fig. 11. Electronic devices may vary widely in configuration or performance and may include one or more processors 1101 and memory 1102, where the memory 1102 may store one or more stored applications or data. Wherein memory 1102 may be transient or persistent. The application programs stored in memory 1102 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for the electronic device.
Still further, the processor 1101 may be configured to communicate with the memory 1102 to execute a series of computer-executable instructions in the memory 1102 on the electronic device. The electronic device may also include one or more power supplies 1103, one or more wired or wireless network interfaces 1104, one or more input-output interfaces 1105, one or more keyboards 1106.
Specifically, in this embodiment, the electronic device includes a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory complete mutual communication through a bus; a memory for storing a computer program; the processor is configured to execute the program stored in the memory to implement the steps in the method embodiments in fig. 1 to 8, and has the advantages of the method embodiments.
In this embodiment, a computer-readable storage medium is further provided, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps in the method embodiments in fig. 1 to fig. 8 are implemented, and the computer program has the beneficial effects of the method embodiments, and in order to avoid repetition, the embodiments of the present application are not described herein again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, an electronic device includes one or more processors (CPUs), input/output interfaces, a network interface, and a memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A method of accessing a network, the method comprising:
receiving an access request initiated by a first device for a target network, wherein the access request carries authentication information generated by a target gateway according to a number identifier bound by the first device, and the authentication information comprises the number identifier and disposable identification information;
verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information;
and under the condition that the verification result indicates that the one-time identification information passes the verification, establishing an access channel between the first equipment and the target network so that the first equipment accesses the target network through the access channel.
2. The method according to claim 1, wherein the access request carries a target access resource, and the establishing an access channel between the first device and the target network comprises:
establishing connection with a target HTML5 fort based on the target access resource;
and verifying the authentication information again through the target HTML5 fort, and under the condition that the authentication is passed, establishing an access channel between the first equipment and the target network through the target HTML5 fort, wherein the target network comprises a target service resource corresponding to the target access resource.
3. The method of accessing a network of claim 2, wherein the target service resource comprises at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
4. The method according to claim 1, wherein the authentication information is a one-time number authentication token generated by inserting a message carried in a number fetching request into the number according to the number fetching request sent by the first device by the target gateway.
5. A method for accessing a network, the method comprising:
receiving an access request initiated by first equipment aiming at a target network, wherein the access request carries a number identifier;
authenticating the SIM card corresponding to the number identification to obtain an authentication result of the SIM card;
and under the condition that the authentication result of the SIM card indicates that the SIM card is verified, establishing an access channel between the first equipment and a target network so that the first equipment accesses the target network through the access channel.
6. The method according to claim 5, wherein the access request carries a target access resource, and the establishing the access channel between the first device and the target network comprises:
establishing connection with a target HTML5 fort based on the target access resource;
and the number identifier is verified again through the target HTML5 fort, and under the condition that the number identifier is verified to pass, an access channel between the first equipment and the target network is established through the target HTML5 fort, wherein the target network comprises a target service resource corresponding to the target access resource.
7. The method of claim 6, wherein the target service resource comprises at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPS service resource.
8. The method according to claim 5, wherein the authenticating the SIM card corresponding to the number identifier, and obtaining the authentication result of the SIM card comprises:
sending authentication information to second equipment through an SIM card authentication platform, wherein the authentication information indicates that a user inputs a PIN (personal identification number) of an SIM card of the second equipment to the second equipment;
and confirming an authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of input information input by a user in the second equipment and the PIN code, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code.
9. An apparatus for accessing a network, the apparatus comprising:
a receiving module, configured to receive an access request initiated by a first device for a target network, where the access request carries authentication information generated by a target gateway according to a number identifier bound to the first device, and the authentication information includes the number identifier and one-time identification information;
the verification module is used for verifying the number identification, and under the condition that the number identification passes the verification, the one-time identification information is verified through the target gateway to obtain a verification result of the one-time identification information;
and the establishing module is used for establishing an access channel between the first equipment and the target network under the condition that the verification result indicates that the one-time identification information passes the verification so as to enable the first equipment to access the target network through the access channel.
10. An apparatus for accessing a network, the apparatus comprising:
a receiving module, configured to receive an access request initiated by a first device for a target network, where the access request carries a number identifier;
the authentication module is used for authenticating the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card;
and the establishing module is used for establishing an access channel between the first equipment and a target network under the condition that the authentication result of the SIM card indicates that the SIM card is verified, so that the first equipment can access the target network through the access channel.
CN202210520086.5A 2022-05-13 2022-05-13 Method and device for accessing network Active CN115190483B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210520086.5A CN115190483B (en) 2022-05-13 2022-05-13 Method and device for accessing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210520086.5A CN115190483B (en) 2022-05-13 2022-05-13 Method and device for accessing network

Publications (2)

Publication Number Publication Date
CN115190483A true CN115190483A (en) 2022-10-14
CN115190483B CN115190483B (en) 2023-09-19

Family

ID=83513246

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210520086.5A Active CN115190483B (en) 2022-05-13 2022-05-13 Method and device for accessing network

Country Status (1)

Country Link
CN (1) CN115190483B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118432957A (en) * 2024-07-04 2024-08-02 阿里云计算有限公司 Network communication management and control method, readable storage medium, device and product

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497909A (en) * 2002-10-17 2004-05-19 Զ�����Źɷ����޹�˾ Network identification, quthorization and acounting system and method
KR20070014533A (en) * 2005-07-29 2007-02-01 (주)디지탈홈네트 A sim card based security protocol for an efficient mobile terminal
CN103441842A (en) * 2013-07-22 2013-12-11 暨南大学 System and method for controlling internet of things terminal M2M access
US20190334884A1 (en) * 2014-11-07 2019-10-31 Privakey, Inc. Systems and methods of device based customer authentication and authorization
CN111756729A (en) * 2020-06-23 2020-10-09 北京网瑞达科技有限公司 Network resource access method, device, computer equipment and storage medium
CN112836202A (en) * 2021-02-01 2021-05-25 长沙市到家悠享网络科技有限公司 Information processing method and device and server
US20220030473A1 (en) * 2020-07-27 2022-01-27 Southwest Jiaotong University Method for batch handover authentication and key agreement oriented to heterogeneous network
CN114244598A (en) * 2021-12-14 2022-03-25 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114297708A (en) * 2021-12-27 2022-04-08 奇安信科技集团股份有限公司 Access control method, device, equipment and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497909A (en) * 2002-10-17 2004-05-19 Զ�����Źɷ����޹�˾ Network identification, quthorization and acounting system and method
KR20070014533A (en) * 2005-07-29 2007-02-01 (주)디지탈홈네트 A sim card based security protocol for an efficient mobile terminal
CN103441842A (en) * 2013-07-22 2013-12-11 暨南大学 System and method for controlling internet of things terminal M2M access
US20190334884A1 (en) * 2014-11-07 2019-10-31 Privakey, Inc. Systems and methods of device based customer authentication and authorization
CN111756729A (en) * 2020-06-23 2020-10-09 北京网瑞达科技有限公司 Network resource access method, device, computer equipment and storage medium
US20220030473A1 (en) * 2020-07-27 2022-01-27 Southwest Jiaotong University Method for batch handover authentication and key agreement oriented to heterogeneous network
CN112836202A (en) * 2021-02-01 2021-05-25 长沙市到家悠享网络科技有限公司 Information processing method and device and server
CN114244598A (en) * 2021-12-14 2022-03-25 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114297708A (en) * 2021-12-27 2022-04-08 奇安信科技集团股份有限公司 Access control method, device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
胡能鹏: "SIM卡在网络安全管理中的应用", 网络安全和信息化 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118432957A (en) * 2024-07-04 2024-08-02 阿里云计算有限公司 Network communication management and control method, readable storage medium, device and product

Also Published As

Publication number Publication date
CN115190483B (en) 2023-09-19

Similar Documents

Publication Publication Date Title
CN108901022B (en) Micro-service unified authentication method and gateway
CN111177686B (en) Identity authentication method, device and related equipment
TWI725958B (en) Cloud host service authority control method, device and system
CN113630377B (en) Single sign-on for hosted mobile devices
JP2020064668A (en) Network connection automatization
US9268545B2 (en) Connecting mobile devices, internet-connected hosts, and cloud services
US8788809B2 (en) Method and apparatus to create a secure web-browsing environment with privilege signing
US20150188779A1 (en) Split-application infrastructure
KR102001544B1 (en) Apparatus and method to enable a user authentication in a communication system
WO2016173199A1 (en) Mobile application single sign-on method and device
CN111355713B (en) Proxy access method, device, proxy gateway and readable storage medium
JP2023145552A (en) Method and system for authenticating secure qualification information transfer to device
CN112491776B (en) Security authentication method and related equipment
CN110958119A (en) Identity verification method and device
CN110247758B (en) Password management method and device and password manager
CN111818088A (en) Authorization mode management method and device, computer equipment and readable storage medium
CN115190483B (en) Method and device for accessing network
CN116996305A (en) Multi-level security authentication method, system, equipment, storage medium and entry gateway
CN116633562A (en) Network zero trust security interaction method and system based on WireGuard
KR101637155B1 (en) A system providing trusted identity management service using trust service device and its methods of operation
Wang et al. A framework for formal analysis of privacy on SSO protocols
CN113992446B (en) Cross-domain browser user authentication method, system and computer storage medium
CN113765876B (en) Report processing software access method and device
CN113055186B (en) Cross-system service processing method, device and system
Urien et al. A new convergent identity system based on eap-tls smart cards

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant