CN116346372A - Address binding method, device, storage medium and apparatus - Google Patents

Address binding method, device, storage medium and apparatus Download PDF

Info

Publication number
CN116346372A
CN116346372A CN202111539235.4A CN202111539235A CN116346372A CN 116346372 A CN116346372 A CN 116346372A CN 202111539235 A CN202111539235 A CN 202111539235A CN 116346372 A CN116346372 A CN 116346372A
Authority
CN
China
Prior art keywords
address
verification
user
binding
exit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111539235.4A
Other languages
Chinese (zh)
Inventor
张岳震
贺基贵
赵盛先
邹勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
360 Digital Security Technology Group Co Ltd
Original Assignee
360 Digital Security Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 360 Digital Security Technology Group Co Ltd filed Critical 360 Digital Security Technology Group Co Ltd
Priority to CN202111539235.4A priority Critical patent/CN116346372A/en
Publication of CN116346372A publication Critical patent/CN116346372A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables
    • H04L61/2553Binding renewal aspects, e.g. using keep-alive messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of Internet, and discloses an address binding method, equipment, a storage medium and a device, wherein the method comprises the following steps: receiving a verification request sent by a request user when accessing a verification website through a terminal device, generating the verification website based on an exit address input by the request user, determining the exit address according to the verification website, determining a device address of the terminal device according to the verification request, verifying whether the exit address belongs to the request user according to the device address, and if so, binding the exit address with a user account of the request user; the invention verifies whether the exit address input by the requesting user belongs to the requesting user based on the verification website, thereby simplifying the user binding process, avoiding malicious binding of the address and further improving the user experience.

Description

Address binding method, device, storage medium and apparatus
Technical Field
The present invention relates to the field of internet technologies, and in particular, to an address binding method, device, storage medium, and apparatus.
Background
In the current internet environment, most enterprise users adopt an export IP mode when accessing a cloud firewall. The mode is specifically to adopt UDP/TCP:53 directs local DNS services to the cloud firewall. However, the above-described manner requires an additional operation by the user, and there is a behavior of maliciously binding the IP.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide an address binding method, equipment, a storage medium and a device, and aims to solve the technical problem that a user needs additional operation and has malicious IP binding actions in the prior art.
In order to achieve the above object, the present invention provides an address binding method, including the steps of:
receiving a verification request sent by a request user when accessing a verification website through terminal equipment, wherein the verification website is generated based on an exit address input by the request user;
determining an exit address according to the verification website, and determining a device address of the terminal device according to the verification request;
verifying whether the exit address belongs to the requesting user according to the equipment address;
if yes, binding the outlet address with the user account of the requesting user.
Optionally, before the step of receiving the verification request sent by the user when accessing the verification website through the terminal device, the method further includes:
acquiring an exit address input by a request user;
And encrypting the outlet address to obtain a verification website.
Optionally, the step of encrypting the exit address to obtain a verification website includes:
storing the outlet address into a database, and acquiring a primary key identification of a storage position of the outlet address;
encrypting according to the main key identifier to obtain an encrypted token;
and generating a verification website according to the encrypted token.
Optionally, the step of generating a verification website according to the encrypted token includes:
generating a spliced character string according to the primary key identification and the encryption token;
and encrypting the spliced character string to obtain a verification website.
Optionally, after the step of encrypting the exit address to obtain the verification website, the method further includes:
acquiring terminal types of a plurality of sample terminals, and determining a verification mode corresponding to the verification website according to the terminal types;
and generating verification reminding information according to the verification mode, and sending the verification reminding information to the requesting user.
Optionally, the step of determining the exit address according to the verification website address and determining the device address of the terminal device according to the verification request includes:
Decrypting the verification website to obtain an exit address;
and resolving the verification request to obtain the equipment address of the terminal equipment.
Optionally, the step of decrypting the authentication request to obtain the exit address includes:
decrypting the verification website to obtain a data storage identifier;
and determining a target storage position according to the data storage identification, and extracting an outlet address from the target storage position.
Optionally, after the step of binding the exit address with the user account of the requesting user if yes, the method further includes:
generating a binding message according to the exit address and the user account;
and sending the binding message to the cloud end of the firewall.
Optionally, after the step of sending the binding message to the cloud end of the firewall, the method further includes:
binding reminding information is generated according to the outlet address and the user account;
and sending the binding reminding information to the terminal equipment.
Optionally, the step of verifying whether the exit address belongs to the requesting user according to the device address includes:
comparing the outlet address with the equipment address to obtain a comparison result;
And verifying whether the exit address belongs to the requesting user according to the comparison result.
Optionally, the step of verifying whether the exit address belongs to the requesting user according to the comparison result includes:
determining the similarity between the outlet address and the equipment address according to the comparison result;
when the similarity is in a preset interval, generating verification reminding information, and sending the verification reminding information to the requesting user;
and receiving confirmation information fed back by the requesting user according to the verification reminding information, and verifying whether the exit address belongs to the requesting user according to the confirmation information.
In addition, in order to achieve the above object, the present invention also proposes an address binding device comprising a memory, a processor, and an address binding program stored on the memory and executable on the processor, the address binding program being configured to implement the address binding method as described above.
In addition, in order to achieve the above object, the present invention also proposes a storage medium having stored thereon an address binding program which, when executed by a processor, implements the address binding method as described above.
In addition, in order to achieve the above object, the present invention also proposes an address binding apparatus including: the device comprises a receiving module, a determining module, a verifying module and a binding module;
the receiving module is used for receiving a verification request sent by a request user when accessing a verification website through terminal equipment, and the verification website is generated based on an exit address input by the request user;
the determining module is used for determining an outlet address according to the verification website and determining a device address of the terminal device according to the verification request;
the verification module is used for verifying whether the exit address belongs to the requesting user according to the equipment address;
and the binding module is used for binding the outlet address with the user account of the requesting user if yes.
Optionally, the address binding apparatus further includes: an encryption module;
the encryption module is used for acquiring an outlet address input by a request user;
the encryption module is also used for encrypting the outlet address to obtain a verification website.
Optionally, the encryption module is further configured to store the exit address to a database, and obtain a primary key identifier of a storage location of the exit address;
The encryption module is further used for encrypting according to the primary key identifier to obtain an encrypted token;
the encryption module is further used for generating a verification website according to the encryption token.
Optionally, the encryption module is further configured to generate a concatenation string according to the primary key identifier and the encryption token;
and the encryption module is also used for encrypting the spliced character string to obtain a verification website.
Optionally, the address binding apparatus further includes: a reminding module;
the reminding module is used for obtaining terminal types of a plurality of sample terminals and determining a verification mode corresponding to the verification website according to the terminal types;
the reminding module is further used for generating verification reminding information according to the verification mode and sending the verification reminding information to the requesting user.
Optionally, the determining module is further configured to decrypt the verification website to obtain an exit address;
the determining module is further configured to parse the verification request to obtain an equipment address of the terminal equipment.
Optionally, the determining module is further configured to decrypt the verification website to obtain a data storage identifier;
The determining module is further configured to determine a target storage location according to the data storage identifier, and extract an exit address from the target storage location.
The invention discloses a method for verifying the address of a user, which comprises the steps of receiving a verification request sent by a request user when the request user accesses a verification website through a terminal device, generating the verification website based on an exit address input by the request user, determining the exit address according to the verification website, determining a device address of the terminal device according to the verification request, verifying whether the exit address belongs to the request user according to the device address, and if yes, binding the exit address with a user account of the request user; the invention verifies whether the exit address input by the requesting user belongs to the requesting user based on the verification website, thereby simplifying the user binding process, avoiding malicious binding of the address and further improving the user experience.
Drawings
FIG. 1 is a schematic diagram of an address binding device of a hardware runtime environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of an address binding method according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of an address binding method according to the present invention;
FIG. 4 is a schematic diagram illustrating address binding according to an embodiment of the address binding method of the present invention;
FIG. 5 is a flowchart illustrating a third embodiment of an address binding method according to the present invention;
FIG. 6 is a block diagram of a first embodiment of an address binding apparatus according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic diagram of an address binding device of a hardware running environment according to an embodiment of the present invention.
As shown in fig. 1, the address binding apparatus may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display (Display), and the optional user interface 1003 may also include a standard wired interface, a wireless interface, and the wired interface for the user interface 1003 may be a USB interface in the present invention. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (Wi-Fi) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the address binding device, and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and an address binding program may be included in a memory 1005, which is considered to be a type of computer storage medium.
In the address binding device shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server, and performing data communication with the background server; the user interface 1003 is mainly used for connecting user equipment; the address binding apparatus calls an address binding program stored in the memory 1005 through the processor 1001 and executes the address binding method provided by the embodiment of the present invention.
Based on the above hardware structure, an embodiment of the address binding method of the present invention is presented.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of an address binding method according to the present invention.
In a first embodiment, the address binding method includes the steps of:
step S10: and receiving a verification request sent by a request user when accessing a verification website through the terminal equipment, wherein the verification website is generated based on an exit address input by the request user.
It should be understood that the execution body of the method of this embodiment may be an address binding device with functions of data processing, network communication and program running, for example, a verification server, or other electronic devices capable of implementing the same or similar functions, which is not limited in this embodiment.
It will be appreciated that in practical applications, the authentication methods of different types of terminal devices are different. Therefore, when the user is requested to access the verification website through the terminal equipment, different verification modes are needed according to the equipment characteristics of the terminal equipment. For example, a terminal device with a browser (e.g., a computer) may be authenticated by URL, while a terminal device without a browser (e.g., a router) may be authenticated by cmd with URL access by curl (or other http request tool).
It should be understood that in this embodiment, the user can verify whether the exit address belongs to the requesting user through the browser or shell command. Therefore, the user does not need to have an additional operation burden, thereby simplifying the binding operation.
Step S20: and determining an exit address according to the verification website, and determining the equipment address of the terminal equipment according to the verification request.
It should be understood that determining the exit address based on the verification website may be resolving the verification website to obtain the exit address.
It can be understood that when the terminal device requests to access the verification website, the device address of the terminal device is reported at the same time. Therefore, only the verification request needs to be analyzed, and the device address of the terminal device can be obtained.
Step S30: and verifying whether the exit address belongs to the requesting user according to the equipment address.
It should be understood that verifying whether the exit address belongs to the requesting user according to the exit address may be to determine whether the exit address is the same as the device address, and if so, determine that the exit address belongs to the requesting user; if not, the exit address is judged not to belong to the requesting user.
Step S40: if yes, binding the outlet address with the user account of the requesting user.
It will be appreciated that if so, the entry of the exit address indicating the requesting user does belong to the requesting user. Therefore, the exit address can be bound with the user account of the requesting user, and malicious binding of the address is avoided.
It should be noted that, the user account of the requesting user may be generated by the requesting user registering in advance. For example, a user registers an account number in the security monitoring system, and generates a source_id (i.e., user account number) as: uidhfjsh. The security monitoring system may be pre-installed on the verification server, or may be pre-installed on the firewall cloud end, which is not limited in this embodiment.
In a first embodiment, a verification request sent by a request user when accessing a verification website through a terminal device is received, the verification website is generated based on an exit address input by the request user, the exit address is determined according to the verification website, a device address of the terminal device is determined according to the verification request, whether the exit address belongs to the request user is verified according to the device address, and if yes, the exit address is bound with a user account of the request user; because the embodiment verifies whether the exit address input by the requesting user belongs to the requesting user based on the verification website, the user binding process is simplified, malicious binding of the address is avoided, and user experience is improved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a second embodiment of the address binding method according to the present invention, and the second embodiment of the address binding method according to the present invention is proposed based on the first embodiment shown in fig. 2.
In a second embodiment, before the step S10, the method further includes:
step S01: an exit address is obtained that requests user input.
It should be understood that, in order to avoid information leakage, security of verifying websites is improved. In this embodiment, the exit address input by the user may be acquired first, and then the exit address may be encrypted to obtain the verification website.
It will be appreciated that the requesting user may first fill out the exit address on the security monitoring system. The security monitoring system may be pre-installed on the verification server, or may be pre-installed on the firewall cloud end, which is not limited in this embodiment.
It should be understood that when the security monitoring system is pre-installed on the verification server, the verification server may directly obtain the exit address input by the requesting user; when the security monitoring system is pre-installed in the firewall cloud, the verification server can receive an exit address which is sent by the firewall cloud and is input by a user. In this embodiment and other embodiments, the security system is described by taking an example of being secured in advance on the verification server.
Step S02: and encrypting the outlet address to obtain a verification website.
It may be appreciated that the encrypting the exit address to obtain the check website may be encrypting the exit address by a preset encryption method to obtain the check website. The preset encryption mode can be an encryption mode which can pass verification between the verification server and the terminal equipment.
In a second embodiment, it is disclosed to obtain an exit address input by a requesting user, encrypt the exit address, and obtain a verification website; since the embodiment encrypts the exit address to obtain the verification website, the security of the verification website is improved.
Further, in order to improve the reliability of the address encryption, the step S02 includes:
storing the outlet address into a database, and acquiring a primary key identification of a storage position of the outlet address;
encrypting according to the main key identifier to obtain an encrypted token;
and generating a verification website according to the encrypted token.
It should be appreciated that the verification server, upon receiving the exit address entered by the requesting user, may store the exit address to the database and retrieve the stored primary key identification.
It may be appreciated that the encryption is performed according to the primary key identifier, and the obtaining of the encrypted token may be performed by encrypting the primary key identifier based on a preset key, so as to obtain the encrypted token. Wherein, the preset key can be preset.
It should be understood that, in this embodiment, the protocol type during the transmission is insensitive, whether http, https or RPC, and the verification method of the present invention may be used as long as the encrypted token can be transmitted from the terminal device to the verification server. Therefore, in this embodiment, the generation mode of the verification website is not limited, and the verification website is only generated according to the encrypted token.
Further, the generating a verification website according to the encrypted token includes:
Generating a spliced character string according to the primary key identification and the encryption token;
and encrypting the spliced character string to obtain a verification website.
It should be appreciated that generating the splice string from the primary key identification and the encrypted token may be to splice the primary key identification to the encrypted token to obtain the splice character.
In a specific implementation, the request user inputs an egress IP (i.e., an egress address) on the security monitoring system as: 101.127.1.12, the verification server stores the export IP in the database, and obtains the stored primary key ID (i.e. primary key identifier) as: 101, encrypting a primary key ID by using a key to obtain a token (namely an encrypted token) as follows: 8ac43ee8c1eed efeefdf9922dc435 concatenates the primary key ID with token through "&" to string s1 (i.e., concatenated string): 101&8a 43e 8c1e 51 efeefd9922dc435, and encrypting s1 to generate s2 as follows: zZWU4YzFlZWQ1MWVmZWVmZGY5OTIyZGM, and then converting the string s2 into a verification URL (i.e., a verification website):
https://sdns.360.cn/ip_verifyzZWU4YzFlZWQ1MWVmZWVmZGY5OTIyZGM。
further, different verification manners of different types of terminal devices are considered. Therefore, in order to remind the user how to verify, after step S02, the method further includes:
acquiring terminal types of a plurality of sample terminals, and determining a verification mode corresponding to the verification website according to the terminal types;
And generating verification reminding information according to the verification mode, and sending the verification reminding information to the requesting user.
It should be understood that in practical applications, the verification manner of different types of terminal devices is different. For example, a terminal device with a browser (e.g., a computer) may be authenticated by URL, while a terminal device without a browser (e.g., a router) may be authenticated by cmd with URL access by curl (or other http request tool). Therefore, in order to remind the user to adopt a correct verification mode for verification, in this embodiment, terminal types of a plurality of sample terminals are acquired first, a verification mode corresponding to a verification website is determined according to the terminal types, verification reminding information is generated according to the verification mode, and the verification reminding information is sent to the requesting user according to the verification reminding information.
The terminal type may include a terminal with a browser, a terminal without a browser, and the like.
It may be understood that the verification manner corresponding to the verification website may be determined according to the terminal type by searching a preset verification manner table for a verification manner corresponding to the terminal type. The preset verification mode table comprises a corresponding relation between the terminal type and the verification mode, and the corresponding relation between the terminal type and the verification mode can be recorded in advance. For example, the verification mode corresponding to the terminal with the browser is to verify by the URL mode, and the verification mode corresponding to the terminal without the browser is to verify by the cmd mode of URL access by the URL (or other http request tools).
In a second embodiment, after the step S40, the method further includes:
step S50: and generating a binding message according to the outlet address and the user account.
It should be understood that after the exit address is bound to the user account of the requesting user, in order to perform DNS request based on the exit address, the firewall cloud end may identify the user account of the user according to the exit address to perform firewall policy matching and user data statistics. In this embodiment, a binding message is generated according to the exit address and the user account, and the binding message is issued to the cloud of the firewall.
Step S60: and sending the binding message to the cloud end of the firewall.
For ease of understanding, the description is given with reference to fig. 4, but the present solution is not limited thereto. Fig. 4 is a schematic address binding diagram, in which a is a requesting user, B is a mobile terminal, C is a verification server, and D is a firewall cloud. The address binding includes the steps of:
(1) Requesting a user to register an account number in a security monitoring system and generating a source_id such as UIHFFJSSSH;
(2) The user is requested to input an output IP of 101.127.1.12 in the security monitoring system, the verification server stores the output IP in a database, the stored primary key ID is 101, the key is used for encrypting the primary key ID of 8ac43ee8c1eed efeefd 9922dc435, the generated character string s1 is 101&8ac43ee8c1eed51efeefd 9922dc435, and the further encrypted character string s1 is generated as follows: zZWU4YzFlZWQ1MWVmZWVmZGY5OTIyZGM, generating a check URL from this parameter:
https://sdns.360.cn/ip_verifyzZWU4YzFlZWQ1MWVmZWVmZGY5OTIyZGM;
(3) Requesting the user to request the URL on the mobile terminal having an IP of 101.127.1.12;
(4) When the verification server receives the verification URL, the verification parameters are decrypted and then the id is taken out, the outlet IP is taken out from the database and is compared with the client_ip of the requesting user, if the outlet IP and the client_ip are consistent, the verification is successful, and otherwise, the verification fails;
(5) After verification is successful, the verification server indicates that the exit IP really belongs to the request user, and then the exit IP (101.127.1.12) and a source_ id (UIDHFFJSJSH) binding message of the request user are issued to the firewall cloud;
(6) When a client makes a DNS request based on the IP, the firewall cloud can identify the source_id of the requesting user according to the IP to perform firewall policy matching and user data statistics.
Further, in order to remind the user that the binding message has been issued to the firewall cloud, after step S60, the method further includes:
binding reminding information is generated according to the outlet address and the user account;
and sending the binding reminding information to the terminal equipment.
It should be understood that the binding reminder information may be generated according to the exit address and the user account number by writing the exit address and the user account number into a preset reminder template to obtain the binding reminder information. The preset reminding template can be 'XXX address is bound with YYY account'.
In a second embodiment, a binding message is generated according to the exit address and the user account, and the binding message is sent to a firewall cloud; because the binding message is also sent to the firewall cloud end, when the firewall cloud end receives the DNS request sent by the user based on the exit address, the firewall cloud end can identify the user account of the user according to the exit address to carry out firewall policy matching and user data statistics.
Referring to fig. 5, fig. 5 is a flowchart illustrating a third embodiment of the address binding method according to the present invention, and based on the second embodiment shown in fig. 3, the third embodiment of the address binding method according to the present invention is proposed.
In a third embodiment, the step S20 includes:
step S201: and decrypting the verification website to obtain an exit address.
It should be appreciated that in some cases, the verification web address is generated cryptographically based on the exit address. Therefore, in order to obtain the exit address, in this embodiment, the verification website may be decrypted to obtain the exit address.
It may be understood that the decrypting the check website to obtain the exit address may be decrypting the check website based on a preset decryption manner to obtain the exit address. The preset decryption mode corresponds to the preset encryption mode.
Further, in order to improve the decryption accuracy, the step S201 includes:
decrypting the verification website to obtain a data storage identifier;
and determining a target storage position according to the data storage identification, and extracting an outlet address from the target storage position.
It should be understood that when the verification server receives the verification request, the verification website may be obtained, and the verification website may be decrypted to obtain the data storage identifier.
It is to be appreciated that determining the target storage location based on the data storage identification can be searching the database for the target storage location based on the data storage identification.
Step S202: and resolving the verification request to obtain the equipment address of the terminal equipment.
It should be understood that when the terminal device requests access to the check website, the device address of the terminal device is reported at the same time. Therefore, only the verification request needs to be analyzed, and the device address of the terminal device can be obtained.
In a third embodiment, decrypting the verification website to obtain an exit address, and resolving the verification request to obtain the device address of the terminal device; since the present embodiment acquires the exit address by decryption, the security and accuracy of the exit address are ensured.
In a third embodiment, the step S30 includes:
step S301: and comparing the outlet address with the equipment address to obtain a comparison result.
It should be appreciated that it is contemplated that there may be some bit input error in the user entered exit address. In this case, in order to avoid erroneous judgment, in this embodiment, the exit address may be compared with the device address first, and whether the exit address belongs to the requesting user may be verified according to the comparison result.
Step S302: and verifying whether the exit address belongs to the requesting user according to the comparison result.
It can be understood that verifying whether the exit address belongs to the requesting user according to the comparison result may be determining the similarity between the exit address and the device address according to the comparison result, generating verification reminding information when the similarity is in a preset interval, sending the verification reminding information to the requesting user, receiving confirmation information fed back by the requesting user according to the verification reminding information, and verifying whether the exit address belongs to the requesting user according to the confirmation information.
Note that the preset interval may be preset, for example, the preset interval may be set to [0.95,1].
It should be understood that when the similarity is within the preset interval, it indicates that the similarity between the outlet address and the device address is high, and the user may miss the input. Thus, the verification reminder may be generated for confirmation by the user.
In a third embodiment, comparing the exit address with the device address to obtain a comparison result, and verifying whether the exit address belongs to the requesting user according to the comparison result; in this embodiment, the exit address is not only determined to belong to the requesting user when the exit address is completely the same as the device address, thereby improving user experience.
In addition, the embodiment of the invention also provides a storage medium, wherein the storage medium is stored with an address binding program, and the address binding program realizes the address binding method when being executed by a processor.
In addition, referring to fig. 6, an embodiment of the present invention further provides an address binding apparatus, where the address binding apparatus includes: a receiving module 10, a determining module 20, a verifying module 30, and a binding module 40;
the receiving module 10 is configured to receive a verification request sent when a request user accesses a verification website through a terminal device, where the verification website is generated based on an exit address input by the request user.
It will be appreciated that in practical applications, the authentication methods of different types of terminal devices are different. Therefore, when the user is requested to access the verification website through the terminal equipment, different verification modes are needed according to the equipment characteristics of the terminal equipment. For example, a terminal device with a browser (e.g., a computer) may be authenticated by URL, while a terminal device without a browser (e.g., a router) may be authenticated by cmd with URL access by curl (or other http request tool).
It should be understood that in this embodiment, the user can verify whether the exit address belongs to the requesting user through the browser or shell command. Therefore, the user does not need to have an additional operation burden, thereby simplifying the binding operation.
The determining module 20 is configured to determine an exit address according to the verification website address, and determine a device address of the terminal device according to the verification request.
It should be understood that determining the exit address based on the verification website may be resolving the verification website to obtain the exit address.
It can be understood that when the terminal device requests to access the verification website, the device address of the terminal device is reported at the same time. Therefore, only the verification request needs to be analyzed, and the device address of the terminal device can be obtained.
The verification module 30 is configured to verify whether the exit address belongs to the requesting user according to the device address.
It should be understood that verifying whether the exit address belongs to the requesting user according to the exit address may be to determine whether the exit address is the same as the device address, and if so, determine that the exit address belongs to the requesting user; if not, the exit address is judged not to belong to the requesting user.
The binding module 40 is configured to bind the exit address with the user account of the requesting user if yes.
It will be appreciated that if so, the entry of the exit address indicating the requesting user does belong to the requesting user. Therefore, the exit address can be bound with the user account of the requesting user, and malicious binding of the address is avoided.
It should be noted that, the user account of the requesting user may be generated by the requesting user registering in advance. For example, a user registers an account number in the security monitoring system, and generates a source_id (i.e., user account number) as: uidhfjsh. The security monitoring system may be pre-installed on the verification server, or may be pre-installed on the firewall cloud end, which is not limited in this embodiment.
In the embodiment, a verification request sent by a request user when accessing a verification website through a terminal device is received, the verification website is generated based on an exit address input by the request user, the exit address is determined according to the verification website, a device address of the terminal device is determined according to the verification request, whether the exit address belongs to the request user is verified according to the device address, and if yes, the exit address is bound with a user account of the request user; because the embodiment verifies whether the exit address input by the requesting user belongs to the requesting user based on the verification website, the user binding process is simplified, malicious binding of the address is avoided, and user experience is improved.
In an embodiment, the address binding apparatus further includes: an encryption module;
the encryption module is used for acquiring an outlet address input by a request user;
the encryption module is also used for encrypting the outlet address to obtain a verification website.
In an embodiment, the encryption module is further configured to store the exit address to a database, and obtain a primary key identifier of a storage location of the exit address;
the encryption module is further used for encrypting according to the primary key identifier to obtain an encrypted token;
the encryption module is further used for generating a verification website according to the encryption token.
In an embodiment, the encryption module is further configured to generate a concatenation string according to the primary key identifier and the encryption token;
and the encryption module is also used for encrypting the spliced character string to obtain a verification website.
In an embodiment, the address binding apparatus further includes: a reminding module;
the reminding module is used for obtaining terminal types of a plurality of sample terminals and determining a verification mode corresponding to the verification website according to the terminal types;
the reminding module is further used for generating verification reminding information according to the verification mode and sending the verification reminding information to the requesting user.
In an embodiment, the determining module 20 is further configured to decrypt the verification website to obtain an exit address;
the determining module 20 is further configured to parse the verification request to obtain an equipment address of the terminal equipment.
In an embodiment, the determining module 20 is further configured to decrypt the verification website to obtain a data storage identifier;
the determining module 20 is further configured to determine a target storage location according to the data storage identifier, and extract an exit address from the target storage location.
In an embodiment, the address binding apparatus further includes: a transmitting module;
the sending module is used for generating a binding message according to the outlet address and the user account;
the sending module is further configured to send the binding message to a cloud end of the firewall.
In an embodiment, the sending module is further configured to generate binding reminder information according to the exit address and the user account;
the sending module is further configured to send the binding reminding information to the terminal device.
In an embodiment, the verification module 30 is further configured to compare the exit address with the device address to obtain a comparison result;
The verification module 30 is further configured to verify whether the exit address belongs to the requesting user according to the comparison result.
In an embodiment, the verification module 30 is further configured to determine a similarity between the exit address and the device address according to the comparison result;
the verification module 30 is further configured to generate verification reminding information and send the verification reminding information to the requesting user when the similarity is in a preset interval;
the verification module 30 is further configured to receive confirmation information fed back by the requesting user according to the verification reminding information, and verify whether the exit address belongs to the requesting user according to the confirmation information.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the terms first, second, third, etc. do not denote any order, but rather the terms first, second, third, etc. are used to interpret the terms as names.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. read only memory mirror (Read Only Memory image, ROM)/random access memory (Random Access Memory, RAM), magnetic disk, optical disk), comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
The invention discloses an address binding method A1, which comprises the following steps:
receiving a verification request sent by a request user when accessing a verification website through terminal equipment, wherein the verification website is generated based on an exit address input by the request user;
determining an exit address according to the verification website, and determining a device address of the terminal device according to the verification request;
verifying whether the exit address belongs to the requesting user according to the equipment address;
if yes, binding the outlet address with the user account of the requesting user.
A2, the address binding method as described in A1, before the step of receiving the verification request sent by the user when accessing the verification website through the terminal device, further comprises:
acquiring an exit address input by a request user;
and encrypting the outlet address to obtain a verification website.
A3, the address binding method as described in A2, wherein the step of encrypting the exit address to obtain a verification website includes:
storing the outlet address into a database, and acquiring a primary key identification of a storage position of the outlet address;
encrypting according to the main key identifier to obtain an encrypted token;
and generating a verification website according to the encrypted token.
A4, the address binding method as described in A3, wherein the step of generating a verification website according to the encrypted token comprises the following steps:
generating a spliced character string according to the primary key identification and the encryption token;
and encrypting the spliced character string to obtain a verification website.
A5, the address binding method as described in A2, wherein after the step of encrypting the exit address to obtain the verification website, further comprises:
acquiring terminal types of a plurality of sample terminals, and determining a verification mode corresponding to the verification website according to the terminal types;
and generating verification reminding information according to the verification mode, and sending the verification reminding information to the requesting user.
A6, the address binding method according to any one of A1 to A5, the step of determining an exit address according to the verification website address and determining a device address of the terminal device according to the verification request includes:
Decrypting the verification website to obtain an exit address;
and resolving the verification request to obtain the equipment address of the terminal equipment.
A7, the address binding method of A6, the step of decrypting the verification request to obtain the exit address includes:
decrypting the verification website to obtain a data storage identifier;
and determining a target storage position according to the data storage identification, and extracting an outlet address from the target storage position.
A8, the address binding method according to any one of A1 to A5, wherein after the step of binding the exit address with the user account of the requesting user if the exit address is positive, the method further comprises:
generating a binding message according to the exit address and the user account;
and sending the binding message to the cloud end of the firewall.
A9, the address binding method as described in A8, after the step of sending the binding message to the cloud of the firewall, further includes:
binding reminding information is generated according to the outlet address and the user account;
and sending the binding reminding information to the terminal equipment.
A10, the address binding method of any of A1 to A5, the step of verifying whether the exit address belongs to the requesting user according to the device address, comprising:
Comparing the outlet address with the equipment address to obtain a comparison result;
and verifying whether the exit address belongs to the requesting user according to the comparison result.
A11, the address binding method according to A10, the step of verifying whether the exit address belongs to the requesting user according to the comparison result includes:
determining the similarity between the outlet address and the equipment address according to the comparison result;
when the similarity is in a preset interval, generating verification reminding information, and sending the verification reminding information to the requesting user;
and receiving confirmation information fed back by the requesting user according to the verification reminding information, and verifying whether the exit address belongs to the requesting user according to the confirmation information.
The invention also discloses B12 and address binding equipment, which comprises: the device comprises a memory, a processor and an address binding program stored on the memory and capable of running on the processor, wherein the address binding program realizes the address binding method when being executed by the processor.
The invention also discloses C13, a storage medium, the storage medium stores an address binding program, and the address binding program realizes the address binding method when being executed by a processor.
The invention also discloses a D14 and an address binding device, wherein the address binding device comprises: the device comprises a receiving module, a determining module, a verifying module and a binding module;
the receiving module is used for receiving a verification request sent by a request user when accessing a verification website through terminal equipment, and the verification website is generated based on an exit address input by the request user;
the determining module is used for determining an outlet address according to the verification website and determining a device address of the terminal device according to the verification request;
the verification module is used for verifying whether the exit address belongs to the requesting user according to the equipment address;
and the binding module is used for binding the outlet address with the user account of the requesting user if yes.
D15, the address binding apparatus of D14, further comprising: an encryption module;
the encryption module is used for acquiring an outlet address input by a request user;
the encryption module is also used for encrypting the outlet address to obtain a verification website.
D16, the address binding device as described in D15, where the encryption module is further configured to store the exit address to a database, and obtain a primary key identifier of a storage location of the exit address;
The encryption module is further used for encrypting according to the primary key identifier to obtain an encrypted token;
the encryption module is further used for generating a verification website according to the encryption token.
D17, the address binding device of D16, where the encryption module is further configured to generate a concatenation string according to the primary key identifier and the encryption token;
and the encryption module is also used for encrypting the spliced character string to obtain a verification website.
D18, the address binding apparatus of D15, further comprising: a reminding module;
the reminding module is used for obtaining terminal types of a plurality of sample terminals and determining a verification mode corresponding to the verification website according to the terminal types;
the reminding module is further used for generating verification reminding information according to the verification mode and sending the verification reminding information to the requesting user.
D19, the address binding device of any one of D14 to D18, where the determining module is further configured to decrypt the verification website to obtain an exit address;
the determining module is further configured to parse the verification request to obtain an equipment address of the terminal equipment.
D20, the address binding device as described in D19, where the determining module is further configured to decrypt the verification website to obtain a data storage identifier;
the determining module is further configured to determine a target storage location according to the data storage identifier, and extract an exit address from the target storage location.

Claims (10)

1. An address binding method, characterized in that the address binding method comprises the following steps:
receiving a verification request sent by a request user when accessing a verification website through terminal equipment, wherein the verification website is generated based on an exit address input by the request user;
determining an exit address according to the verification website, and determining a device address of the terminal device according to the verification request;
verifying whether the exit address belongs to the requesting user according to the equipment address;
if yes, binding the outlet address with the user account of the requesting user.
2. The address binding method as claimed in claim 1, wherein before the step of receiving the authentication request issued when the requesting user accesses the verification web site through the terminal device, the method further comprises:
acquiring an exit address input by a request user;
And encrypting the outlet address to obtain a verification website.
3. The address binding method of claim 2, wherein the step of encrypting the exit address to obtain a verification website comprises:
storing the outlet address into a database, and acquiring a primary key identification of a storage position of the outlet address;
encrypting according to the main key identifier to obtain an encrypted token;
and generating a verification website according to the encrypted token.
4. The address binding method of claim 3, wherein the step of generating a verification web address from the encrypted token comprises:
generating a spliced character string according to the primary key identification and the encryption token;
and encrypting the spliced character string to obtain a verification website.
5. The address binding method of claim 2, wherein after the step of encrypting the exit address to obtain the check address, further comprising:
acquiring terminal types of a plurality of sample terminals, and determining a verification mode corresponding to the verification website according to the terminal types;
and generating verification reminding information according to the verification mode, and sending the verification reminding information to the requesting user.
6. The address binding method according to any one of claims 1 to 5, wherein the step of determining an exit address from the verification web address and determining a device address of the terminal device from the verification request includes:
decrypting the verification website to obtain an exit address;
and resolving the verification request to obtain the equipment address of the terminal equipment.
7. The address binding method of claim 6, wherein the step of decrypting the authentication request to obtain the exit address comprises:
decrypting the verification website to obtain a data storage identifier;
and determining a target storage position according to the data storage identification, and extracting an outlet address from the target storage position.
8. An address binding apparatus, the address binding apparatus comprising: memory, a processor and an address binding program stored on the memory and executable on the processor, which when executed by the processor implements the address binding method according to any of claims 1 to 7.
9. A storage medium having stored thereon an address binding program which when executed by a processor implements the address binding method of any one of claims 1 to 7.
10. An address binding apparatus, characterized in that the address binding apparatus comprises: the device comprises a receiving module, a determining module, a verifying module and a binding module;
the receiving module is used for receiving a verification request sent by a request user when accessing a verification website through terminal equipment, and the verification website is generated based on an exit address input by the request user;
the determining module is used for determining an outlet address according to the verification website and determining a device address of the terminal device according to the verification request;
the verification module is used for verifying whether the exit address belongs to the requesting user according to the equipment address;
and the binding module is used for binding the outlet address with the user account of the requesting user if yes.
CN202111539235.4A 2021-12-15 2021-12-15 Address binding method, device, storage medium and apparatus Pending CN116346372A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111539235.4A CN116346372A (en) 2021-12-15 2021-12-15 Address binding method, device, storage medium and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111539235.4A CN116346372A (en) 2021-12-15 2021-12-15 Address binding method, device, storage medium and apparatus

Publications (1)

Publication Number Publication Date
CN116346372A true CN116346372A (en) 2023-06-27

Family

ID=86882733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111539235.4A Pending CN116346372A (en) 2021-12-15 2021-12-15 Address binding method, device, storage medium and apparatus

Country Status (1)

Country Link
CN (1) CN116346372A (en)

Similar Documents

Publication Publication Date Title
JP5658745B2 (en) HTTP-based authentication
JP4864289B2 (en) Network user authentication system and method
EP3301881B1 (en) Method, device and system for using and invoking oauth api
US8020193B2 (en) Systems and methods for protecting web based applications from cross site request forgery attacks
CN100581103C (en) Securely processing of client credentials used for WEB-based access to resources
CN112491881B (en) Cross-platform single sign-on method, system, electronic equipment and storage medium
EP1976181A1 (en) A method, apparatus and data download system for controlling the validity of the download transaction
US20030208681A1 (en) Enforcing file authorization access
CN108322416B (en) Security authentication implementation method, device and system
US20110225641A1 (en) Token Request Troubleshooting
JP2014503094A (en) Communication method between server and client, and corresponding client, server, and system
CN106911684B (en) Authentication method and system
CN108259457B (en) WEB authentication method and device
WO2019140790A1 (en) Service tracking method and apparatus, terminal device, and storage medium
CN113381979A (en) Access request proxy method and proxy server
WO2018129753A1 (en) Method and device for downloading subscription information set, and related equipment
CN111600900B (en) Single sign-on method, server and system based on block chain
CN111444551A (en) Account registration and login method and device, electronic equipment and readable storage medium
CN112491890A (en) Access method and device
CN113783867B (en) Authentication request method and terminal
CN115622747A (en) API authorization authentication processing method and device, electronic equipment and storage medium
CN113239308B (en) Page access method, device, equipment and storage medium
CN113132317A (en) Identity authentication method, system and device
CN112565236B (en) Information authentication method, device, computer equipment and storage medium
CN112948857A (en) Document processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination