CN115190483B - Method and device for accessing network - Google Patents

Method and device for accessing network Download PDF

Info

Publication number
CN115190483B
CN115190483B CN202210520086.5A CN202210520086A CN115190483B CN 115190483 B CN115190483 B CN 115190483B CN 202210520086 A CN202210520086 A CN 202210520086A CN 115190483 B CN115190483 B CN 115190483B
Authority
CN
China
Prior art keywords
target
authentication
network
sim card
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210520086.5A
Other languages
Chinese (zh)
Other versions
CN115190483A (en
Inventor
陈芨
郑磊
胡能鹏
方嘉宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Internet Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202210520086.5A priority Critical patent/CN115190483B/en
Publication of CN115190483A publication Critical patent/CN115190483A/en
Application granted granted Critical
Publication of CN115190483B publication Critical patent/CN115190483B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a method and a device for accessing a network, wherein the method comprises the following steps: receiving an access request initiated by first equipment aiming at a target network, wherein the access request carries authentication information generated by a target gateway according to a number identifier bound by the first equipment, and the authentication information comprises the number identifier and disposable identifier information; verifying the number identification, and under the condition that the number identification passes the verification, verifying the disposable identification information through the target gateway to obtain a verification result of the disposable identification information; and under the condition that the verification result indicates that the disposable identification information passes the verification, establishing an access channel between the first equipment and the target network so as to enable the first equipment to access the target network through the access channel.

Description

Method and device for accessing network
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for accessing a network.
Background
With the popularization of internet mobile office, enterprise staff remotely accesses a business system of an enterprise intranet through the internet by carrying terminal equipment, so that the enterprise intranet access security is challenging.
In some scenarios, a user's terminal device is used as an entrance where the user accesses the intranet, the user applies for access to the intranet usually by using an account number password or a short message code, and before the secure connection between the user and the intranet is established, the authentication system verifies the validity of access, and after the authentication system confirms that access is allowed, an access channel between the user and the intranet is established through a security gateway. However, by adopting authentication technologies such as account passwords or short message codes, security problems such as shared user account, password leakage, short message code leakage and the like may exist, and under the condition that the security problems exist, malicious access behaviors to an intranet may occur after an illegal user passes authentication, so that safe and stable operation of the intranet is damaged. Therefore, how to improve the access security and the stability of the intranet is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
The embodiment of the application aims to provide a method and a device for accessing a network, so as to improve the access security and stability of an intranet.
In order to solve the technical problems, the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a method for accessing a network, including: receiving an access request initiated by first equipment aiming at a target network, wherein the access request carries authentication information generated by a target gateway according to a number identifier bound by the first equipment, and the authentication information comprises the number identifier and disposable identifier information; verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; and under the condition that the verification result indicates that the disposable identification information passes verification, establishing an access channel between the first equipment and the target network so that the first equipment accesses the target network through the access channel.
In a second aspect, an embodiment of the present application provides a method for accessing a network, including: receiving an access request initiated by first equipment aiming at a target network, wherein the access request carries a number identifier; authenticating the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card; and under the condition that the authentication result of the SIM card indicates that the SIM card passes the authentication, establishing an access channel between the first equipment and a target network, so that the first equipment accesses the target network through the access channel.
In a third aspect, an embodiment of the present application provides an apparatus for accessing a network, including: the access request carries authentication information generated by a target gateway according to a number identifier bound by the first equipment, wherein the authentication information comprises the number identifier and disposable identifier information; the verification module is used for verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; the establishing module is used for establishing an access channel between the first equipment and the target network when the verification result indicates that the disposable identification information passes verification, so that the first equipment accesses the target network through the access channel.
In a fourth aspect, an embodiment of the present application provides an apparatus for accessing a network, including: the receiving module is used for receiving an access request initiated by the first equipment aiming at the target network, wherein the access request carries a number identifier; the authentication module is used for authenticating the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card; the establishing module is used for establishing an access channel between the first equipment and a target network under the condition that the authentication result of the SIM card indicates that the SIM card passes the authentication, so that the first equipment accesses the target network through the access channel.
In a fifth aspect, an embodiment of the present application provides an electronic device, including a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory complete communication with each other through a communication bus; the memory is used for storing a computer program; the processor is configured to execute a program stored on the memory to implement the method steps for accessing a network as mentioned in the first aspect or the second aspect.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method steps of accessing a network as mentioned in the first or second aspect.
The technical scheme provided by the embodiment of the application can be seen that by receiving the access request initiated by the first equipment aiming at the target network, the access request carries authentication information generated by the target gateway according to the number identifier bound by the first equipment, wherein the authentication information comprises the number identifier and the disposable identifier information; verifying the number identification, and under the condition that the number identification passes the verification, verifying the disposable identification information through the target gateway to obtain a verification result of the disposable identification information; and under the condition that the verification result indicates that the disposable identification information passes the verification, establishing an access channel between the first equipment and the target network so as to enable the first equipment to access the target network through the access channel. The number identification bound to the first equipment and the one-time identification information can be verified through the target gateway, if a user accesses the intranet by adopting the number identification on other equipment, the number identification and the one-time identification information are bound to the first equipment, the verification cannot be passed, the illegal user login access to the intranet caused by account password leakage is avoided, and the safety and the stability of intranet access are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a first flowchart of a method for accessing a network according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a first thread of a method for accessing a network according to an embodiment of the present application;
fig. 3 is a second flowchart of a method for accessing a network according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a second thread of a method for accessing a network according to an embodiment of the present application;
fig. 5 is a third flowchart of a method for accessing a network according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a third thread of a method for accessing a network according to an embodiment of the present application;
fig. 7 is a fourth flowchart of a method for accessing a network according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a fourth thread of a method for accessing a network according to an embodiment of the present application;
fig. 9 is a schematic diagram of a first module composition of an apparatus for accessing a network according to an embodiment of the present application;
fig. 10 is a schematic diagram of a second module composition of a network access device according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a method, a device and electronic equipment for accessing a network, which improve the access safety and stability of an intranet.
In order to make the technical solution of the present application better understood by those skilled in the art, the technical solution of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, shall fall within the scope of the application.
As shown in fig. 1, an embodiment of the present application provides a method for accessing a network, where an execution body of the method may be a server, and the server may be an independent server or may be a server cluster formed by a plurality of servers, and the server may be a server capable of accessing a network, and the method for accessing a network may specifically include the following steps:
in step S101, an access request initiated by a first device for a target network is received.
The access request carries authentication information generated by the target gateway according to the number identifier bound by the first device, wherein the authentication information comprises the number identifier and disposable identifier information. The authentication information is a one-time number authentication token generated by inserting a number into a message carried in a number taking request according to the number taking request sent by the first equipment by the target gateway.
Specifically, the first device may be a mobile phone, a tablet and other terminal devices, in which a subscriber identity module (Subscriber Identity Module, SIM) card is set, the SIM card corresponds to a unique number identifier, the number identifier may be a mobile phone number, the one-time identifier information may be mobile phone number authentication token data, and the authentication information may be one-time mobile phone number authentication token, where the mobile phone number authentication token data may be a string of characters generated by a server of an operator communication gateway, and the mobile phone number authentication token data uniquely corresponds to a mobile phone number of the mobile phone. Further, the network system of the terminal device may be provided for a certain operator, for example, the network system includes, but is not limited to, a second generation mobile communication technology (second generation, 2G), a third generation mobile communication technology (3 rd generation, 3G), a fourth generation mobile communication technology (the 4Generation mobile communication technology,4G), a fifth generation mobile communication technology (5th Generation Mobile Communication Technology,5G), and the like. The target gateway may be an operator communication gateway.
Taking a mobile phone as an example, as shown in fig. 2, a user opens a login page for logging in an intranet through mobile data of the mobile phone, the mobile phone automatically sends a number taking request to an operator communication gateway, the operator communication gateway automatically obtains a mobile phone number corresponding to an SIM card of the mobile phone after receiving the number taking request, and then generates a disposable mobile phone number authentication token by inserting a message in the number taking request into the mobile phone number corresponding to the SIM card in the mobile phone, and sends the mobile phone number authentication token to the mobile phone.
In step S102, the number identifier is verified, and if the number identifier passes the verification, the target gateway verifies the disposable identifier information to obtain a verification result of the disposable identifier information.
For example, as shown in fig. 2, a user initiates an access request through a mobile phone by logging in on the mobile phone with one-time mobile phone number authentication token. After the security gateway server receives the access request, verifying whether the mobile phone number in the disposable mobile phone number authentication token has login permission, after the security gateway server verifies that the mobile phone number has permission to login, forwarding the disposable mobile phone number authentication token to an operator communication gateway by the security gateway server, requesting the operator communication gateway to verify the mobile phone number authentication token data in the disposable mobile phone number authentication token to verify the identity legitimacy of the mobile phone number, avoiding illegal users at the mobile phone end from tampering the mobile phone number and illegally logging in an intranet, improving the security of the user logging in the intranet, and returning the identity authentication result of the mobile phone number to the security gateway server after the operator communication gateway verifies the mobile phone number authentication token data. If the mobile phone number authentication token data carried in the access request is consistent with the mobile phone number authentication token data sent to the mobile phone by the security gateway server, the mobile phone number authentication token data carried in the access request passes verification, and the identity authentication of the mobile phone number is indicated to pass; if the mobile phone number authentication token data carried in the access request is inconsistent with the mobile phone number authentication token data sent to the mobile phone by the security gateway server, the mobile phone number authentication token data carried in the access request is not verified, and the identity authentication of the mobile phone number is not verified. And after the operator communication gateway completes authentication of the mobile phone number authentication token data, returning the authentication result to the security gateway server.
In step S103, in the case where the verification result indicates that the one-time identification information passes the verification, an access channel between the first device and the target network is established, so that the first device accesses the target network through the access channel.
Specifically, after the number identification and the one-time identification information pass verification, the security gateway server establishes an access channel between the first device and the target network, and the security gateway server returns the verification results of the number identification and the one-time identification information to the terminal device. For example, as shown in fig. 2, the security gateway server returns the authentication result of the mobile phone number and the mobile phone number authentication token data to the mobile phone.
According to the technical scheme disclosed by the embodiment of the application, the number identification bound by the first equipment and the disposable identification information can be verified through the target gateway, if a user accesses the intranet by adopting the number identification on other equipment, the number identification and the disposable identification information are bound with the first equipment, the verification cannot be passed, the illegal user login access to the intranet caused by account password leakage is avoided, and the safety and the stability of intranet access are improved.
As shown in fig. 3, an embodiment of the present application provides a method for accessing a network, where an execution body of the method may be a server, and the server may be an independent server or may be a server cluster formed by a plurality of servers, and the server may be a server capable of accessing a network, and the method for accessing a network may specifically include the following steps:
in step S301, an access request initiated by a first device for a target network is received.
The access request carries authentication information generated by the target gateway according to the number identifier bound by the first device, wherein the authentication information comprises the number identifier and disposable identifier information.
In step S302, the number identifier is verified, and in the case that the number identifier passes the verification, the target gateway verifies the one-time identification information, so as to obtain a verification result of the one-time identification information.
In step S303, in the case that the verification result indicates that the one-time identification information passes the verification, a connection is established with the target HTML5 fort based on the target access resource; and verifying the authentication information again through the target HTML5 fort, and establishing an access channel between the first device and the target network through the target HTML5 fort under the condition that the verification is passed.
The target network comprises target service resources corresponding to the target access resources.
Specifically, as shown in fig. 4, after the first device initiates the access request to the security gateway server, the access request carries the target access resource, the number identifier and the one-time identifier information, where the target access resource is a resource of an intranet that the user requests to access, and includes, but is not limited to, at least one of a Secure Shell (SSH) service resource, a remote terminal protocol (Telnet) service resource, a remote desktop protocol (Remote Desktop Protocol, RDP) service resource, a virtual network console (Virtual Network Console, VNC) service resource, a hypertext transfer protocol (HyperText Transfer Protocol, HTTP) service resource and a hypertext transfer security protocol (Hyper Text Transfer Protocol over Secure Socket Layer, HTTPs) service resource.
After the security gateway server receives the target access resource, the number identification and the one-time identification information, the security gateway server verifies the number identification, the security gateway server sends the one-time identification information to the operator gateway server, the operator gateway server verifies the one-time identification information and returns a verification result of the one-time identification information to the security gateway server, if the number identification and the one-time identification information pass the verification, the security gateway server establishes connection with the target HTML5 fort based on the resource which is requested to be accessed by the user, the target HTML5 fort verifies the number identification and the one-time identification information again through a private protocol, if the number identification and the one-time identification information pass the verification, the target HTML5 fort is connected to an intranet, namely, the security gateway server establishes connection with the target HTML5 fort, establishes an access channel between the target HTML5 fort and the intranet, and provides a target service resource corresponding to the request of the user for access by the intranet, wherein the target service resource comprises at least one of SSH service resource, telnet service resource, RDP service resource, VNC service resource, HTTP service resource and HTTPS service resource.
When the user accesses the business operation of the target service resource through the first device, the target HTML5 fort connects and displays the business operation back to the interface of the first device where the user is located.
It should be noted that, the steps S301 and S302 have the same or similar implementation manner as the steps S101 and S102 in the above embodiment, which may be referred to each other, and the embodiments of the present application are not described herein again.
According to the technical scheme provided by the embodiment of the application, the number identification bound by the first equipment and the one-time identification information can be verified through the target gateway, if a user accesses the intranet by adopting the number identification on other equipment, the number identification and the one-time identification information are bound with the first equipment, the verification cannot be passed, the illegal user login access to the intranet caused by account password leakage is avoided, and the safety and the stability of intranet access are improved. In addition, through target HTML5 fort and intranet communication connection, can connect different grade type intranet service resource through the multi-protocol access technical support of target HTML5 fort, realize that first equipment multi-type accesses intranet service, the convenience of customers long-range convenient multi-type business access experience satisfies the support of security gateway to intranet service resource adaptation variety, has promoted user experience and has felt.
As shown in fig. 5, an embodiment of the present application provides a method for accessing a network, where an execution body of the method may be a server, and the server may be an independent server or may be a server cluster formed by a plurality of servers, and the server may be a server capable of accessing a network, and the method for accessing a network may specifically include the following steps:
in step S501, an access request initiated by the first device for the target network is received, where the access request carries a number identifier.
Specifically, the first device may be a notebook computer, a desktop computer, a wearable device, or the like, and the first device is not configured with a SIM card, so when a user accesses an intranet through logging in a mobile phone number by using the first device, the SIM card corresponding to the mobile phone number needs to be verified, so that the security when the user accesses the intranet through the device is improved. The number identifier may be a mobile phone number configured on a second device, and the second device may be a mobile phone supporting a SIM card, a tablet, or the like.
For example, as shown in fig. 6, taking the first device as a PC terminal and the second device as a mobile phone as an example, the user inputs a mobile phone number on a login page of the PC terminal, and the PC terminal initiates an access request to the target network.
In step S502, the SIM card corresponding to the number identifier is authenticated, and an authentication result of the SIM card is obtained.
Specifically, before authenticating the SIM card, whether the number identifier has login permission can be verified, so that the security of accessing the intranet is further improved.
Further, the implementation manner of step S502 may be that authentication information is sent to the second device through the SIM card authentication platform, where the authentication information indicates that the user inputs a personal identification code (Personal Identification Number, PIN) of the SIM card of the second device to the second device; and confirming an authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of the input information and the PIN code input by the user at the second equipment, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code.
For example, as shown in fig. 6, after the security gateway server receives the access request, the security gateway server verifies whether the mobile phone number carried in the access request has login permission, and if the mobile phone number is originally registered in the target network, the mobile phone number has login permission. After the security gateway server verifies that the mobile phone number has login permission, an SIM platform authentication interface is called to request authentication of the SIM card of the mobile phone number, after the SIM platform authentication interface receives an SIM card authentication request sent by the security gateway server, the SIM platform sends a coded authentication short message to the second device, after the authentication short message is received by the second device, the authentication short message is opened to trigger an SIM authentication program, an SIM authentication popup interface is displayed on the second device, a user inputs the PIN code of the SIM card on the SIM authentication popup interface of the second device, the confirmation operation is completed, the SIM platform confirms the authentication result of the SIM card, and the authentication result of the SIM card of the mobile phone number is returned through the callback interface of the security gateway server. If the information input by the user on the SIM authentication popup window interface corresponds to the correct PIN code of the SIM card, the authentication result of the SIM card is that the PIN code is correct, and the authentication is passed; if the information input by the user on the SIM authentication popup window interface does not correspond to the correct PIN code of the SIM card, the authentication result of the SIM card is that the PIN code is wrong, and the authentication is not passed.
In step S503, if the authentication result of the SIM card indicates that the SIM card passes the verification, an access channel between the first device and the target network is established, so that the first device accesses the target network through the access channel.
Specifically, after the number identifier and the SIM card pass verification, the security gateway server establishes an access channel between the first device and the target network, and the security gateway server returns the verification results of the number identifier and the SIM card to the terminal device. For example, as shown in fig. 6, the security gateway server returns the number identifier and the authentication result of the SIM card to the first device, that is, to the PC side.
By the technical scheme disclosed by the embodiment of the application, when a user accesses the intranet through the number identifier on the first device, the second device provided with the SIM card is required to authenticate the SIM card corresponding to the number identifier, and only the SIM card is allowed to access the intranet under the condition of passing the authentication. After the account passwords or the short message information are revealed, the loss caused by illegal access to the intranet by an illegal user is prevented, and the safety and the stability of the intranet access are improved.
As shown in fig. 7, an embodiment of the present application provides a method for accessing a network, where an execution body of the method may be a server, and the server may be an independent server or may be a server cluster formed by a plurality of servers, and the server may be a server capable of accessing a network, and the method for accessing a network may specifically include the following steps:
in step S701, an access request initiated by the first device for the target network is received, where the access request carries a number identifier.
In step S702, the SIM card corresponding to the number identifier is authenticated, and an authentication result of the SIM card is obtained.
In step S703, a connection is established with the target HTML5 fort based on the target access resource; and verifying the number identification again through the target HTML5 fort, and establishing an access channel between the first device and the target network through the target HTML5 fort under the condition that the number identification is verified.
The target network comprises target service resources corresponding to the target access resources.
For example, as shown in fig. 8, after the first device initiates an access request to the security gateway server, the access request carries a target access resource and a number identifier, where the target access resource is a resource of an intranet that is requested to be accessed by a user, and the target access resource includes, but is not limited to, at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
After the security gateway server receives the target access resource and the number identifier, the security gateway server verifies the number identifier, if the number identifier passes verification, the security gateway server establishes connection with the target HTML5 fort based on the resource requested to be accessed by the user, the target HTML5 fort verifies the number identifier again through a private protocol, if the number identifiers pass verification, the target HTML5 fort is connected to the intranet, an access channel between the target HTML5 fort and the intranet is established, and the intranet provides a target service resource corresponding to the request to be accessed by the user, wherein the target service resource comprises at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource and an HTTPS service resource.
When the user accesses the business operation of the target service resource through the first device, the target HTML5 fort connects and displays the business operation back to the interface of the first device where the user is located.
It should be noted that, the step S701 and the step S702 have the same or similar implementation manner as the step S501 and the step S502 in the above embodiment, which may be referred to each other, and the embodiments of the present application are not described herein again.
By the technical scheme disclosed by the embodiment of the application, when a user accesses the intranet through the number identifier on the first device, the second device provided with the SIM card is required to authenticate the SIM card corresponding to the number identifier, and only the SIM card is allowed to access the intranet under the condition of passing the authentication. After the account passwords or the short message information are revealed, the loss caused by illegal access to the intranet by an illegal user is prevented, and the safety and the stability of the intranet access are improved. In addition, through target HTML5 fort and intranet communication connection, can connect different grade type intranet service resource through the multi-protocol access technical support of target HTML5 fort, realize that first equipment multi-type accesses intranet service, the convenience of customers long-range convenient multi-type business access experience satisfies the support of security gateway to intranet service resource adaptation variety, has promoted user experience and has felt.
According to the method for accessing a network provided by the foregoing embodiment, based on the same technical concept, the embodiment of the present application further provides a device for accessing a network, and fig. 9 is a schematic block diagram of the device for accessing a network provided by the embodiment of the present application, where the device for accessing a network is used to execute the method for accessing a network described in fig. 1 to fig. 4, as shown in fig. 9, the device 900 for accessing a network includes: the receiving module 901 is configured to receive an access request initiated by a first device for a target network, where the access request carries authentication information generated by a target gateway according to a number identifier bound by the first device, and the authentication information includes the number identifier and disposable identifier information; the verification module 902 is configured to verify the number identifier, and in case that the number identifier passes the verification, verify the disposable identifier information through the target gateway to obtain a verification result of the disposable identifier information; the establishing module 903 is configured to establish an access channel between the first device and the target network when the verification result indicates that the one-time identification information passes verification, so that the first device accesses the target network through the access channel.
In one possible implementation, the establishing module 903 is further configured to establish a connection with the target HTML5 fort based on the target access resource; and verifying the authentication information again through the target HTML5 fort, and establishing an access channel between the first equipment and a target network through the target HTML5 fort under the condition that verification is passed, wherein the target network comprises target service resources corresponding to the target access resources.
In one possible implementation, the target service resources include at least one of SSH service resources, telnet service resources, RDP service resources, VNC service resources, HTTP service resources, and HTTPs service resources.
In one possible implementation manner, the authentication information is a one-time number authentication token generated by inserting a number into a message carried in a number acquisition request according to the number acquisition request sent by the first device by the target gateway.
According to the method for accessing a network provided by the foregoing embodiment, based on the same technical concept, the embodiment of the present application further provides a device for accessing a network, where the module of the device for accessing a network provided by the embodiment of the present application in fig. 10 is a schematic diagram, and the device for accessing a network is used to execute the method for accessing a network described in fig. 5 to fig. 8, as shown in fig. 10, where the device 1000 for accessing a network includes: a receiving module 1001, configured to receive an access request initiated by a first device for a target network, where the access request carries a number identifier; the authentication module 1002 is configured to authenticate the SIM card corresponding to the number identifier, to obtain an authentication result of the SIM card; and a setting up module 1003, configured to set up an access channel between the first device and the target network, if the authentication result of the SIM card indicates that the SIM card passes the verification, so that the first device accesses the target network through the access channel.
In one possible implementation, the setup module 1003 is further configured to establish a connection with the target HTML5 fort based on the target access resource; and verifying the number identification again through the target HTML5 fort, and establishing an access channel between the first equipment and a target network through the target HTML5 fort under the condition that the number identification is verified, wherein the target network comprises target service resources corresponding to the target access resources.
In one possible implementation, the target service resources include at least one of SSH service resources, telnet service resources, RDP service resources, VNC service resources, HTTP service resources, and HTTPs service resources.
In a possible implementation manner, the authentication module 1002 is further configured to send authentication information to the second device through the SIM card authentication platform, where the authentication information indicates that the user inputs a PIN code of a SIM card of the second device to the second device; and confirming an authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of the input information and the PIN code input by the user at the second equipment, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code.
The network access device provided by the embodiment of the present application can implement each process in the embodiment corresponding to the network access method, and in order to avoid repetition, the description is omitted here.
It should be noted that, the device for accessing a network provided by the embodiment of the present application and the method for accessing a network provided by the embodiment of the present application are based on the same application conception, so that the implementation of the embodiment can refer to the implementation of the method for accessing a network, and have the same or similar beneficial effects, and the repetition is omitted.
According to the method for accessing a network provided by the foregoing embodiment, based on the same technical concept, the embodiment of the present application further provides an electronic device, where the electronic device is configured to execute the method for accessing a network, and fig. 11 is a schematic structural diagram of an electronic device implementing the embodiments of the present application, as shown in fig. 11. The electronic device may vary considerably in configuration or performance and may include one or more processors 1101 and memory 1102, where the memory 1102 may store one or more stored applications or data. Wherein the memory 1102 may be transient storage or persistent storage. The application programs stored in the memory 1102 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for use in an electronic device.
Still further, the processor 1101 may be arranged to communicate with the memory 1102 and execute a series of computer executable instructions in the memory 1102 on an electronic device. The electronic device can also include one or more power supplies 1103, one or more wired or wireless network interfaces 1104, one or more input output interfaces 1105, one or more keyboards 1106.
In this embodiment, the electronic device includes a processor, a communication interface, a memory, and a communication bus; the processor, the communication interface and the memory complete communication with each other through a bus; a memory for storing a computer program; the processor is configured to execute the program stored in the memory, implement the steps in the method embodiments in fig. 1 to 8, and have the advantages of the method embodiments, so that the embodiments of the present application are not repeated herein.
The embodiment also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps in the embodiments of the methods of fig. 1 to 8, and has the advantages of the embodiments of the methods, and in order to avoid repetition, the embodiments of the application are not described herein.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, the electronic device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash memory (flashRAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transshipment) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (8)

1. A method of accessing a network, the method comprising:
receiving an access request initiated by first equipment aiming at a target network, wherein the access request carries authentication information generated by a target gateway according to a number identifier bound by the first equipment, and the authentication information comprises the number identifier and disposable identifier information; the authentication information is a one-time number authentication token generated by inserting the number identification into a message carried in a number taking request according to the number taking request sent by the first equipment by the target gateway;
verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; the verifying the one-time identification information by the target gateway comprises: performing consistency verification on the disposable identification information sent to the first equipment by the target gateway and the disposable identification information carried in the access request through the target gateway;
and under the condition that the verification result indicates that the disposable identification information passes verification, establishing an access channel between the first equipment and the target network so that the first equipment accesses the target network through the access channel.
2. The method for accessing a network according to claim 1, wherein the access request carries a target access resource, and the establishing an access channel between the first device and the target network includes:
establishing connection with a target HTML5 fort based on the target access resource;
and verifying the authentication information again through the target HTML5 fort, and establishing an access channel between the first equipment and the target network through the target HTML5 fort under the condition that verification is passed, wherein the target network comprises target service resources corresponding to the target access resources.
3. The method of accessing a network according to claim 2, wherein the target service resource comprises at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
4. A method of accessing a network, the method comprising:
receiving an access request initiated by first equipment aiming at a target network, wherein the access request carries a number identifier;
authenticating the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card; the SIM card corresponding to the number identification is authenticated, and the authentication result of the SIM card is obtained by the steps of: transmitting authentication information to a second device through a SIM card authentication platform, wherein the authentication information indicates a user to input a PIN code of a SIM card of the second device to the second device; confirming an authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of input information input by a user at the second equipment and the PIN code, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code;
and under the condition that the authentication result of the SIM card indicates that the SIM card passes the authentication, establishing an access channel between the first equipment and a target network, so that the first equipment accesses the target network through the access channel.
5. The method of accessing a network according to claim 4, wherein the access request carries a target access resource, and the establishing an access channel between the first device and the target network includes:
establishing connection with a target HTML5 fort based on the target access resource;
and verifying the number identification again through the target HTML5 fort, and establishing an access channel between the first equipment and the target network through the target HTML5 fort under the condition that the number identification is verified, wherein the target network comprises target service resources corresponding to the target access resources.
6. The method of accessing a network according to claim 5, wherein the target service resource comprises at least one of an SSH service resource, a Telnet service resource, an RDP service resource, a VNC service resource, an HTTP service resource, and an HTTPs service resource.
7. An apparatus for accessing a network, the apparatus comprising:
the access request carries authentication information generated by a target gateway according to a number identifier bound by the first equipment, wherein the authentication information comprises the number identifier and disposable identifier information; the authentication information is a one-time number authentication token generated by inserting the number identification into a message carried in a number taking request according to the number taking request sent by the first equipment by the target gateway;
the verification module is used for verifying the number identification, and verifying the disposable identification information through the target gateway under the condition that the number identification passes the verification to obtain a verification result of the disposable identification information; the verifying the one-time identification information by the target gateway comprises: performing consistency verification on the disposable identification information sent to the first equipment by the target gateway and the disposable identification information carried in the access request through the target gateway;
the establishing module is used for establishing an access channel between the first equipment and the target network when the verification result indicates that the disposable identification information passes verification, so that the first equipment accesses the target network through the access channel.
8. An apparatus for accessing a network, the apparatus comprising:
the receiving module is used for receiving an access request initiated by the first equipment aiming at the target network, wherein the access request carries a number identifier;
the authentication module is used for authenticating the SIM card corresponding to the number identifier to obtain an authentication result of the SIM card; the SIM card corresponding to the number identification is authenticated, and the authentication result of the SIM card is obtained by the steps of: transmitting authentication information to a second device through a SIM card authentication platform, wherein the authentication information indicates a user to input a PIN code of a SIM card of the second device to the second device; confirming an authentication result of the SIM card through the SIM card authentication platform, wherein the authentication result is a comparison result of input information input by a user at the second equipment and the PIN code, and the comparison result comprises that the input information is consistent with the PIN code or the input information is inconsistent with the PIN code;
the establishing module is used for establishing an access channel between the first equipment and a target network under the condition that the authentication result of the SIM card indicates that the SIM card passes the authentication, so that the first equipment accesses the target network through the access channel.
CN202210520086.5A 2022-05-13 2022-05-13 Method and device for accessing network Active CN115190483B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210520086.5A CN115190483B (en) 2022-05-13 2022-05-13 Method and device for accessing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210520086.5A CN115190483B (en) 2022-05-13 2022-05-13 Method and device for accessing network

Publications (2)

Publication Number Publication Date
CN115190483A CN115190483A (en) 2022-10-14
CN115190483B true CN115190483B (en) 2023-09-19

Family

ID=83513246

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210520086.5A Active CN115190483B (en) 2022-05-13 2022-05-13 Method and device for accessing network

Country Status (1)

Country Link
CN (1) CN115190483B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497909A (en) * 2002-10-17 2004-05-19 Զ�����Źɷ����޹�˾ Network identification, quthorization and acounting system and method
KR20070014533A (en) * 2005-07-29 2007-02-01 (주)디지탈홈네트 A sim card based security protocol for an efficient mobile terminal
CN103441842A (en) * 2013-07-22 2013-12-11 暨南大学 System and method for controlling internet of things terminal M2M access
CN111756729A (en) * 2020-06-23 2020-10-09 北京网瑞达科技有限公司 Network resource access method, device, computer equipment and storage medium
CN112836202A (en) * 2021-02-01 2021-05-25 长沙市到家悠享网络科技有限公司 Information processing method and device and server
CN114244598A (en) * 2021-12-14 2022-03-25 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114297708A (en) * 2021-12-27 2022-04-08 奇安信科技集团股份有限公司 Access control method, device, equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10904234B2 (en) * 2014-11-07 2021-01-26 Privakey, Inc. Systems and methods of device based customer authentication and authorization
CN111885602B (en) * 2020-07-27 2021-04-27 西南交通大学 Heterogeneous network-oriented batch switching authentication and key agreement method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497909A (en) * 2002-10-17 2004-05-19 Զ�����Źɷ����޹�˾ Network identification, quthorization and acounting system and method
KR20070014533A (en) * 2005-07-29 2007-02-01 (주)디지탈홈네트 A sim card based security protocol for an efficient mobile terminal
CN103441842A (en) * 2013-07-22 2013-12-11 暨南大学 System and method for controlling internet of things terminal M2M access
CN111756729A (en) * 2020-06-23 2020-10-09 北京网瑞达科技有限公司 Network resource access method, device, computer equipment and storage medium
CN112836202A (en) * 2021-02-01 2021-05-25 长沙市到家悠享网络科技有限公司 Information processing method and device and server
CN114244598A (en) * 2021-12-14 2022-03-25 浙江太美医疗科技股份有限公司 Intranet data access control method, device, equipment and storage medium
CN114297708A (en) * 2021-12-27 2022-04-08 奇安信科技集团股份有限公司 Access control method, device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
胡能鹏.SIM卡在网络安全管理中的应用.网络安全和信息化.2020,全文. *

Also Published As

Publication number Publication date
CN115190483A (en) 2022-10-14

Similar Documents

Publication Publication Date Title
CN108901022B (en) Micro-service unified authentication method and gateway
US10057251B2 (en) Provisioning account credentials via a trusted channel
US10277409B2 (en) Authenticating mobile applications using policy files
US20170244676A1 (en) Method and system for authentication
EP2984589B1 (en) System and method for mobile single sign-on integration
CN102710640B (en) Authorization requesting method, device and system
CN102201915B (en) Terminal authentication method and device based on single sign-on
CN113630377B (en) Single sign-on for hosted mobile devices
KR102001544B1 (en) Apparatus and method to enable a user authentication in a communication system
US9369286B2 (en) System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications
US10122697B2 (en) Native authentication experience with failover
WO2016173199A1 (en) Mobile application single sign-on method and device
CN103139200A (en) Single sign-on method of web service
WO2018021708A1 (en) Public key-based service authentication method and system
US10027642B2 (en) Method of access by a telecommunications terminal to a database hosted by a service platform that is accessible via a telecommunications network
CN106161475B (en) Method and device for realizing user authentication
CN109388937B (en) Single sign-on method and sign-on system for multi-factor identity authentication
CN112491776B (en) Security authentication method and related equipment
CN111818088A (en) Authorization mode management method and device, computer equipment and readable storage medium
US20170034164A1 (en) Multifactor authentication for mail server access
CN110958119A (en) Identity verification method and device
CN104717648A (en) Unified authentication method and device based on SIM card
CN116996305A (en) Multi-level security authentication method, system, equipment, storage medium and entry gateway
KR101637155B1 (en) A system providing trusted identity management service using trust service device and its methods of operation
CN115190483B (en) Method and device for accessing network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant