CN115208652A - Dynamic network resource access control method - Google Patents
Dynamic network resource access control method Download PDFInfo
- Publication number
- CN115208652A CN115208652A CN202210801798.4A CN202210801798A CN115208652A CN 115208652 A CN115208652 A CN 115208652A CN 202210801798 A CN202210801798 A CN 202210801798A CN 115208652 A CN115208652 A CN 115208652A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication server
- access control
- information
- msag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000013475 authorization Methods 0.000 claims abstract description 43
- 238000012795 verification Methods 0.000 claims abstract description 7
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 239000000284 extract Substances 0.000 claims description 8
- 238000012797 qualification Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention relates to the technical field of network resource management and control, in particular to a dynamic network resource access management and control method, which comprises a client, an authentication server and an MSAG gateway, wherein the client logs in the authentication server through an account password, the authentication server verifies login information, when the verification is passed, a dynamic accurate access control flow table is generated in the MSAG gateway, access control authorization is completed through the dynamic accurate access control flow table, after authorization is completed, the client can normally access an authorized intranet service, and when the dynamic access control flow table is used, the problem that the dynamic IP address of a mobile terminal device is difficult to control is effectively solved.
Description
Technical Field
The invention relates to a network resource access control method, in particular to a dynamic network resource access control method, and belongs to the technical field of network resource control.
Background
Network resources are mainly the sum of various information resources which can be utilized by means of a network environment, the network resources are also called network information resources, the network information resources are the set of information contents which are recorded in a digital form, expressed in a multimedia form, stored on a network computer magnetic medium, an optical medium and various communication media and transmitted in a computer network communication mode, the network information resources are the set of knowledge, data, information, messages and the like which are stored on the network and are related to education in various forms, the network information resources are the information resources which are reproduced in a network communication mode, a computer mode or a terminal mode and store information in various forms of characters, images, sounds, animations and the like in a non-printed carrier such as an optical disc in an electronic data mode, the network information resources are the information resources which are jointly developed, produced and transmitted by means of computers and the like, information sets which can be acquired by people through a network, and some departments can establish an intranet for storing internal resources, and when the intranet is accessed, the intranet resources need to be logged in and accessed, and further need to authorize users entering the intranet to be managed and controlled.
As disclosed in publication No.: CN113342526A, a cloud computing mobile network resource dynamic management and control method, system, terminal and medium relate to the technical field of cloud computing, and the technical scheme key points are as follows: according to the method, the cloud computing server with the processing capacity and the transmission interval which are increased in comprehensive benefits is preferentially selected as the path node, and the optimal computing path in the single transmission direction is generated according to the standard that the node span is balanced, so that the occupation of mobile transmission network resources of a cloud computing management and control center is effectively reduced, and the resource utilization rate of the whole cloud computing system is improved; and the data computing modules with proper number can be adaptively selected for disposal according to the disposal capability of the cloud computing server by adopting a coding identification mode, so that the problem that the disposal capability of the cloud computing server is not updated timely due to information feedback delay of a cloud computing system is effectively solved, the disposal capability of the cloud computing server can be utilized to the maximum extent, the total occupied amount of the cloud computing server is reduced, and a plurality of cloud computing tasks can be efficiently carried out at the same time.
And as disclosed in publication: CN111970138A, a network resource management and control system and a resource management method, the management and control system adopts a layered structure, and comprises a hardware layer, a data storage layer, an application support layer, an application layer and a view display layer, and data transmission and interconnection are performed between the layers through interfaces. The invention has the beneficial effects that: the whole system adopts a layered design, clear layers and low coupling can be guaranteed, data transmission and interconnection are carried out on all layers through interfaces, accordingly, verification of all layers of data is achieved, operation safety of the data is guaranteed, management and control integrated management information systems are achieved, when the system is used, network resources are accessed and controlled, and management of information is achieved.
However, when the user uses the intranet, the problem that the dynamic IP address control of the mobile terminal device is difficult cannot be solved, the service access control authorization for authorizing and opening the user is difficult to manage dynamically, the user cannot be used conveniently, the security in use cannot be guaranteed when the client accesses the user, the user can access the user for a long time after logging in the account again easily, the security of the user at the client cannot be guaranteed, and the security performance is low.
The invention is provided in view of the above-mentioned features, and when the mobile terminal device is used, the problem that the dynamic IP address control of the mobile terminal device is difficult is effectively solved, the source IP address is obtained through user login authentication, the service access control authorization of the user is opened based on the source IP address authorization is solved, and when the mobile terminal device is used, timing heartbeat detection is performed, so that the safety of the client during use is ensured.
Disclosure of Invention
The present invention aims to solve the above problems and provide a dynamic network resource access control method, which effectively solves the problem that a dynamic IP address of a mobile terminal device is difficult to control when the device is used, obtains a source IP address through user login authentication, and opens service access control authorization of the user based on the source IP address authorization.
The invention achieves the above purpose by the following technical scheme, a dynamic network resource access control method comprises a client, an authentication server and an MSAG gateway, wherein the client adopts a mobile terminal to download, and the client logs in the authentication server through an account password, the authentication server verifies login information, when the verification is passed, a dynamic accurate access control flow table is generated in the MSAG gateway, access control authorization is completed through the dynamic accurate access control flow table, after authorization is completed, the client can normally access authorized intranet service, when the client runs, the client regularly generates a timed heartbeat to the authentication server, the access control authorization for the authentication server is kept alive, when the timed heartbeat is passed, the access is continuously authorized, when the timed heartbeat is generated to the authentication server, and is abnormal, the authentication server sends disconnection information to the MSAG gateway, the MSAG gateway forces the client to be offline and deletes corresponding information, when the heartbeat is used, the source IP information on the client is dynamically established, the MSAG gateway dynamically accesses the accurate access control gateway, the problem that the IP address is difficult to be detected by the IP gateway based on the IP of a user is solved, and the login source is detected to be used, and the IP is detected by the MSAG gateway, the security of the client during use is effectively improved, the client is prevented from being used for other purposes after user information is logged in, and the security effect of authorization is improved.
Further, when the client account password logs in the authentication server, the client sends a dial-in request to the authentication server, the authentication server inquires USER identity authentication information, when the USER identity authentication information does not exist, the authentication server is closed, the operation is finished, when the USER identity authentication information exists, whether the password is correct or not is verified, when the password is wrong, the operation is finished, when the password is correct, the authentication server enters the authentication server, after the password is verified to be correct, the authentication server extracts USER source IP information, inquires USER USER-GROUP GROUP ID and USER-name USER information of a logged-in USER on the authentication server, extracts the USER source IP information from the authentication server, inquires the USER USER-GROUP GROUP ID and the USER-name USER information of the logged-in USER on the authentication server, and improves the security during logging in through the USER identity authentication information and the verification password.
Furthermore, the USER-GROUP ID and USER-name USER information of a login USER are inquired on the authentication server inserted in the USER-GROUP to which the MSAG gateway belongs, meanwhile, an access control list based on the USER-GROUP to which the MSAG gateway belongs is inquired in an IP access-list extended access list to create a dynamic accurate access control flow table, access control authorization is completed, the dynamic accurate access control flow table comprises a USER source IP address, a destination address and a destination service access port, the dynamic accurate access control flow table is a system internal table and cannot be seen outside, the source IP address is obtained through USER login authentication, the dynamic accurate access control flow table is created based on the source IP address, and the problem of authorization for opening the service access control authorization of the USER is solved.
Further, when a plurality of USER-GROUP IDs exist in the same USER, the method for repeatedly generating the dynamic accurate access control flow table corresponds the USER-GROUP IDs and the dynamic accurate access control flow table one by one, so that the use of the USER-GROUP IDs by the same USER is completed, the conflict is avoided, and the use of different authorities is facilitated.
Further, when the device runs, the client regularly sends a timed heartbeat to the authentication server, judges whether the authentication server controls authorization keep-alive or not, generates disconnection information when the device is overtime, IP changes, drops or is abnormal when the device is idle, and sends the disconnection information to the MSAG gateway, the MSAG gateway forces the client to be offline, continues accessing when the authentication server is abnormal, deletes the dynamic accurate access control flow table, the source IP address information and the user-name user information after the MSAG gateway receives the disconnection information, needs to log in again if authorization access qualification is obtained again after deleting the dynamic accurate access control flow table, the source IP address information and the user-name user information, and regularly sends the timed heartbeat, so that the authentication server is convenient to verify that the authorization keep-alive is controlled by the authentication server, and the safety of the client in use is improved.
The invention has the technical effects and advantages that: when the method is used, the problem that the dynamic IP address of the mobile terminal device is difficult to control is effectively solved, the source IP address is obtained through user login authentication, the dynamic access control flow table is created through the source IP address of the user, the service access control authorization of the user is opened based on the source IP address authorization, the client side can conveniently and normally access the authorized intranet service, in addition, the timed heartbeat detection is carried out during the use, and the safety of the client side during the use is enhanced.
Drawings
FIG. 1 is an overall frame diagram of the present invention;
FIG. 2 is a topology diagram of the present invention;
FIG. 3 is a diagram of a dynamic precision access control flow table according to the present invention;
FIG. 4 is a schematic diagram of dynamic authentication according to the present invention;
FIG. 5 is a schematic diagram of the present invention when multiple USER-GROUP IDs exist in the same USER;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Example one
Referring to fig. 1-4, a method for managing and controlling access to a dynamic network resource includes a client, an authentication server, and an MSAG gateway, where the client downloads using a mobile terminal, and logs in to the authentication server through an account password, the authentication server verifies login information, when the verification passes, a dynamic accurate access control flow table is generated in the MSAG gateway, access control authorization is completed through the dynamic accurate access control flow table, after authorization is completed, the client can normally access an authorized intranet service, and when the client operates, the client regularly makes a heartbeat to the authentication server, keeps the access control authorization alive for the authentication server, when the regular heartbeat passes, authorization access continues, when the regular heartbeat passes to the authentication server, and when the regular heartbeat passes to the authentication server, the authentication server sends a disconnection information to the MSAG gateway, the MSAG gateway forces the client to go off the network, deletes corresponding information, and when the user uses the network, dynamically builds a source IP information on the client to perform dynamic accurate access control, and when the regular heartbeat is abnormal, the MSAG gateway makes a request for the user to access the network service, and the network resource, and the MSAG gateway can obtain an effective IP address for the user to access control, and the user can obtain a safe access control flow table through the network access control, and the network access control address, and the user can be detected by the network access control system, the client is prevented from being used for other purposes after the user information is logged in, and the security effect of authorization is improved.
When the client account password logs in the authentication server, the client side sends a dial-in request to the authentication server, the authentication server inquires USER identity authentication information, when the USER identity authentication information does not exist, the authentication server is closed, the operation is finished, when the USER identity authentication information exists, whether the password is correct or not is verified, when the password is wrong, the operation is finished, when the password is correct, the authentication server enters the authentication server, after the password is verified to be correct, the authentication server extracts USER source IP information, inquires USER-GROUP GROUP ID and USER-name USER information of a logged-in USER on the authentication server, extracts the USER source IP information from the authentication server, inquires the USER-GROUP GROUP ID and the USER-name USER information of the logged-in USER on the authentication server, sends the USER-GROUP GROUP ID and the USER-name USER information to a USER-GROUP GROUP to which the MSAG gateway belongs, is convenient for USER information login, firstly carries out USER identity and then carries out authentication, improves the password entering property of the authentication G, is convenient for carrying out MSAG access to carry out accurate control on the flow table of the USER, and the accurate access control of the MSAG gateway.
And inserting the USER-GROUP ID and USER-name USER information of a login USER into the USER-GROUP to which the MSAG gateway belongs in the authentication server, simultaneously inquiring an access control list based on the USER-GROUP to which the MSAG gateway belongs in an IP access-list extended access list to create a dynamic accurate access control flow table, and finishing access control authorization.
When the device runs, the client regularly sends a timed heartbeat to the authentication server, judges whether the authentication server controls authorization keep-alive or not, generates disconnection information when the device is overtime, IP changes, drops or abnormal when the device is idle, and sends the disconnection information to the MSAG gateway, the MSAG gateway forces the client to be offline, continues to access when the authentication server is abnormal, deletes the dynamic accurate access control flow table, the source IP address information and the user-name user information after the MSAG gateway receives the disconnection information, and needs to log in again if authorization access qualification is obtained again after deleting the dynamic accurate access control flow table, the source IP address information and the user-name user information, so that the safety in use is improved.
Example two
Referring to fig. 1-5, a method for managing and controlling access to a dynamic network resource includes a client, an authentication server, and an MSAG gateway, where the client downloads using a mobile terminal, and logs in to the authentication server through an account password, the authentication server verifies login information, when the verification passes, a dynamic accurate access control flow table is generated in the MSAG gateway, access control authorization is completed through the dynamic accurate access control flow table, after authorization is completed, the client can normally access an authorized intranet service, and when the client operates, the client regularly makes a heartbeat to the authentication server, keeps the access control authorization alive for the authentication server, when the regular heartbeat passes, authorization access continues, when the regular heartbeat passes to the authentication server, and when the regular heartbeat passes to the authentication server, the authentication server sends a disconnection information to the MSAG gateway, the MSAG gateway forces the client to go off the network, deletes corresponding information, and when the user uses the network, dynamically builds a source IP information on the client to perform dynamic accurate access control, and when the regular heartbeat is abnormal, the MSAG gateway makes a request for the user to access the network service, and the network resource, and the MSAG gateway can obtain an effective IP address for the user to access control, and the user can obtain a safe access control flow table through the network access control, and the network access control address, and the user can be detected by the network access control system, the client is prevented from being used for other purposes after the user information is logged in, and the security effect of authorization is improved.
When the client account password logs in the authentication server, the client side sends a dial-in request to the authentication server, the authentication server inquires USER identity authentication information, when the USER identity authentication information does not exist, the authentication server is closed, the operation is finished, when the USER identity authentication information exists, whether the password is correct or not is verified, when the password is wrong, the operation is finished, when the password is correct, the authentication server enters the authentication server, after the password is verified to be correct, the authentication server extracts USER source IP information, inquires USER-GROUP GROUP ID and USER-name USER information of a logged-in USER on the authentication server, extracts the USER source IP information from the authentication server, inquires the USER-GROUP GROUP ID and the USER-name USER information of the logged-in USER on the authentication server, sends the USER-GROUP GROUP ID and the USER-name USER information to a USER-GROUP GROUP to which the MSAG gateway belongs, is convenient for USER information login, firstly carries out USER identity and then carries out authentication, improves the password entering property of the authentication G, is convenient for carrying out MSAG access to carry out accurate control on the flow table of the USER, and the accurate access control of the MSAG gateway.
And inserting the USER-GROUP ID and USER-name USER information of a login USER into the USER-GROUP to which the MSAG gateway belongs in the authentication server, simultaneously inquiring an access control list based on the USER-GROUP to which the MSAG gateway belongs in an IP access-list extended access list to create a dynamic accurate access control flow table, and finishing access control authorization.
When the device is operated, the client regularly sends a timed heartbeat to the authentication server, judges whether the authentication server controls authorization keep-alive or not, generates disconnection information when the device is overtime, IP changes, drops or abnormal when the device is idle, and sends the disconnection information to the MSAG gateway, the MSAG gateway forces the client to be offline, continues accessing when the authentication server is abnormal, deletes the dynamic accurate access control flow table, the source IP address information and the user-name user information after the MSAG gateway receives the disconnection information, and needs to log in again if authorization access qualification is obtained again after deleting the dynamic accurate access control flow table, the source IP address information and the user-name user information, so that the safety in use is ensured.
When a plurality of USER-GROUP IDs exist in the same USER, the method for repeatedly generating the dynamic accurate access control flow table corresponds the USER-GROUP IDs to the dynamic accurate access control flow table one by one, the use of the USER-GROUP IDs by the plurality of USERs by the same USER is completed, and the convenience is brought to the use that the same USER has a plurality of access rights and needs a plurality of authorization information.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present specification describes embodiments, not every embodiment includes only a single embodiment, and such description is for clarity purposes only, and it is to be understood that all embodiments may be combined as appropriate by one of ordinary skill in the art to form other embodiments as will be apparent to those of skill in the art from the description herein.
Claims (8)
1. A dynamic network resource access control method is characterized in that: the authentication server verifies login information, when the verification is passed, a dynamic accurate access control flow table is generated in the MSAG gateway, access control authorization is completed through the dynamic accurate access control flow table, after the authorization is completed, the client can normally access authorized intranet services, when the authentication server runs, the client regularly generates timed heartbeat to the authentication server, the access control authorization keeping-alive is performed on the authentication server, when the timed heartbeat passes, the access authorization is continued, when the timed heartbeat occurs to the authentication server and is abnormal, the authentication server sends disconnection information to the MSAG gateway, and the MSAG gateway forces the client to go offline and deletes corresponding information.
2. The method according to claim 1, wherein the method comprises: when the account password of the client logs in the authentication server, the client sends a dial-in request to the authentication server, the authentication server inquires user identity authentication information, when the user identity authentication information does not exist, the authentication server is closed, the operation is finished, when the user identity authentication information exists, whether the password is correct or not is verified, when the password is wrong, the operation is finished, and when the password is correct, the authentication server is accessed.
3. The method according to claim 2, wherein the method comprises: after the password is verified to be correct, the authentication server extracts USER source IP information, queries USER-GROUP GROUP ID and USER-name USER information of the logged-in USER on the authentication server, extracts the USER source IP information from the authentication server, and queries the USER-GROUP GROUP ID and USER-name USER information of the logged-in USER on the authentication server and sends the USER-GROUP GROUP ID and USER-name USER information of the logged-in USER to a USER-GROUP GROUP to which the MSAG gateway belongs.
4. The dynamic network resource access control method according to claim 3, wherein: and inserting the USER-GROUP ID and USER-name USER information of the login USER into the USER-GROUP to which the MSAG gateway belongs on the authentication server, and simultaneously inquiring an access control list based on the USER-GROUP to which the MSAG gateway belongs in an ip access-list extended access list to create a dynamic accurate access control flow table so as to finish access control authorization.
5. The dynamic network resource access control method according to claim 4, wherein: the dynamic accurate access control flow table comprises a user source IP address, a destination address and a destination service access port, and is a system internal table and invisible outside.
6. The dynamic network resource access control method according to claim 5, wherein: when a plurality of USER-GROUP IDs exist in the same USER, the method for repeatedly generating the dynamic accurate access control flow table corresponds the USER-GROUP IDs and the dynamic accurate access control flow table one by one, and the use of the USER-GROUP IDs by the same USER is completed.
7. The dynamic network resource access management and control method according to claim 6, wherein: when the device runs, the client regularly sends a timed heartbeat to the authentication server, judges whether the authentication server controls authorization keep-alive or not, and when the device is overtime, IP changes, disconnection or abnormal, the authentication server generates disconnection information and sends the disconnection information to the MSAG gateway, the MSAG gateway forces the client to be offline, and when the authentication server is abnormal, the access is continued.
8. The dynamic network resource access control method according to claim 7, wherein: and after the MSAG gateway receives the disconnection information, deleting the dynamic accurate access control flow table, the source IP address information and the user-name user information, and after deleting the dynamic accurate access control flow table, the source IP address information and the user-name user information, if the authorized access qualification needs to be obtained again, logging in again for authorization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210801798.4A CN115208652A (en) | 2022-07-07 | 2022-07-07 | Dynamic network resource access control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210801798.4A CN115208652A (en) | 2022-07-07 | 2022-07-07 | Dynamic network resource access control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115208652A true CN115208652A (en) | 2022-10-18 |
Family
ID=83580412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210801798.4A Pending CN115208652A (en) | 2022-07-07 | 2022-07-07 | Dynamic network resource access control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115208652A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050259654A1 (en) * | 2004-04-08 | 2005-11-24 | Faulk Robert L Jr | Dynamic access control lists |
| CN1773992A (en) * | 2004-11-12 | 2006-05-17 | 阿尔卡特公司 | Communication traffic control rule generation methods and systems |
| US20060248600A1 (en) * | 2005-04-29 | 2006-11-02 | Mci, Inc. | Preventing fraudulent internet account access |
| CN101060493A (en) * | 2007-05-14 | 2007-10-24 | 中兴通讯股份有限公司 | A method of private network user access the server in a private network through domain name |
| CN101227467A (en) * | 2008-01-08 | 2008-07-23 | 中兴通讯股份有限公司 | Apparatus and method for managing black list |
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| US20160065551A1 (en) * | 2014-08-29 | 2016-03-03 | Sonicwall, Inc. | Single login authentication for users with multiple ipv4/ipv6 addresses |
| US20180026987A1 (en) * | 2016-07-21 | 2018-01-25 | At&T Intellectual Property I, L.P. | Systems and methods for providing software defined network based dynamic access control in a cloud |
| WO2019047513A1 (en) * | 2017-09-05 | 2019-03-14 | 网宿科技股份有限公司 | Internet defense method and authentication server |
| CN112822197A (en) * | 2021-01-10 | 2021-05-18 | 何顺民 | Method and system for controlling security access |
-
2022
- 2022-07-07 CN CN202210801798.4A patent/CN115208652A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050259654A1 (en) * | 2004-04-08 | 2005-11-24 | Faulk Robert L Jr | Dynamic access control lists |
| CN1773992A (en) * | 2004-11-12 | 2006-05-17 | 阿尔卡特公司 | Communication traffic control rule generation methods and systems |
| US20060248600A1 (en) * | 2005-04-29 | 2006-11-02 | Mci, Inc. | Preventing fraudulent internet account access |
| CN101060493A (en) * | 2007-05-14 | 2007-10-24 | 中兴通讯股份有限公司 | A method of private network user access the server in a private network through domain name |
| CN101227467A (en) * | 2008-01-08 | 2008-07-23 | 中兴通讯股份有限公司 | Apparatus and method for managing black list |
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| US20160065551A1 (en) * | 2014-08-29 | 2016-03-03 | Sonicwall, Inc. | Single login authentication for users with multiple ipv4/ipv6 addresses |
| US20180026987A1 (en) * | 2016-07-21 | 2018-01-25 | At&T Intellectual Property I, L.P. | Systems and methods for providing software defined network based dynamic access control in a cloud |
| WO2019047513A1 (en) * | 2017-09-05 | 2019-03-14 | 网宿科技股份有限公司 | Internet defense method and authentication server |
| CN112822197A (en) * | 2021-01-10 | 2021-05-18 | 何顺民 | Method and system for controlling security access |
Non-Patent Citations (1)
| Title |
|---|
| 冯建超;李一;: "IP与MAC绑定技术的应用", 沈阳大学学报, no. 06, pages 7 - 8 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102947797B (en) | The online service using directory feature extending transversely accesses and controls | |
| WO2018095416A1 (en) | Information processing method, device and system | |
| US5828833A (en) | Method and system for allowing remote procedure calls through a network firewall | |
| US7490347B1 (en) | Hierarchical security domain model | |
| JP5325875B2 (en) | Emulation of room lock function and lobby function in distributed conference system | |
| US7827318B2 (en) | User enrollment in an e-community | |
| WO2021115449A1 (en) | Cross-domain access system, method and device, storage medium, and electronic device | |
| CN107181720B (en) | Software Defined Networking (SDN) secure communication method and device | |
| US7103784B1 (en) | Group types for administration of networks | |
| EP1830512B1 (en) | A method and system for realizing the domain authentication and network authority authentication | |
| US20150149530A1 (en) | Redirecting Access Requests to an Authorized Server System for a Cloud Service | |
| CA2372647A1 (en) | System and method for administrating a wireless communication network | |
| CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
| CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| CN109150800A (en) | Login access method, system and storage medium | |
| KR20150137518A (en) | Hybride Cloud-Based ICT Service System and Method thereof | |
| KR20040101414A (en) | Group management | |
| CN105282107B (en) | XMPP systems access the authorization method and communication network of external data | |
| CN106603567A (en) | WEB administrator login management method and device | |
| CN115208652A (en) | Dynamic network resource access control method | |
| KR102247132B1 (en) | Extended Authentication Method for Resource Access Control in a Cloud Environment Composed of Multiple Edge Servers | |
| CN114666341A (en) | Decentralized SDP controller implementation method and computer storage medium | |
| KR101597035B1 (en) | Software Registration and Processing Method Using Hybrid Cloud-Based ICT Service System and Method thereof | |
| US7606917B1 (en) | Method, apparatus and system for principle mapping within an application container |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |