CN117220904A - Service protection method, device, electronic equipment and storage medium - Google Patents

Service protection method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN117220904A
CN117220904A CN202310955252.9A CN202310955252A CN117220904A CN 117220904 A CN117220904 A CN 117220904A CN 202310955252 A CN202310955252 A CN 202310955252A CN 117220904 A CN117220904 A CN 117220904A
Authority
CN
China
Prior art keywords
client
identity authentication
authentication
service
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310955252.9A
Other languages
Chinese (zh)
Inventor
李硕知
杨学斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenxinfu Information Security Co ltd
Original Assignee
Shenzhen Shenxinfu Information Security Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenxinfu Information Security Co ltd filed Critical Shenzhen Shenxinfu Information Security Co ltd
Priority to CN202310955252.9A priority Critical patent/CN117220904A/en
Publication of CN117220904A publication Critical patent/CN117220904A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application provides a service protection method, a device, electronic equipment and a storage medium. The method comprises the following steps: when a service access request sent by a client is intercepted, performing first identity authentication on the client; if the first identity authentication of the client passes, allowing the communication between the client and the service server so that the client sends the service access request to the service server; and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding services from the service server based on the authentication identifier and the service access request. Under the condition that the first identity authentication is successful to the client, the client can access the corresponding service from the service server according to the service access request and the authentication identifier returned by the identity authentication platform, so that the security of information in the service server is improved.

Description

Service protection method, device, electronic equipment and storage medium
Technical Field
The application belongs to the technical field of computers, and particularly relates to a service protection method, a service protection device, electronic equipment and a readable storage medium.
Background
When a user accesses a target service, the identity information of the user needs to be uploaded to an identity authentication platform, and the identity information of the user is uniformly managed by the identity authentication platform, so that the proper identity is ensured to obtain proper authorized access at proper time. The related service protection method generally maps the identity authentication platform to the external network area directly, so that the user can access the identity authentication platform directly in the external network, but because only the identity authentication platform is verified, a hacker may attack the identity authentication platform by using a spoofing or falsifying means, and thus the identity information of the user may be revealed.
Disclosure of Invention
In view of the above problems, the present application provides a service protection method, apparatus, electronic device, and storage medium, so as to improve the above problems.
In a first aspect, an embodiment of the present application provides a service protection method, which is applied to a security gateway, where the security gateway is deployed between a public network area and an intranet area, a client is deployed in the public network area, and an identity authentication platform is deployed in the intranet area, and the method includes: when a service access request sent by a client is intercepted, performing first identity authentication on the client; if the first identity authentication of the client passes, allowing communication between the client and a service server so that the client sends the service access request to the service server; and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding services from the service server based on the authentication identifier and the service access request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client.
Further, before sending the second authentication request to the authentication platform, the method further includes: receiving an authentication page access request sent by the client, wherein the authentication page access request is generated by the client based on a second authentication page address returned to the client by the service server, and the second authentication page address is obtained by redirecting the service access request by the service server; and generating the second identity authentication request based on the authentication page access request and the terminal information of the client, wherein the terminal information of the client is obtained after the security gateway performs first identity authentication on the client. The terminal information of the client can be obtained only after the first identity authentication is carried out on the client, and a second identity authentication request is generated according to the authentication page access request and the terminal information of the client, so that the information security in the service server is improved.
Further, the sending a second authentication request to the authentication platform, so that the authentication platform returns an authentication identifier to the client based on the second authentication request, so that the client accesses the corresponding service from the service server based on the authentication identifier and the service access request, including: and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform performs second identity authentication based on the second identity authentication request, and returning the authentication identifier to the client under the condition that the second identity authentication passes, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
Further, when intercepting a service access request sent by a client, performing first identity authentication on the client, including: when a service access request sent by the client is intercepted, a first identity authentication page is sent to the client; acquiring authentication information submitted by the client based on the first identity authentication page; and carrying out first identity authentication on the client based on the authentication information. By the method, the first identity authentication is carried out on the client by acquiring the authentication information submitted by the client, so that the client is ensured to be a safe client.
Further, when intercepting the service access request sent by the client, performing the first identity authentication on the client further includes: when the service access request sent by the client is intercepted, a first identity authentication page is sent to the client; acquiring authentication information submitted by the client based on the first identity authentication page; submitting the authentication information to an identity authentication platform so that the identity authentication platform can conduct first identity authentication on the client based on the authentication information. The authentication information is submitted to the identity authentication platform, so that the identity authentication platform can check the authentication information, and if network attack exists during checking, the security gateway can preferentially resist the authentication information, thereby improving the security of checking the authentication information.
In a second aspect, an embodiment of the present application provides a service protection method, applied to an identity authentication platform, where an intranet area is deployed with the identity authentication platform, where the method includes: receiving a second identity authentication request, wherein the second identity authentication request is generated based on a second authentication page address returned to a client by the service server and terminal information of the client, the terminal information of the client is a service access request sent by a security gateway intercepted to the client, the first identity authentication is carried out on the client, and the security gateway is used for being deployed between a public network area and an intranet area; and returning an authentication identifier to the client based on the second identity authentication request, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
Further, the returning the authentication identifier to the client based on the second identity authentication request includes: analyzing the second identity authentication request to acquire terminal information of the client; determining whether second identity authentication is required to be performed on the client based on terminal information of the client; if the second identity authentication needs to be carried out on the client side, a second identity authentication page is returned to the client side, so that the client side feeds back second identity authentication information to the identity authentication platform based on the second identity authentication page; and carrying out second identity authentication on the client based on the second identity authentication information, and returning a corresponding authentication identifier to the client under the condition that the second identity authentication of the client is confirmed to pass. And the second identity authentication is carried out on the client through the identity authentication platform, so that the safety of data in the service server is further ensured.
Further, the method further comprises: and if the fact that the second identity authentication is not needed for the client is determined, returning a corresponding authentication identifier to the client.
In a third aspect, an embodiment of the present application provides a service protection device, running in a security gateway, where the device includes: a first authentication unit, a communication permission unit, and a second authentication request transmission unit. The first identity authentication unit is used for carrying out first identity authentication on the client when intercepting a service access request sent by the client; a communication allowing unit, configured to allow communication between the client and a service server if the first identity authentication of the client passes, so that the client sends the service access request to the service server; and the second identity authentication request sending unit is used for sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding service from the service server based on the authentication identifier and the service access request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client.
In a fourth aspect, an embodiment of the present application provides a service protection device, which operates on an identity authentication platform, where the device includes: and the second identity authentication request receiving unit and the service acquisition unit. The second identity authentication request receiving unit is used for receiving a second identity authentication request, the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client, the terminal information of the client is a service access request sent by the security gateway to the client, the security gateway is obtained after performing first identity authentication on the client, and the security gateway is used for being deployed between a public network area and an intranet area; and the service acquisition unit is used for returning an authentication identifier to the client based on the second identity authentication request, so that the client accesses the corresponding service from the service server based on the authentication identifier and the service access request.
In a fifth aspect, an embodiment of the present application provides a service protection electronic device, including one or more processors and a memory; one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods described above.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having program code stored therein, wherein the above-described method is performed when the program code is run.
The embodiment of the application provides a service protection method, a device, electronic equipment and a storage medium. The method comprises the following steps: when the security gateway intercepts a service access request sent by a client, the security gateway carries out first identity authentication on the client, and only if the first identity authentication of the client is successful, the security gateway releases the service access request, so that the client communicates with a service server and sends a second identity authentication request to an identity authentication platform, so that the identity authentication platform can return an authentication identifier to the client based on the second identity authentication request, and the client can acquire service data from the service server according to the service access request and the authentication identifier returned by the identity authentication platform, thereby improving the security of information in the service server.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows an application scenario diagram of a service protection method according to an embodiment of the present application;
fig. 2 is a flowchart of a service protection method according to an embodiment of the present application;
fig. 3 is a flowchart of a service protection method according to still another embodiment of the present application;
fig. 4 is a flowchart of a service protection method according to still another embodiment of the present application;
fig. 5 is a schematic deployment diagram of a service protection method according to still another embodiment of the present application;
fig. 6 is a flowchart of a service protection method according to still another embodiment of the present application;
fig. 7 is a flowchart of a service protection method according to still another embodiment of the present application;
fig. 8 is a block diagram illustrating a service protection method according to still another embodiment of the present application;
fig. 9 is a block diagram of a service protection method according to still another embodiment of the present application;
fig. 10 shows a block diagram of an electronic device for executing the service protection method according to the embodiment of the present application in real time;
fig. 11 shows a storage unit for storing or carrying program codes for implementing the service protection method according to an embodiment of the present application in real time.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the existing market, when a client accesses a service server, the client needs to access an identity authentication platform, authentication information of the client is stored in the identity authentication platform, and the client is ensured to acquire proper authorized access at proper time.
The inventor finds that in the research of the related service protection method, the related service protection method generally maps the identity authentication platform to the public network area directly, so that a user can access the identity authentication platform directly in the public network area, but as the identity authentication platform is only verified and is directly exposed in the public network area, a hacker can attack the identity authentication platform by using a deception or tamper means without any condition, thereby possibly causing the identity information of the user to be revealed.
Therefore, the inventor proposes a service protection method, a service protection device, an electronic device and a storage medium. When a service access request sent by a client is intercepted, first identity authentication is carried out on the client, if the first identity authentication of the client passes, communication is allowed between the client and a service server, so that the client sends the service access request to the service server, and then a second identity authentication request is sent to an identity authentication platform, so that the identity authentication platform returns an authentication identification to the client based on the second identity authentication request, and the client accesses corresponding service from the service server based on the authentication identification and the service access request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client. Under the condition that the first identity authentication is successful to the client, the client can access the corresponding service from the service server according to the service access request and the authentication identifier returned by the identity authentication platform, so that the security of information in the service server is improved.
Referring to fig. 1, the service protection method provided by the embodiment of the present application may be applied to an authentication system 100, where the authentication system 100 may include a client 110, a security gateway 120, an identity authentication platform 130, and a service server 140. The client 110 is in communication connection with the security gateway 120, and the client 110 is deployed in a public network area and can be an electronic device for sending a service access request, and can include a computer, a mobile phone, a tablet and the like; the security gateway 120 is disposed between the public network area and the intranet area, and is a network device that forwards the service access request sent by the client 110, and intercepts the service access request when the client 110 sends the service access request to the service server 140; the identity authentication platform 130 is deployed in an intranet area, and is a device for storing authentication information and terminal information of the client 110, when the identity authentication platform 130 has a fault, the client 110 can bypass the identity authentication platform 130 and not perform second identity authentication, and directly access the service server 140; the service server 140 is deployed in an intranet area, and may be a single server or multiple server resources for providing service data to the client 110. When a network attack exists, the security gateway 120 deployed between the public network area and the intranet area intercepts the network attack preferentially, so as to protect the identity authentication platform 130 from the attack.
Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 2, an embodiment of the present application provides a service protection method applied to a security gateway, where the security gateway is deployed between a public network area and an intranet area, a client is deployed in the public network area, and an identity authentication platform is deployed in the intranet area, and the method includes:
step S110: when a service access request sent by a client is intercepted, first identity authentication is carried out on the client.
In the embodiment of the application, the service access request is a request for acquiring service data sent by the client to the service server, the security gateway is deployed between the public network area and the intranet area, the client is deployed in the public network area, and the data sent by the client to the service server is distributed through the security gateway. When the client needs to acquire the service from the service server, the client sends a service access request to the service server, and the security gateway intercepts the service access request sent by the client and performs first identity authentication on the client. The client may include a computer, a mobile phone, etc., and is not limited herein, and the service server is used to characterize a server that provides a service to the client.
As one way, a listening interface may be provided in the security gateway to listen for whether the client sends a service access request. When the security gateway monitors that the client side sends a service access request to the service server through the monitoring interface, the service access request sent by the client side is intercepted.
When the security gateway intercepts a service access request sent by a client, the security gateway can acquire terminal information of the client through the service access request, and determine a corresponding client according to the terminal information, so that after first identity authentication is completed on the client, an authentication result is obtained, and then the authentication result is sent to the client through a two-dimensional code or short message mode.
As one way, the terminal information may be client IP (Internet Protocol Address ) information. When the security gateway intercepts a service access request, acquiring client IP (Internet Protocol Address ) information included in the service access request, and inquiring whether corresponding authentication information exists in a first preset storage area according to the acquired client IP information. If the authentication information corresponding to the IP information of the client is queried in the first preset storage area, determining that the client corresponding to the IP information of the client passes the first identity authentication; if the authentication information corresponding to the IP information of the client is not found in the first preset storage area, determining that the client corresponding to the IP information of the client does not pass the first identity authentication. The first preset storage area is used for representing an area for storing data in the security gateway. The authentication information may include a user account password, a short message check code, and a user name, which is not specifically limited herein.
Step S120: and if the first identity authentication of the client passes, allowing the client to communicate with a service server so that the client sends the service access request to the service server.
In the embodiment of the application, when the security gateway determines that the first identity authentication of the client passes, the intercepted service access request is released, meanwhile, the flow of the client accessing the service server is released, and communication connection is established between the client and the service server, so that the service access request reaches the service server. The communication connection may be a TCP (Transmission Control Protocol ) connection, among other things.
As a way, if the service server receives the service access request, whether authentication information of the client corresponding to the access request exists is queried in a preset database, and if the authentication information corresponding to the client does not exist, the service corresponding to the service access request is refused to be provided to the client, and the service is redirected to the second identity authentication page address.
As another way, if the service server queries that the authentication information of the client corresponding to the access request exists in the preset database, the client may obtain, from the service server, the service corresponding to the service access request according to the service access request.
Step S130: and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding services from the service server based on the authentication identifier and the service access request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client.
In the embodiment of the application, the identity authentication platform is a platform for storing authentication information and terminal information corresponding to each of a plurality of clients, and in the embodiment of the application, the identity authentication platform can be a IAM (Identity and Access Management) server; the second identity authentication request is an authentication page access request added with a security gateway identification access request, wherein the authentication page access request is an access request sent by a client to an identity authentication platform. And sending a second identity authentication request to the identity authentication platform, analyzing the received second identity authentication request by the identity authentication platform so as to acquire the terminal information of the client, and checking whether the terminal information of the client exists in a second preset storage area by the identity authentication platform. If the terminal information of the client exists in the second preset storage area, determining whether to carry out second identity authentication on the client according to the terminal information of the client and the application to be accessed by the client. Whether the second identity authentication is carried out or not, the identity authentication platform returns an authentication identifier to the client, so that the client sends a service access request carrying the authentication identifier to the service server, after the service server receives the authentication identifier and the service access request, the authentication identifier is sent to the identity authentication platform, the identity authentication platform checks the authentication identifier, if the identity authentication platform determines that the authentication identifier is the authentication identifier generated at the previous moment, the authentication identifier is determined to be successfully checked, authentication information in a second preset storage area is returned to the service server, the service server determines that the authentication information is authentication information of the client corresponding to the service access request after receiving the authentication information, the authentication information is stored, and the client is allowed to acquire services corresponding to the service access request from the service server. The second preset storage area is used for representing an area for storing data in the identity authentication platform. The authentication identifier is used for representing a character string randomly generated by the identity authentication platform.
As one way, when the identity authentication platform randomly generates a character string and takes the character string as an authentication identifier, the generated character string is stored in the database. When the client sends the authentication identifier to the identity authentication platform for verification, the identity authentication platform compares the character strings in the authentication identifier with the character strings stored in the database, and if the database determines that the character strings corresponding to the authentication identifier exist, the verification of the authentication identifier is determined to be successful; if the database type determines that the character string corresponding to the authentication identifier does not exist, the authentication identifier is determined to be failed to check.
The service protection method provided by the embodiment of the application is applied to the security gateway, and is characterized in that when a service access request sent by a client is intercepted, first identity authentication is carried out on the client, if the first identity authentication of the client passes, communication is allowed between the client and a service server, so that the client sends the service access request to the service server, and then a second identity authentication request is sent to an identity authentication platform, so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding service from the service server based on the authentication identifier and the service access request. Under the condition that the first identity authentication is successful to the client, the client can access the corresponding service from the service server according to the service access request and the authentication identifier returned by the identity authentication platform, so that the security of information in the service server is improved.
Referring to fig. 3, an embodiment of the present application provides a service protection method applied to a security gateway, where the method includes:
step S210: and when the service access request sent by the client is intercepted, sending a first identity authentication page to the client.
In the embodiment of the application, the first identity authentication page is a page on which the user fills in authentication information to authenticate. When the security gateway intercepts a service access request sent by a client to a service server, the security gateway detects whether a first identity authentication tag exists in the client corresponding to the service access request, if the first identity authentication tag does not exist in the client, the fact that the client does not complete the first identity authentication is determined, and a first identity authentication page is sent to the client. The first identity authentication identification is used for representing an identification generated by the client after the first identity authentication is successful on the client, the first identity authentication is used for representing authentication on the client by the security gateway, and the first identity authentication page is used for representing a page of the first identity authentication on the client.
As one way, the client may only have a preset time after generating the first authentication tag, and after the preset time, the client may automatically delete the first authentication tag. If the first identity authentication tag exists in the client, in a preset time, when the security gateway intercepts that the client sends a service access request to the service server, directly releasing the service access, so that the service access request can reach the service server; after the preset time, when the client sends a service access request to the service server, the security gateway intercepts the service access request until the first identity authentication of the client is successful, and then the service access request is put through.
As a way, after the client completes the first identity authentication, the security gateway marks the client, a monitoring interface in the security gateway monitors whether the marked client transmits a service access request, and when the marked client transmits the service access request to the service server, the service access request is directly passed through so that the service access request can reach the service server.
Step S220: and acquiring authentication information submitted by the client based on the first identity authentication page.
In the embodiment of the application, after the client receives the first identity authentication page sent by the security gateway, the authentication information is filled in the first identity authentication page, and submitted to the security gateway, and the security gateway receives the authentication information.
Step S230: and carrying out first identity authentication on the client based on the authentication information.
In the embodiment of the application, after the security gateway acquires the authentication information submitted by the client, the acquired authentication information is compared with the authentication information in the first preset storage area. If the acquired authentication information is the same as the authentication information in the first preset storage area, determining that the first identity authentication of the client passes; if the acquired authentication information is different from the authentication information in the first preset storage area, the first identity authentication of the client is determined to be failed.
As a way, the authentication information and the terminal information corresponding to the client are pre-stored in the second preset storage area in the identity authentication platform, and the identity authentication platform synchronizes the authentication information and the terminal information to the first preset storage area of the security gateway. After the security gateway obtains authentication information submitted by the client, comparing the obtained authentication information with authentication information stored in a first preset storage area, so as to determine whether the first identity authentication of the client is passed.
Step S240: and if the first identity authentication of the client passes, allowing the client to communicate with a service server so that the client sends the service access request to the service server.
Step S240 may be specifically explained with reference to the above embodiments, so that details of this embodiment will not be repeated.
Step S250: and receiving an authentication page access request sent by the client, wherein the authentication page access request is generated by the client based on a second identity authentication page address returned to the client by the service server, and the second identity authentication page address is obtained by redirecting the service access request by the service server.
In the embodiment of the application, after the client sends the service access request to the service server, the service checks whether the terminal information of the client is stored, and if the terminal information of the client is determined to be absent, the service server redirects the terminal information to the second identity authentication page address and sends the second identity authentication page address to the client. And after the client receives the second identity authentication page address, generating an authentication page access request according to the received second identity authentication page address. For example, if the second authentication page address is an address related to the authentication platform, the client sends an authentication page access request to the authentication platform.
As a way, the user may preset the destination port of the accessed service server, and when determining that the service server corresponding to the service access request sent by the client is the destination port, the service server redirects to the second identity authentication page address, otherwise, the service server does not redirect. For example, the destination port of the service server is set to 80/443 and the specified http port, and if the port of the service server accessed by the client is not 80/443 and is not the specified http port, the security gateway is not redirected to the second authentication page address; if the port of the service server accessed by the client is 80/443 or is a designated http port, the security gateway redirects to the second authentication page address.
Step S260: and generating the second identity authentication request based on the authentication page access request and the terminal information of the client, wherein the terminal information of the client is obtained after the security gateway performs first identity authentication on the client.
In the embodiment of the application, after the security gateway receives the authentication page access request sent by the client, the security gateway identification is added in the authentication page access request, so that a second identity authentication request is obtained. The second identity authentication request is used for representing a request for carrying out second identity authentication sent by the client to the identity authentication platform, and the security gateway identifier comprises terminal information of the client.
As one way, when the security gateway obtains the authentication information submitted by the client and verifies the authentication information, so as to obtain the terminal information of the client after determining that the first identity authentication of the client passes. The terminal information of the client may include a user account number and client IP information, which is not specifically limited herein.
As one way, the security gateway identifier is an identifier obtained by encrypting, by the security gateway, a plurality of data including terminal information of the client according to the public key, and a corresponding private key exists in the identity authentication platform, so that the security gateway identifier can be decrypted.
Step S270: and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform performs second identity authentication based on the second identity authentication request, and returning the authentication identifier to the client under the condition that the second identity authentication passes, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
In the embodiment of the application, after the security gateway generates a second identity authentication request according to the authentication page access request and the security gateway identification, the second identity authentication request is sent to the identity authentication platform. And after the identity authentication platform receives the second identity authentication request, decoding the security gateway identification in the identity authentication request according to the private key, so as to obtain the terminal information of the client. And the identity authentication platform determines whether to perform second identity authentication on the client according to the acquired terminal information of the client and the application corresponding to the service access request. If the second identity authentication is determined to be carried out on the client, the second identity authentication of the client is determined to pass, and an authentication identification is returned to the client. After receiving the authentication identifier, the client sends the authentication identifier and the service access request to the service server, the service server receives the authentication identifier and the service access request and then sends the authentication identifier to the identity authentication platform, if the identity authentication platform inquires that the character string identical to the authentication identifier exists in the database, the authentication information in the second preset storage area is returned to the service server, the service server stores the returned authentication information, and simultaneously, the service server responds to the service access request, so that the client can acquire corresponding service from the service server according to the service access request.
As a mode, after the identity authentication platform decodes the security gateway identification according to the private key to obtain the terminal information of the client, checking whether the terminal information of the client stored in advance exists in a second preset storage area, and if so, determining whether to perform second identity authentication on the client according to the obtained terminal information of the client and the application corresponding to the service access request; if not, the client cannot perform the second identity authentication.
In one mode, after determining that the terminal information of the client stored in advance exists in the second preset storage area, checking an application corresponding to the service access request, and checking whether the client meets preset conditions according to the terminal information of the client. The preset condition may be that only the client side has the right of higher right or medium right to access the application. The rights of the client may include a higher right, a middle right and a lower right. After determining that the client corresponding to the terminal information of the client meets the preset condition, determining to perform second identity authentication on the client; otherwise, the second identity authentication is not carried out on the client.
As a way, if it is determined to perform the second identity authentication on the client, a second identity authentication page is sent to the client, and the client fills in second identity authentication information based on the second identity authentication page and feeds back to the identity authentication platform. The second identity authentication information may be a two-dimensional code and a short message verification code, which is not specifically limited herein.
The service protection method provided by the embodiment of the application is applied to the security gateway, firstly, the security gateway intercepts a service access request sent by a client and sends a first identity authentication page to the client, the client submits authentication information to the security gateway according to the identity authentication page, and the security gateway verifies the authentication information, so that only under the condition that the client passes the first identity authentication, a second identity authentication request is generated according to the authentication page request sent by the client and terminal information, and the second identity authentication request is sent to the identity authentication platform, so that the identity authentication platform returns an authentication identifier to the client according to the second identity authentication request, and the client accesses corresponding service from the service server based on the authentication identifier and the service access request, thereby improving the security of the information in the service server.
Referring to fig. 4, a service protection method provided by an embodiment of the present application is applied to a security gateway, and the method includes:
step S310: and when the service access request sent by the client is intercepted, a first identity authentication page is sent to the client.
Step S320: and acquiring authentication information submitted by the client based on the first identity authentication page.
The specific explanation of step S310 to step S320 in the above embodiment can be referred to, so that the details of this embodiment will not be repeated.
Step S330: submitting the authentication information to an identity authentication platform so that the identity authentication platform can conduct first identity authentication on the client based on the authentication information.
In the embodiment of the application, after the security gateway acquires the authentication information submitted by the client, the acquired authentication information is compared with the authentication information in the second preset storage area, if the acquired authentication information is identical to the authentication information in the second preset storage area, the client is determined to pass through the first identity authentication, and an authentication result is returned to the security gateway; if the acquired authentication information is different from the authentication information in the second preset storage area, the fact that the client fails the first identity authentication is determined, and an authentication result is returned to the security gateway.
Step S340: and if the first identity authentication of the client passes, allowing the client to communicate with a service server so that the client sends the service access request to the service server.
Step S350: and receiving an authentication page access request sent by the client, wherein the authentication page access request is generated by the client based on a second authentication page address returned to the client by the service server, and the second authentication page address is obtained by redirecting the service access request by the service server.
Step S360: and generating the second identity authentication request based on the authentication page access request and the terminal information of the client, wherein the terminal information of the client is obtained after the security gateway performs first identity authentication on the client.
Step S370: and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform performs second identity authentication based on the second identity authentication request, and returning the authentication identifier to the client under the condition that the second identity authentication passes, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
The details of step S340 to step S370 can be specifically explained in the above embodiments, so that the details of this embodiment will not be repeated.
For example, as shown in fig. 5, in step S310 to step S370, the security gateway intercepts a service access request sent by the client to the service server, and sends a first identity authentication page to the client, and when the client submits authentication information according to the first identity authentication page, the security gateway submits the authentication information to the identity authentication platform, the identity authentication platform verifies the authentication information, and returns an authentication result to the security gateway. And if the authentication result received by the security gateway is that the client passes the first identity authentication, releasing the service access request, and releasing the flow of the client for accessing the service server, so that the client can continuously access the service server. When the service server receives the service access request sent by the client, the service server redirects to the second identity authentication page address and sends the second identity authentication page address to the client as the service server detects that the authentication information of the client is not stored, and after the client receives the second identity authentication page address, an authentication page access request is sent to the identity authentication platform according to the second identity authentication page address so as to access the identity authentication platform, and a security gateway identification is added to the authentication page access request by the security gateway to serve as the second identity authentication request. After the identity authentication platform receives the second identity authentication request, decrypting the security gateway identifier in the second identity authentication request to obtain terminal information of the client, and judging whether to perform second identity authentication on the client according to the terminal information of the client and the application corresponding to the service access request. After authentication is completed, an authentication identifier is generated by the identity authentication platform and returned to the client, the authentication identifier and a service access request are sent to the service server by the client, and after the service server receives the authentication identifier and the service access request, the authentication identifier is sent to the identity authentication platform, and authentication information is returned to the service server by the identity authentication platform according to the authentication identifier for storage, so that the client can acquire a service corresponding to the service access request in the service server.
The service protection method provided by the embodiment of the application is applied to the security gateway, firstly, the security gateway intercepts a service access request sent by a client and sends a first identity authentication page to the client, the client submits authentication information to the security gateway according to the identity authentication page, the security gateway submits the authentication information to the identity authentication platform for verification, and the identity authentication platform returns an authentication result to the security gateway, so that a second identity authentication request is generated according to the authentication page request sent by the client and terminal information only when the client passes the first identity authentication, and the second identity authentication request is sent to the identity authentication platform, so that the identity authentication platform returns an authentication identifier to the client according to the second identity authentication request, and the client accesses corresponding service from the service server based on the authentication identifier and the service access request, thereby improving the security of information in the service server.
Referring to fig. 6, an embodiment of the present application provides a service protection method applied to an identity authentication platform, where the method includes:
step S410: and receiving a second identity authentication request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client, the terminal information of the client is a service access request sent by the security gateway to the client, the first identity authentication is carried out on the client, and the security gateway is used for being deployed between a public network area and an intranet area.
In the embodiment of the application, when the client sends the authentication page access request to the identity authentication platform, the security gateway adds the security gateway identification to the authentication page access request so as to obtain a second identity authentication request, and the identity authentication platform receives the second identity authentication request.
Step S420: and returning an authentication identifier to the client based on the second identity authentication request, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
In the embodiment of the application, after the identity authentication platform receives the second identity authentication request, the security gateway identification in the second identity authentication request is decrypted through the private key to obtain the terminal information of the client. And the identity authentication platform determines whether to perform second identity authentication on the client according to the acquired terminal information of the client and the application corresponding to the service access request. And if the second identity authentication is determined to be carried out on the client, and the second identity authentication to the client is determined to pass, an authentication identifier is returned to the client. And when the client receives the authentication identifier, sending the authentication identifier and the service access request to the service server, and after the service server receives the authentication identifier and the service access request, sending the authentication identifier to the identity authentication platform. If the identity authentication platform inquires that the character string which is the same as the authentication identification exists in the database, the authentication information stored in the second preset storage area is returned to the service server, the service server stores the returned authentication information, and simultaneously, the service server responds to the service access request to enable the client to acquire the corresponding service from the service server according to the service access request.
The application provides a service protection method, which is applied to an identity authentication platform, and is characterized in that a second identity authentication request is received firstly, the second identity authentication request is generated based on a second authentication page address returned to a client side by a service server and terminal information of the client side, the terminal information of the client side is obtained after a security gateway intercepts a service access request sent to the client side and carries out first identity authentication on the client side, the security gateway is used for being deployed between a public network area and the intranet area, and then an authentication identifier is returned to the client side based on the second identity authentication request, so that the client side accesses corresponding service from the service server based on the authentication identifier and the service access request. By the method, the authentication identification is returned to the client through the identity authentication platform according to the received second identity authentication request, so that the client obtains the corresponding service from the service server according to the authentication identification and the service access request, and the data security in the service server is further ensured through the identity authentication platform.
Referring to fig. 7, an embodiment of the present application provides a service protection method applied to an identity authentication platform, where the method includes:
Step S510: and receiving a second identity authentication request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client, the terminal information of the client is a service access request sent by the security gateway to the client, the first identity authentication is carried out on the client, and the security gateway is used for being deployed between a public network area and an intranet area.
Step S510 may be specifically explained with reference to the above embodiments, so that the details of this embodiment will not be repeated.
Step S520: and analyzing the second identity authentication request to acquire the terminal information of the client.
In the embodiment of the application, after the second identity authentication request is acquired, the security gateway identification in the second identity authentication request is decrypted according to the private key, so that the terminal information of the client is acquired. The private key is self contained in the identity authentication platform.
Step S530: and determining whether second identity authentication is needed to be carried out on the client based on the terminal information of the client.
In the embodiment of the application, after the identity authentication platform decrypts the security gateway identification according to the private key so as to obtain the terminal information of the client, checking whether the terminal information of the client is stored in advance in a second preset storage area, and if so, determining whether to perform second identity authentication on the client according to the acquired terminal information of the client and the application corresponding to the service access request; if not, the client cannot perform the second identity authentication.
Step S540: judging whether the second identity authentication is required to be performed on the client, and if so, executing step S550 and step S560; if not, step S570 is performed.
In the embodiment of the application, if it is determined that the terminal information of the client exists in the second preset storage area, whether to perform second identity authentication on the client is determined according to the acquired terminal information of the client and the application corresponding to the service access request.
As a mode, determining the authority of the client under the application corresponding to the service access request according to the acquired terminal information of the client, and if the authority of the client is determined to be high-level authority or medium-level authority under the application, determining to perform second identity authentication on the client; if the permission of the client is determined to be low-level permission under the application, the client is determined not to be subjected to second identity authentication.
Step S550: and returning a second identity authentication page to the client so that the client feeds back second identity authentication information to the identity authentication platform based on the second identity authentication page.
In the embodiment of the application, if the identity authentication platform determines that the second identity authentication needs to be performed on the client, the second identity authentication page is sent to the client, the client fills in second identity authentication information on the second identity authentication page, and submits the second identity authentication information to the identity authentication platform.
The identity authentication platform returns a second identity authentication page to the client, if the two-dimensional code exists on the second identity authentication page, the client scans the two-dimensional code on the second identity authentication page and determines the two-dimensional code, and then returns information of successful scanning to the identity authentication platform.
Step S560: and carrying out second identity authentication on the client based on the second identity authentication information, and returning a corresponding authentication identifier to the client under the condition that the second identity authentication of the client is confirmed to pass, so that the client accesses corresponding service from the service server based on the authentication identifier and a service access request.
In the embodiment of the application, after the identity authentication platform receives the second identity authentication information fed back by the client, a character string is randomly generated under the condition that the second identity authentication of the client is confirmed to pass, and the character string is returned to the client as an authentication identifier. After receiving the authentication identifier, the client sends the authentication identifier and the service access request to the service server, after the service server receives the authentication identifier and the service access request, the authentication identifier is sent to the identity authentication platform, if the identity authentication platform queries the character strings with the same authentication identifier in the database, the authentication information in the second preset storage area is returned to the service server, the service server stores the returned authentication information, and meanwhile, the client can acquire corresponding service from the service server according to the received service access request.
As a way, after the client passes the first identity authentication, the security gateway communicates the service access request so that the service access request can reach the service server, and if the service server determines that the authentication information of the client corresponding to the service access request is stored, the client is allowed to acquire the service corresponding to the service access request from the service server.
Step S570: and returning a corresponding authentication identifier to the client.
In the embodiment of the application, if the identity authentication platform determines that the second identity authentication is not needed for the client, the character string is randomly generated and returned to the client as the authentication identifier.
The application provides a business protection method, which is applied to an identity authentication platform, and comprises the steps of firstly analyzing a second identity authentication request through a security gateway to obtain terminal information, determining whether to carry out second identity authentication on a client according to the terminal information, if so, returning a second identity authentication page to the client to enable the client to submit the second identity authentication information, and returning an authentication identifier to the client under the condition that the second identity authentication passes, so that the client obtains a business from a business server according to the authentication identifier and a business access request; if not, directly returning the authentication identification. Therefore, the second identity authentication is carried out on the client through the identity authentication platform, and the data security in the service server is further ensured.
Referring to fig. 8, an embodiment of the present application provides a service protection device 600, which operates in a security gateway, where the device 600 includes:
a first identity authentication unit 610, configured to perform a first identity authentication on a client when intercepting a service access request sent by the client;
as one way, the first identity authentication unit 610 is further configured to send a first identity authentication page to the client when intercepting a service access request sent by the client; acquiring authentication information submitted by the client based on the first identity authentication page; and carrying out first identity authentication on the client based on the authentication information.
Optionally, the first identity authentication unit 610 is further configured to send a first identity authentication page to the client when intercepting the service access request sent by the client; acquiring authentication information submitted by the client based on the first identity authentication page; submitting the authentication information to an identity authentication platform so that the identity authentication platform can conduct first identity authentication on the client based on the authentication information.
A communication allowing unit 620, configured to allow communication between the client and the service server if the first identity authentication of the client passes, so that the client sends the service access request to the service server;
And a second identity authentication request sending unit 630, configured to send a second identity authentication request to the identity authentication platform, so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, so that the client accesses a corresponding service from the service server based on the authentication identifier and the service access request, where the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client.
As a way, the second identity authentication request sending unit 630 is further configured to receive an authentication page access request sent by the client, where the authentication page access request is generated by the client based on a second authentication page address returned to the client by the service server, and the second authentication page address is obtained by redirecting the service access request by the service server; and generating the second identity authentication request based on the authentication page access request and the terminal information of the client, wherein the terminal information of the client is obtained after the security gateway performs first identity authentication on the client.
Optionally, the second identity authentication request sending unit 630 is further configured to send a second identity authentication request to the identity authentication platform, so that the identity authentication platform performs second identity authentication based on the second identity authentication request, and returns the authentication identifier to the client when the second identity authentication passes, so that the client accesses the corresponding service from the service server based on the authentication identifier and the service access request.
Referring to fig. 9, an embodiment of the present application provides a service protection device 700, which operates on an identity authentication platform, where the device 700 includes:
a second identity authentication request receiving unit 710, configured to receive a second identity authentication request, where the second identity authentication request is generated based on a second authentication page address returned by the service server to the client and terminal information of the client, where the terminal information of the client is a service access request that is intercepted by a security gateway to be sent to the client, and obtained after performing first identity authentication on the client, where the security gateway is configured to be deployed between a public network area and the intranet area;
and a service obtaining unit 720, configured to return an authentication identifier to the client based on the second identity authentication request, so that the client accesses a corresponding service from the service server based on the authentication identifier and a service access request.
As a way, the service obtaining unit 720 is further configured to parse the second identity authentication request to obtain terminal information of the client; determining whether second identity authentication is required to be performed on the client based on terminal information of the client; if the second identity authentication needs to be carried out on the client side, a second identity authentication page is returned to the client side, so that the client side feeds back second identity authentication information to the identity authentication platform based on the second identity authentication page; and carrying out second identity authentication on the client based on the second identity authentication information, and returning a corresponding authentication identifier to the client under the condition that the second identity authentication of the client is confirmed to pass.
Optionally, the service obtaining unit 720 is further configured to return a corresponding authentication identifier to the client if it is determined that the second identity authentication is not required for the client.
It should be noted that, in the present application, the device embodiment and the foregoing method embodiment correspond to each other, and specific principles in the device embodiment may refer to the content in the foregoing method embodiment, which is not described herein again.
An electronic device according to the present application will be described with reference to fig. 10.
Referring to fig. 10, based on the above-mentioned data processing method and apparatus, another electronic device 800 capable of executing the foregoing data processing method is provided in the embodiment of the present application. The electronic device 800 includes one or more (only one shown) processors 802, memory 804, and a network module 806 coupled to each other. The memory 804 stores therein a program capable of executing the contents of the foregoing embodiments, and the processor 802 can execute the program stored in the memory 804.
Wherein the processor 802 may include one or more processing cores. The processor 802 utilizes various interfaces and lines to connect various portions of the overall electronic device 800, perform various functions of the server 800, and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 804, and invoking data stored in the memory 804. Alternatively, the processor 802 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 802 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for being responsible for rendering and drawing of display content; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 802 and may be implemented solely by a single communication chip.
The Memory 804 may include random access Memory (Random Access Memory, RAM) or Read-Only Memory (rom). Memory 504 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 504 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (e.g., a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described below, etc. The storage data area may also store data created by the electronic device 500 in use (e.g., phonebook, audiovisual data, chat log data), and the like.
The network module 806 is configured to receive and transmit electromagnetic waves, and to implement mutual conversion between electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices, such as an audio playback device. The network module 806 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and the like. The network module 806 may communicate with various networks such as the internet, intranets, wireless networks, or with other devices via wireless networks. The wireless network may include a cellular telephone network, a wireless local area network, or a metropolitan area network. For example, the network module 806 may interact with base stations.
Referring to fig. 11, a block diagram of a computer readable storage medium according to an embodiment of the present application is shown. The computer readable storage medium 900 has stored therein program code that can be invoked by a processor to perform the methods described in the method embodiments described above.
The computer readable storage medium 900 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Optionally, computer readable storage medium 900 includes non-volatile computer readable media (non-transitory computer-readable storage medium). The computer readable storage medium 900 has storage space for program code 910 that performs any of the method steps described above. The program code can be read from or written to one or more computer program products. Program code 910 may be compressed, for example, in a suitable form.
The embodiment of the application provides a service protection method, a device, electronic equipment and a storage medium. The method comprises the following steps: when a service access request sent by a client is intercepted, performing first identity authentication on the client; if the first identity authentication of the client passes, allowing the communication between the client and the service server so that the client sends the service access request to the service server; and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding services from the service server based on the authentication identifier and the service access request. Under the condition that the first identity authentication is successful to the client, the client can access the corresponding service from the service server according to the service access request and the authentication identifier returned by the identity authentication platform, so that the security of information in the service server is improved.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.

Claims (11)

1. The service protection method is characterized by being applied to a security gateway, wherein the security gateway is used for being deployed between a public network area and an intranet area, and the intranet area is provided with an identity authentication platform, and the method comprises the following steps:
when a service access request sent by a client is intercepted, performing first identity authentication on the client;
if the first identity authentication of the client passes, allowing communication between the client and a service server so that the client sends the service access request to the service server;
and sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding services from the service server based on the authentication identifier and the service access request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client.
2. The method of claim 1, wherein prior to sending the second authentication request to the authentication platform, further comprises:
receiving an authentication page access request sent by the client, wherein the authentication page access request is generated by the client based on a second authentication page address returned to the client by the service server, and the second authentication page address is obtained by redirecting the service access request by the service server;
and generating the second identity authentication request based on the authentication page access request and the terminal information of the client, wherein the terminal information of the client is obtained after the security gateway performs first identity authentication on the client.
3. The method of claim 1, wherein the sending a second authentication request to the authentication platform to cause the authentication platform to return an authentication identifier to the client based on the second authentication request, such that the client accesses a corresponding service from the service server based on the authentication identifier and the service access request, comprises:
And sending a second identity authentication request to the identity authentication platform so that the identity authentication platform performs second identity authentication based on the second identity authentication request, and returning the authentication identifier to the client under the condition that the second identity authentication passes, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
4. The method according to claim 1, wherein said performing a first identity authentication on the client when intercepting a service access request sent by the client comprises:
when a service access request sent by the client is intercepted, a first identity authentication page is sent to the client;
acquiring authentication information submitted by the client based on the first identity authentication page;
and carrying out first identity authentication on the client based on the authentication information.
5. The method of claim 1, wherein the first authentication of the client when intercepting the service access request sent by the client further comprises:
when the service access request sent by the client is intercepted, a first identity authentication page is sent to the client;
Acquiring authentication information submitted by the client based on the first identity authentication page;
submitting the authentication information to an identity authentication platform so that the identity authentication platform can conduct first identity authentication on the client based on the authentication information.
6. The service protection method is characterized by being applied to an identity authentication platform, wherein the security gateway is used for being deployed between a public network area and an intranet area, the intranet area is provided with the identity authentication platform, and the method comprises the following steps:
receiving a second identity authentication request, wherein the second identity authentication request is generated based on a second authentication page address returned to a client by the service server and terminal information of the client, the terminal information of the client is a service access request sent by a security gateway intercepted to the client, the first identity authentication is carried out on the client, and the security gateway is used for being deployed between a public network area and an intranet area;
and returning an authentication identifier to the client based on the second identity authentication request, so that the client accesses corresponding service from the service server based on the authentication identifier and the service access request.
7. The method of claim 6, wherein the returning an authentication identification to the client based on the second authentication request comprises:
analyzing the second identity authentication request to acquire terminal information of the client;
determining whether second identity authentication is required to be performed on the client based on terminal information of the client;
if the second identity authentication needs to be carried out on the client side, a second identity authentication page is returned to the client side, so that the client side feeds back second identity authentication information to the identity authentication platform based on the second identity authentication page;
and carrying out second identity authentication on the client based on the second identity authentication information, and returning a corresponding authentication identifier to the client under the condition that the second identity authentication of the client is confirmed to pass.
8. The method of claim 7, wherein the method further comprises:
and if the fact that the second identity authentication is not needed for the client is determined, returning a corresponding authentication identifier to the client.
9. A traffic protection device operating at a security gateway, the device comprising:
The first identity authentication unit is used for carrying out first identity authentication on the client when intercepting a service access request sent by the client;
a communication allowing unit, configured to allow communication between the client and a service server if the first identity authentication of the client passes, so that the client sends the service access request to the service server;
and the second identity authentication request sending unit is used for sending a second identity authentication request to the identity authentication platform so that the identity authentication platform returns an authentication identifier to the client based on the second identity authentication request, and the client accesses corresponding service from the service server based on the authentication identifier and the service access request, wherein the second identity authentication request is generated based on a second authentication page address returned to the client by the service server and terminal information of the client.
10. An electronic device comprising one or more processors and a memory, one or more programs stored in the memory and configured to perform the method of any of claims 1-8 by the one or more processors.
11. A computer readable storage medium, characterized in that the computer readable storage medium stores a program code comprising instructions for performing the method of any of claims 1-8.
CN202310955252.9A 2023-07-31 2023-07-31 Service protection method, device, electronic equipment and storage medium Pending CN117220904A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310955252.9A CN117220904A (en) 2023-07-31 2023-07-31 Service protection method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310955252.9A CN117220904A (en) 2023-07-31 2023-07-31 Service protection method, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117220904A true CN117220904A (en) 2023-12-12

Family

ID=89046898

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310955252.9A Pending CN117220904A (en) 2023-07-31 2023-07-31 Service protection method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117220904A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117411733A (en) * 2023-12-15 2024-01-16 北京从云科技有限公司 Intranet access protection system based on user identity

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117411733A (en) * 2023-12-15 2024-01-16 北京从云科技有限公司 Intranet access protection system based on user identity
CN117411733B (en) * 2023-12-15 2024-03-01 北京从云科技有限公司 Intranet access protection system based on user identity

Similar Documents

Publication Publication Date Title
CN106657152B (en) Authentication method, server and access control device
CN104144163B (en) Auth method, apparatus and system
US10743180B2 (en) Method, apparatus, and system for authenticating WIFI network
CN105591744B (en) A kind of genuine cyber identification authentication method and system
CN109345245B (en) Short message verification method, device, network and storage medium based on block chain
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN108055238B (en) Account verification method and system
CN102790674A (en) Authentication method, equipment and system
CN102469092B (en) A kind of method and system realizing the safety protecting mechanism of mobile phone application
CN105577619B (en) Client login method, client and system
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN105657702A (en) Authentication method, authentication system, authentication method of mobile terminal and mobile terminal
CN105959947A (en) Method for safely having access to network and system thereof
CN117220904A (en) Service protection method, device, electronic equipment and storage medium
CN106656992A (en) Information verification method
CN106559785A (en) Authentication method, equipment and system and access device and terminal
CN109587683B (en) Method and system for preventing short message from being monitored, application program and terminal information database
CN107645474B (en) Method and device for logging in open platform
CN109274699A (en) Method for authenticating, device, server and storage medium
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN106714158B (en) WiFi access method and device
CN111385258B (en) Data communication method, device, client, server and storage medium
CN111193708A (en) Code scanning login method and device based on enterprise browser
CN106412904B (en) Method and system for preventing counterfeit user authentication authority
CN105743859A (en) Method, device and system for authenticating light application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination