CN115242488A - Domestic network security operation and maintenance system and method - Google Patents
Domestic network security operation and maintenance system and method Download PDFInfo
- Publication number
- CN115242488A CN115242488A CN202210850720.1A CN202210850720A CN115242488A CN 115242488 A CN115242488 A CN 115242488A CN 202210850720 A CN202210850720 A CN 202210850720A CN 115242488 A CN115242488 A CN 115242488A
- Authority
- CN
- China
- Prior art keywords
- message
- user terminal
- access
- sending
- enterprise
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012423 maintenance Methods 0.000 title claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 18
- 238000013475 authorization Methods 0.000 claims description 62
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012790 confirmation Methods 0.000 claims description 8
- 230000001815 facial effect Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 244000144985 peep Species 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application relates to a domestic network security operation and maintenance system and a method, which comprises the steps of sending a starting instruction to a camera terminal to acquire face image data of an accessor when receiving an access request from a user terminal; sending the face image data to a feature comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to a user terminal based on the comparison result; when the feedback message is a verification message, sending the enterprise internal data file to be accessed to the user terminal; when the feedback message is a access refusing message, sending the access refusing message to the user terminal; and if the access refusing message received by the user terminal within the preset time exceeds the preset access frequency, generating a reminding message and sending the reminding message to the mobile terminal pre-bound with the internal data file of the enterprise. The method and the device have the effect of improving the safety of access of the internal data files of the enterprise.
Description
Technical Field
The application relates to the technical field of network security, in particular to a domestic network security operation and maintenance system and a method.
Background
Safe and stable operation and maintenance of a network and an information system have important significance for healthy development of the market and protection of national economic safety; in the development process of financial industry, electronic information industry, operators and the like, the related transaction surfaces are expanded to a certain extent in depth and breadth, so that the security protection on user information data is further enhanced.
At present, access authority is usually preset for access of internal data files of enterprises, so as to limit unauthorized persons from tampering or stealing confidential files, the setting of the access authority is usually embodied in end-to-end encryption processing, and the authority is distributed by creating special account passwords. However, the account passwords are text attributes, and in the process of accessing the data files through the ports, the input account passwords are easy to peep and steal, so that confidential files inside the enterprise are leaked or tampered, and therefore, the security of access to the data files inside the enterprise needs to be improved.
Disclosure of Invention
In order to improve the security of access to internal data files of enterprises, the application provides a domestic network security operation and maintenance system and a method.
The above object of the present invention is achieved by the following technical solutions:
a domestic network security operation and maintenance method comprises the following steps:
when an access request for accessing the internal data file of the enterprise is received from a user terminal, a starting instruction is sent to a camera terminal to obtain the face image data of an accessor;
sending the face image data to a feature comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to a user terminal based on the comparison result, wherein the feedback message comprises a pass verification message and a denial access message;
when the feedback message is a verification message, sending the enterprise internal data file to be accessed to the user terminal;
when the feedback message is a access refusing message, sending the access refusing message to the user terminal;
and if the access refusing message received by the user terminal within the preset time exceeds the preset access frequency, generating a reminding message and sending the reminding message to the mobile terminal pre-bound with the internal data file of the enterprise.
By adopting the technical scheme, the authority of the internal data file of the enterprise is set in a face image recognition mode, whether an accessor has the authority to access the internal data file of the enterprise is recognized in an image characteristic comparison mode, the authority can be obtained only by face image data of the accessor who has the authority to access the data file, the condition that an account number and a password are peeped and stolen can be effectively reduced, and when the accessor is refused to access for multiple times within preset time, a reminding message is generated and sent to a mobile terminal which is bound with the internal data file of the enterprise in advance, namely the reminding message is sent to a supervisor or data file owner of the internal data file of the enterprise so as to remind the relevant supervisor or data file owner, the internal data file of the enterprise has the risk of being stolen at present, and the access safety of the internal data file of the enterprise is improved.
In a preferred example of the present application: when the feedback message is a verification message, after the step of sending the enterprise internal data file to be accessed to the user terminal, executing the following steps:
sending a starting instruction to the camera terminal at intervals of a preset interval so as to acquire the face image data of the visitor;
comparing the face image data acquired at intervals with a stored preset image, judging a comparison result output at intervals and outputting a feedback message;
when the output feedback message is converted into an access refusing message, sending encrypted data to the user terminal so that the user terminal cannot continue to browse the internal data files of the enterprise;
and when receiving the key data of the user terminal, sending a decryption instruction to the user terminal so that the user terminal can normally browse the internal data file of the enterprise.
By adopting the technical scheme, the face image data of the visitor is still acquired at intervals in the process of accessing the file, comparison and feedback information output are carried out in real time, namely when the visitor is changed into other people in the access process, the access refusing information can be automatically identified and sent out, at the moment, the encrypted data is sent to the user terminal immediately after the access refusing information is sent out, the user terminal cannot continue to browse the data file any more, the data file can be decrypted by the key data again, and then the data file can be browsed normally, so that the safety of the data file in the access process is improved, and abnormal burst conditions occurring in the access process can be responded at any time.
In a preferred example of the present application: before the step of sending a decryption instruction to the user terminal to enable the user terminal to normally browse the internal data file of the enterprise when the key data of the user terminal is received, the following steps are executed:
and when receiving a decryption request instruction from the user terminal, sending the key data to the mobile terminal pre-bound with the internal material file of the enterprise.
By adopting the technical scheme, if the feedback message has the access refusing message in the access process of the data file, the fact that the visitor does not have the authority at the moment is proved, if the decryption is needed for normal access, the key data needs to be obtained from the mobile terminal of the supervisor or the data file authority of the enterprise internal data file, namely, the visit is continued only after the consent of the supervisor or the data file authority is needed, the access can be continued, the safety of the enterprise internal data file is further enhanced, and the illegal person is difficult to continuously access the data file.
In a preferred example of the present application: when the feedback message is a denial access message, after the step of sending the denial access message to the user terminal, executing the following steps:
when receiving an access authorization request message from a user terminal, sending the access authorization request message to a mobile terminal pre-bound with the enterprise internal data file;
and when receiving the authorization confirmation message fed back by the mobile terminal, sending the internal data file of the enterprise to the user terminal.
By adopting the technical scheme, if the visitor does not have the access authority, the visitor can apply for the authority by sending the access authorization request message to the supervisor or the data file authority, and after the supervisor or the data file authority agrees, the visitor can access the internal data files of the enterprise so as to ensure the safety of newly added temporary access authority and grant the temporary access authority to provide an emergency access channel for the internal data files of the enterprise.
In a preferred example of the present application: before the step when receiving the access authorization request message from the user terminal, the following steps are performed:
when receiving an access authorization request instruction from a user terminal, sending a starting instruction to a camera terminal to obtain the face image data of a person who sends the access authorization request instruction;
acquiring name data of an enterprise internal data file to be accessed, time data when an access authorization request instruction is sent and IP address data of a user terminal;
and generating an access authorization request message based on the acquired face image data, the name data, the time data and the IP address data.
By adopting the technical scheme, the authorization of the access authority needs to acquire the face image data of the person who sends the authorization request, the name of the accessed data file, the access time and the IP address of the accessed server, and the acquired data is sent to the mobile terminal, so that the supervisor or the data file authority can know the specific situation of the access, the supervisor or the data file authority can conveniently judge whether to exercise the authorization right, and the access authorization of the data file in the enterprise is more rigorous and safe.
In a preferred embodiment of the present application: when receiving the authorization confirmation message fed back by the mobile terminal, after the step of sending the internal data file of the enterprise to the user terminal, executing the following steps:
temporarily storing the face image data of the person who sends the access authorization request instruction into a preset image of the feature comparison model;
and after the preset storage time, deleting the face image data of the person who sends the access authorization request instruction from the feature comparison model.
By adopting the technical scheme, the face image data of the person who sends the access authorization request instruction is temporarily stored in the feature comparison model, so that the person who obtains the temporary access right can obtain the face image data at intervals in the access process, the access process is not easy to be encrypted and limited, and the temporary access right is automatically lost after the preset storage time, so that the interest of the owner who originally has the access right is maintained, and the internal data file of an enterprise is protected more safely.
The second objective of the present invention is achieved by the following technical solutions:
a homemade network security operation and maintenance system, comprising:
the image acquisition module is used for sending a starting instruction to the camera terminal to acquire the facial image data of an accessor when receiving an access request for accessing the internal data file of the enterprise from the user terminal;
the image characteristic comparison module is used for sending the face image data to the characteristic comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to the user terminal based on the comparison result, wherein the feedback message comprises a pass verification message and a denial access message;
the feedback module is used for sending the enterprise internal data file to be accessed to the user terminal when the feedback message is the verification passing message;
the feedback refusing module is used for sending the access refusing message to the user terminal when the feedback message is the access refusing message;
and the reminding module is used for generating a reminding message and sending the reminding message to the mobile terminal which is bound with the internal data file of the enterprise in advance if the access refusing message received by the user terminal within the preset time exceeds the preset access times.
By adopting the technical scheme, the authority of the internal data file of the enterprise is set in a face image identification mode, whether an accessor has the authority to access the internal data file of the enterprise is identified in an image characteristic comparison mode, the authority can be obtained only by the face image data of a person who has the authority to access the data file, the condition that an account number and a password are peeped and stolen can be effectively reduced, when the accessor is refused to access the internal data file for many times in the preset time, a reminding message is generated and sent to a mobile terminal which is pre-bound with the internal data file of the enterprise, namely the reminding message is sent to a supervisor or data file owner of the internal data file of the enterprise, so that the relevant supervisor or data file owner is reminded, the internal data file of the enterprise has the risk of being stolen at present, and the access safety of the internal data file of the enterprise is improved.
Optionally, the method further includes:
the interval acquisition module is used for sending a starting instruction to the camera terminal every other preset interval so as to acquire the face image data of the visitor;
the interval judgment module is used for comparing the face image data acquired at intervals with the stored preset image, judging the comparison result output at intervals and outputting a feedback message;
the encryption module is used for sending encrypted data to the user terminal when the output feedback message is converted into the access refusing message, so that the user terminal cannot continuously browse the internal data file of the enterprise;
and the decryption module is used for sending a decryption instruction to the user terminal when receiving the key data of the user terminal so that the user terminal can normally browse the internal data files of the enterprise.
The third purpose of the present application is achieved by the following technical solutions:
a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the homemade network security operation and maintenance system when executing the computer program.
The fourth purpose of the present application is achieved by the following technical solutions:
a computer-readable storage medium, which stores a computer program, when being executed by a processor, implements the steps of the homemade network security operation and maintenance system.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the authority of the internal data file of the enterprise is set in a face image recognition mode, whether an accessor has the authority to access the internal data file of the enterprise is recognized in an image characteristic comparison mode, the authority can be obtained only by the face image data of the accessor who has the authority to access the data file, and the condition that an account number and a password are peeped and stolen can be effectively reduced;
2. after the encrypted data is sent to the user terminal, the user terminal can not continue to browse the data file, and can decrypt the data file only by the key data again so as to browse the data file normally, so that the safety of the data file in the access process is improved, and abnormal burst conditions in the access process can be responded at any time;
3. if the feedback message shows a denial access message in the access process of the data file, the visitor at the moment is proved to have no authority, if the decryption is needed for normal access, key data needs to be obtained from the mobile terminal of the supervisor or the data file owner of the data file in the enterprise, namely, the visit is continued to be agreed by the supervisor or the data file owner, and then the visit can be continued, so that the safety of the data file in the enterprise is further enhanced;
4. if the visitor does not have the access authority, the visitor can apply for the authority by sending an access authorization request message to a supervisor or a data file authority, and after the supervisor or the data file authority agrees, the visitor can access the data file in the enterprise to ensure the safety of newly added temporary access authority.
Drawings
Fig. 1 is a flowchart of an implementation of an embodiment of a domestic network security operation and maintenance method of the present application;
FIG. 2 is a flowchart of another implementation of an embodiment of a method for homemade network security operation and maintenance according to the present application;
FIG. 3 is a flowchart of another implementation of an embodiment of a method for homemade network security operation and maintenance according to the present application;
FIG. 4 is a block diagram of a domestic network security operation and maintenance system according to the present application;
fig. 5 is a block diagram of a computer device according to the present application.
Detailed Description
The present application is described in further detail below with reference to figures 1-5.
In an embodiment, as shown in fig. 1, the present application discloses a home network security operation and maintenance method, which specifically includes the following steps:
s10: when receiving an access request for accessing an internal data file of an enterprise from a user terminal, sending a starting instruction to a camera terminal to acquire the face image data of an accessor;
in this embodiment, the user terminal refers to a PC terminal, a mobile PC terminal or a mobile terminal, the camera terminal refers to a camera module carried by a camera, the mobile PC terminal or the mobile terminal, the internal data file of the enterprise is usually an enterprise confidential file, and the start instruction is used to control the camera terminal to shoot an visitor accessing the user terminal.
Specifically, when an accessor sends an access request for accessing the internal data file of the enterprise through a user terminal, a starting instruction is sent to a camera terminal in communication connection with the user terminal, and the camera terminal receives the starting instruction and then shoots the face image data of the accessor.
S20: sending the face image data to a feature comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to a user terminal based on the comparison result, wherein the feedback message comprises a pass verification message and a denial access message;
in this embodiment, the feature comparison model is a trained model for comparing image features, the preset image is a pre-stored face image of a supervisor and a data file authorized person who have access to an internal data file of an enterprise, and the recorded face image includes face images from a plurality of different angles. The comparison result is an approximation value.
Specifically, the face image data is sent to a feature comparison model, the received face image data is compared with multi-angle images of face images of pre-stored supervisors and data file authorized persons who have access to the internal data files of the enterprise by the feature comparison model, and the similarity value of the face image data and the pre-stored images is obtained.
Further, a similarity threshold value is set, when the output similarity value is smaller than or equal to the similarity threshold value, the visitor is judged not to be a supervisor or a data file owner, and an access refusing message is output to the user terminal; and when the output similarity value is larger than the similarity threshold value, judging that the visitor is a supervisor or a data file authorized person, and outputting a passing verification message to the user terminal.
S30: when the feedback message is a verification message, sending the enterprise internal data file to be accessed to the user terminal;
specifically, when the user terminal receives the verification passing message, the internal data of the enterprise to be accessed is sent to the user terminal which receives the verification passing message.
S40: and when the feedback message is a denial access message, sending the denial access message to the user terminal.
Specifically, when the user terminal receives the access denial message, the internal data file of the enterprise cannot be sent to the user terminal, and the text message of the access denial is generated and sent to the user terminal.
S50: and if the access refusing message received by the user terminal within the preset time exceeds the preset access times, generating a reminding message and sending the reminding message to the mobile terminal pre-bound with the internal data file of the enterprise.
In this embodiment, the preset time and the preset access times can be set according to user needs, so that the security of the internal data files of different enterprises can be set, and the important confidential files are set to have longer preset time and less preset access times. The mobile terminal is a smart phone, a smart display and the like used for being bound with identity information of a supervisor or a data file authority. The reminder message is sent in text form.
Specifically, if the visitor fails to access the data files within the preset time through the user terminal and the failure times exceed the preset times, a text-form reminding message is generated and sent to the mobile terminal of the supervisor or the data file authority who is pre-bound with the data files inside the enterprise. So as to remind the supervisor or the data file authority that an abnormal access condition exists.
In one embodiment, referring to fig. 2, after step S30, the following steps are performed:
s31: sending a starting instruction to the camera terminal every other preset interval so as to acquire the face image data of the visitor;
s32: comparing the face image data acquired at intervals with a stored preset image, judging a comparison result output at intervals and outputting a feedback message;
s33: when the output feedback message is converted into an access refusing message, sending encrypted data to the user terminal so that the user terminal cannot continue to browse the internal data files of the enterprise;
s34: and when receiving the key data of the user terminal, sending a decryption instruction to the user terminal so that the user terminal can normally browse the internal data file of the enterprise.
In this embodiment, the interval duration is set by a user in a self-defined manner, the interval duration adopts a countdown manner, when the countdown is finished, a start instruction is sent to the camera terminal, and the interval duration is reset, and is usually set between 1 minute and 10 minutes. The encrypted data encrypts the data files inside the enterprise, so that the user terminal cannot display the content of the data files, and the key data comprises an authentication code, a preset text password and the like.
Specifically, in order to prevent illegal persons from carrying out illegal access by using face image data of supervisors and data file authorized persons, the face image data of the visitors still needs to be acquired at intervals in the access process, when the face image data is found to be changed in the access process, encrypted data is immediately sent to a user terminal to encrypt the internal data files of the enterprises which are possibly leaked in time, and the illegal persons cannot continuously check the data files at the moment.
Furthermore, if the data file needs to be continuously accessed, the key data can be continuously and normally browsed only, and the protection of multiple access cycle dimensions of the data file inside the enterprise is realized.
In one embodiment, before step S34, the following steps are performed:
s341: and when a decryption request instruction from the user terminal is received, sending the key data to the mobile terminal pre-bound with the enterprise internal material file.
In this embodiment, the obtaining of the key data requires that the visitor sends a decryption request instruction through the user terminal, and the destination of the sending of the decryption request instruction is the mobile terminal of the supervisor and the data file obligee, so that the invalid can further decrypt the encrypted data file in the access process.
In one embodiment, after step S40, the following steps are performed:
s41: when receiving an access authorization request message from a user terminal, sending the access authorization request message to a mobile terminal pre-bound with the enterprise internal data file;
s42: and when receiving the authorization confirmation message fed back by the mobile terminal, sending the internal data file of the enterprise to the user terminal.
In this embodiment, the access authorization request message is used to apply for the administrator and the document owner to obtain the temporary access right of the internal document of the enterprise.
Specifically, in order to make the access of the data files inside the enterprise more flexible, the user terminal can send an access authorization request message, the access authorization request message is sent to the mobile terminals of the supervisor and the data file obligee, and the supervisor and the data file obligee can grant temporary access rights to the accessor after feeding back an authorization confirmation message through the mobile terminals.
In one embodiment, referring to fig. 3, before step S41, the following steps are performed:
s411: when an access authorization request instruction from a user terminal is received, sending a starting instruction to a camera terminal to obtain the face image data of a person who sends the access authorization request instruction;
s412: acquiring name data of an enterprise internal data file to be accessed, time data when an access authorization request instruction is sent and IP address data of a user terminal;
s413: and generating an access authorization request message based on the acquired face image data, the name data, the time data and the IP address data.
Specifically, when an accessor wants to apply for temporary access rights of an enterprise internal data file, an access authorization request instruction is sent out through a user terminal, the camera terminal obtains face image data of the accessor who wants to obtain authorization at this time, further, the name of the enterprise internal data to be accessed, the access time and the server IP address of the user terminal are obtained, and an authorization request message in the text form is generated based on the obtained face image data, the name access time of the enterprise internal data and the server IP address of the user terminal. Further, when the supervisor and the data file righter obtain the authorization request message from the mobile terminal, the basic conditions of the visitor applying the temporary authorization and the access file can be clear.
In one embodiment, after step S42, the following steps are performed:
s43: temporarily storing the face image data of the person who sends the access authorization request instruction into a preset image of the feature comparison model;
s44: and after the preset storage time, deleting the face image data of the person who sends the access authorization request instruction from the feature comparison model.
In this embodiment, the storage duration is set by user customization.
Specifically, the face image of the person who sends the access authorization request instruction is temporarily stored in the feature comparison model, so that the situation that the data file is encrypted does not occur in the process of accessing the data file by the temporarily authorized visitor, and the temporarily authorized visitor cannot access the data file in the enterprise again after the storage time length is exceeded.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by functions and internal logic of the process, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In an embodiment, a home network security operation and maintenance system is provided, which corresponds to the home network security operation and maintenance method in the above embodiment. As shown in fig. 4, the home network security operation and maintenance system includes:
the image acquisition module is used for sending a starting instruction to the camera terminal to acquire the facial image data of an accessor when receiving an access request for accessing the internal data file of the enterprise from the user terminal;
the image characteristic comparison module is used for sending the face image data to the characteristic comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to the user terminal based on the comparison result, wherein the feedback message comprises a pass verification message and a denial access message;
the feedback module is used for sending the enterprise internal data file to be accessed to the user terminal when the feedback message is the verification passing message;
the feedback rejection module is used for sending the access rejection message to the user terminal when the feedback message is the access rejection message;
and the reminding module is used for generating a reminding message and sending the reminding message to the mobile terminal which is bound with the internal data file of the enterprise in advance if the access refusing message received by the user terminal within the preset time exceeds the preset access times.
Optionally, the method further includes:
the interval acquisition module is used for sending a starting instruction to the camera terminal every other preset interval so as to acquire the face image data of the visitor;
the interval judgment module is used for comparing the face image data acquired at intervals with a stored preset image, judging a comparison result output at intervals and outputting a feedback message;
the encryption module is used for sending encrypted data to the user terminal when the output feedback message is converted into the access refusing message, so that the user terminal cannot continuously browse the internal data file of the enterprise;
and the decryption module is used for sending a decryption instruction to the user terminal when receiving the key data of the user terminal so that the user terminal can normally browse the internal data files of the enterprise.
Optionally, the method further includes:
and the decryption request module is used for sending the key data to the mobile terminal which is bound with the enterprise internal data file in advance when receiving a decryption request instruction from the user terminal.
Optionally, the method further includes:
the authorization module is used for sending the access authorization request message to a mobile terminal which is bound with the internal data file of the enterprise in advance when receiving the access authorization request message from the user terminal;
and the authorization confirmation module is used for sending the internal data file of the enterprise to the user terminal when receiving an authorization confirmation message fed back by the mobile terminal.
Optionally, the method further includes:
the authorization request module is used for sending a starting instruction to the camera terminal to acquire the face image data of a person who sends an access authorization request instruction when receiving the access authorization request instruction from the user terminal;
the authorization data acquisition module is used for acquiring the name data of the enterprise internal data file to be accessed, the time data when the access authorization request instruction is sent and the IP address data of the user terminal;
and the authorization message generation module is used for generating an access authorization request message based on the acquired face image data, the name data, the time data and the IP address data.
Optionally, the method further includes:
the temporary storage module is used for temporarily storing the human face image data of the person who sends the access authorization request instruction into a preset image of the feature comparison model;
and the temporary deleting module is used for deleting the human face image data of the person sending the access authorization request instruction from the feature comparison model after a preset storage time.
For specific limitations of a domestic network security operation and maintenance system, reference may be made to the above limitations of a domestic network security operation and maintenance method, which is not described herein again. All modules in the domestic network security operation and maintenance system can be wholly or partially realized through software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used for storing face image data, a feature comparison model, prestored images, feedback messages and encrypted data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to realize the domestic network security operation and maintenance method.
In one embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements a home network security operation and maintenance method when executing the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which, when executed by a processor, implements a domestic network security operation and maintenance method.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is only used for illustration, and in practical applications, the above function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the apparatus may be divided into different functional units or modules to perform all or part of the above described functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A homemade network security operation and maintenance method is characterized by comprising the following steps:
when an access request for accessing the internal data file of the enterprise is received from a user terminal, a starting instruction is sent to a camera terminal to obtain the face image data of an accessor;
sending the face image data to a feature comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to a user terminal based on the comparison result, wherein the feedback message comprises a pass verification message and a denial access message;
when the feedback message is a verification message, sending the enterprise internal data file to be accessed to the user terminal;
when the feedback message is a message of refusing to access, the message of refusing to access is sent to the user terminal;
and if the access refusing message received by the user terminal within the preset time exceeds the preset access frequency, generating a reminding message and sending the reminding message to the mobile terminal pre-bound with the internal data file of the enterprise.
2. The domestic network security operation and maintenance method according to claim 1, wherein: when the feedback message is a verification message, after the step of sending the enterprise internal data file to be accessed to the user terminal, executing the following steps:
sending a starting instruction to the camera terminal every other preset interval so as to acquire the face image data of the visitor;
comparing the face image data acquired at intervals with a stored preset image, judging a comparison result output at intervals and outputting a feedback message;
when the output feedback message is converted into an access refusing message, sending encrypted data to the user terminal so that the user terminal cannot continue to browse the internal data files of the enterprise;
and when the key data of the user terminal is received, sending a decryption instruction to the user terminal so that the user terminal can normally browse the internal data file of the enterprise.
3. The domestic network security operation and maintenance method according to claim 2, wherein: before the step of sending a decryption instruction to the user terminal to enable the user terminal to normally browse the internal data file of the enterprise when the key data of the user terminal is received, the following steps are executed:
and when a decryption request instruction from the user terminal is received, sending the key data to the mobile terminal pre-bound with the enterprise internal material file.
4. The domestic network security operation and maintenance method according to claim 1, wherein: when the feedback message is a denial access message, after the step of sending the denial access message to the user terminal, the following steps are executed:
when receiving an access authorization request message from a user terminal, sending the access authorization request message to a mobile terminal which is bound with the internal data file of the enterprise in advance;
and when receiving the authorization confirmation message fed back by the mobile terminal, sending the internal data file of the enterprise to the user terminal.
5. The domestic network security operation and maintenance method according to claim 4, wherein: before the step when receiving the access authorization request message from the user terminal, the following steps are performed:
when an access authorization request instruction from a user terminal is received, sending a starting instruction to a camera terminal to obtain the face image data of a person who sends the access authorization request instruction;
acquiring name data of an enterprise internal data file to be accessed, time data when an access authorization request instruction is sent and IP address data of a user terminal;
and generating an access authorization request message based on the acquired face image data, the name data, the time data and the IP address data.
6. The domestic network security operation and maintenance method according to claim 4, wherein: when receiving the authorization confirmation message fed back by the mobile terminal, after the step of sending the internal data file of the enterprise to the user terminal, executing the following steps:
temporarily storing the face image data of the person who sends the access authorization request instruction into a preset image of the feature comparison model;
and after the preset storage time, deleting the human face image data of the person who sends the access authorization request instruction from the feature comparison model.
7. A homemade network security operation and maintenance system is characterized by comprising:
the image acquisition module is used for sending a starting instruction to the camera terminal to acquire the facial image data of an accessor when receiving an access request for accessing the internal data file of the enterprise from the user terminal;
the image characteristic comparison module is used for sending the face image data to the characteristic comparison model, comparing the face image data with a stored preset image, outputting a comparison result, and outputting a feedback message to the user terminal based on the comparison result, wherein the feedback message comprises a pass verification message and a denial access message;
the feedback module is used for sending the enterprise internal data file to be accessed to the user terminal when the feedback message is a verification message;
the feedback rejection module is used for sending the access rejection message to the user terminal when the feedback message is the access rejection message;
and the reminding module is used for generating a reminding message and sending the reminding message to the mobile terminal which is bound with the internal data file of the enterprise in advance if the access refusing message received by the user terminal within the preset time exceeds the preset access times.
8. The homemade network security operation and maintenance system according to claim 7, further comprising:
the interval acquisition module is used for sending a starting instruction to the camera terminal every other preset interval so as to acquire the face image data of the visitor;
the interval judgment module is used for comparing the face image data acquired at intervals with the stored preset image, judging the comparison result output at intervals and outputting a feedback message;
the encryption module is used for sending encrypted data to the user terminal when the output feedback message is converted into an access refusing message, so that the user terminal cannot continuously browse the internal data file of the enterprise;
and the decryption module is used for sending a decryption instruction to the user terminal when receiving the key data of the user terminal so that the user terminal can normally browse the internal data files of the enterprise.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the homemade network security operation and maintenance method according to any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, which stores a computer program, wherein the computer program, when executed by a processor, implements the steps of the homemade network security operation and maintenance method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210850720.1A CN115242488A (en) | 2022-07-20 | 2022-07-20 | Domestic network security operation and maintenance system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210850720.1A CN115242488A (en) | 2022-07-20 | 2022-07-20 | Domestic network security operation and maintenance system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115242488A true CN115242488A (en) | 2022-10-25 |
Family
ID=83672606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210850720.1A Pending CN115242488A (en) | 2022-07-20 | 2022-07-20 | Domestic network security operation and maintenance system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242488A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319102A (en) * | 2023-05-22 | 2023-06-23 | 广州宏途数字科技有限公司 | Campus intranet data security management method, system, equipment and medium |
| CN117938551A (en) * | 2024-03-22 | 2024-04-26 | 福建银数信息技术有限公司 | Network security management method and system based on cloud computing |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999729A (en) * | 2011-09-13 | 2013-03-27 | 联想(北京)有限公司 | File management method and file management system |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
| WO2015051674A1 (en) * | 2013-10-09 | 2015-04-16 | 北京奇虎科技有限公司 | Method, system and device for network authorization based on no password or random password |
| CN104967511A (en) * | 2014-07-11 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Processing method for enciphered data, and apparatus thereof |
| CN106713364A (en) * | 2017-02-27 | 2017-05-24 | 宁夏煜隆科技有限公司 | Dynamically changing home gateway access method and system in smart home |
| CN110008660A (en) * | 2019-04-04 | 2019-07-12 | 深圳市元征科技股份有限公司 | A kind of application access method, system, equipment and computer readable storage medium |
| CN110502894A (en) * | 2018-05-18 | 2019-11-26 | 阿里巴巴集团控股有限公司 | Recognition methods, equipment and the system of operation behavior |
| CN110545274A (en) * | 2019-08-30 | 2019-12-06 | 南瑞集团有限公司 | Method, device and system for UMA service based on people and evidence integration |
| CN112000624A (en) * | 2020-08-26 | 2020-11-27 | 闪联信息技术工程中心有限公司 | Method and system for burning network file after being uploaded and read safely |
-
2022
- 2022-07-20 CN CN202210850720.1A patent/CN115242488A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102999729A (en) * | 2011-09-13 | 2013-03-27 | 联想(北京)有限公司 | File management method and file management system |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
| WO2015051674A1 (en) * | 2013-10-09 | 2015-04-16 | 北京奇虎科技有限公司 | Method, system and device for network authorization based on no password or random password |
| CN104967511A (en) * | 2014-07-11 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Processing method for enciphered data, and apparatus thereof |
| CN106713364A (en) * | 2017-02-27 | 2017-05-24 | 宁夏煜隆科技有限公司 | Dynamically changing home gateway access method and system in smart home |
| CN110502894A (en) * | 2018-05-18 | 2019-11-26 | 阿里巴巴集团控股有限公司 | Recognition methods, equipment and the system of operation behavior |
| CN110008660A (en) * | 2019-04-04 | 2019-07-12 | 深圳市元征科技股份有限公司 | A kind of application access method, system, equipment and computer readable storage medium |
| CN110545274A (en) * | 2019-08-30 | 2019-12-06 | 南瑞集团有限公司 | Method, device and system for UMA service based on people and evidence integration |
| CN112000624A (en) * | 2020-08-26 | 2020-11-27 | 闪联信息技术工程中心有限公司 | Method and system for burning network file after being uploaded and read safely |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116319102A (en) * | 2023-05-22 | 2023-06-23 | 广州宏途数字科技有限公司 | Campus intranet data security management method, system, equipment and medium |
| CN116319102B (en) * | 2023-05-22 | 2023-10-03 | 广州宏途数字科技有限公司 | Campus intranet data security management method, system, equipment and medium |
| CN117938551A (en) * | 2024-03-22 | 2024-04-26 | 福建银数信息技术有限公司 | Network security management method and system based on cloud computing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109767534B (en) | Access control access method, system, management terminal and access control terminal based on block chain | |
| US8930700B2 (en) | Remote device secure data file storage system and method | |
| CN111031047B (en) | Device communication method, device, computer device and storage medium | |
| US20190026456A1 (en) | Methods and Apparatus for Authentication of Joint Account Login | |
| CN113472793B (en) | Personal data protection system based on hardware password equipment | |
| CN103560883A (en) | Safety identification method, between android application programs, based on user right | |
| CN112257093B (en) | Authentication method, terminal and storage medium for data object | |
| CN114567470B (en) | SDK-based multi-system key splitting verification system and method | |
| CN107124279B (en) | Method and device for erasing terminal data | |
| CN113886771A (en) | Software authorization authentication method | |
| CN104144411A (en) | Encryption and decryption terminal and encryption and decryption method applied to encryption terminal and decryption terminal | |
| CN115859267A (en) | Method for safely starting application program, storage control chip and electronic equipment | |
| CN115242488A (en) | Domestic network security operation and maintenance system and method | |
| CN109132741B (en) | Ladder calling method and device based on two-dimensional code | |
| CN109246062B (en) | Authentication method and system based on browser plug-in | |
| CN110233828B (en) | Mobile office method and device based on block chain | |
| CN110719257A (en) | Method, device and equipment for managing authority of single-page application and storage medium | |
| CN112395574B (en) | Safe login management method | |
| CN112671782B (en) | File encryption method and terminal | |
| US20200304601A1 (en) | Verification of data recipient | |
| CN114239000A (en) | Password processing method, device, computer equipment and storage medium | |
| CN108769247B (en) | Distributed networked storage and transmission method and device applied to monitoring camera equipment | |
| CN114582048A (en) | NFC-based vehicle door control method, mobile terminal and vehicle | |
| CN111526010A (en) | Key escrow method suitable for user identity authentication | |
| CN111510445A (en) | Method, device, equipment and medium for preventing network camera from being stolen |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |