CN209218131U - A kind of network authentication security management and control device - Google Patents
A kind of network authentication security management and control device Download PDFInfo
- Publication number
- CN209218131U CN209218131U CN201822017893.7U CN201822017893U CN209218131U CN 209218131 U CN209218131 U CN 209218131U CN 201822017893 U CN201822017893 U CN 201822017893U CN 209218131 U CN209218131 U CN 209218131U
- Authority
- CN
- China
- Prior art keywords
- network
- user
- module
- input terminal
- subsystem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model discloses a kind of network authentication security management and control device, the device includes: client, authentication subsystem, network control subsystem and server terminal, client is connect with authentication subsystem and network control subsystem two-way signaling respectively, and authentication subsystem is also connect with server terminal;The certification security management and control device of the utility model can ensure that, when, which there is exception, in user's operation and access process can limit the access of the user, the information of user is not encroached on, and ensure the safety of system data, start time is managed when online, when suspension, terminates, can guarantee in whole process using safe, and using control in real time, once access can be limited immediately by exception occur;By the certification of authentication subsystem, non-user operation can be stopped immediately, and alerted, it is avoided to see the browsing of real user record and personal real information, go to ensure user using safe.
Description
Technical field
The utility model relates to technical field of network security, more particularly to a kind of network authentication security management and control device.
Background technique
With the high speed development of internet, network brings huge convenience to people's lives, work, but also band simultaneously
Network security problem is carried out.By the way that comprehensive control to network can be realized in network exit deployment secure gateway.Existing skill
The network control device of art: including: that attribute obtains module, for obtaining the dynamic attribute of user identifier;Mode obtains module, uses
In the mapping relations according to preset dynamic attribute and network control mode, corresponding to the dynamic attribute for obtaining the user identifier
Network control mode;Network manages module, manages for executing the network to the corresponding network behavior of the user identifier
Mode.Further include: identifier acquisition module, for obtaining the user identifier of network behavior exception;Attribute mark module, for institute
State the dynamic attribute that user identifier label matches extremely with the network behavior.Attribute cancellation module, for judging the net
Whether network abnormal behavior disappears, if so, removing the dynamic attribute to match extremely with network behavior marked to user identifier.
Time-obtaining module executes the network control mode corresponding control time for obtaining;Control releases module, for judging
Whether the control time reaches preset threshold, if so, further judge that the dynamic attribute of user identifier whether there is, if
It is no, then release the network control mode executed to the user identifier corresponding network behavior.
But the not certain access authentication of the network control device, can not go to ensure user using safe, user is practical
During operating this system, because management and control measures are not in place, the safety of the data safety and this system itself to user can all be generated
It threatens.
Utility model content
Purpose of utility model: the utility model provides a kind of network authentication peace for the safety in utilization that one can ensure user
Full control device.
Technical solution: a kind of network authentication security management and control device, the device include: client, authentication subsystem, net
Network manages subsystem and server terminal, and client connects with authentication subsystem and network control subsystem two-way signaling respectively
It connects, authentication subsystem is also connect with server terminal;Wherein, the authentication subsystem includes Secure Access Modules, at first
Manage device, memory, data comparison module, controller and alert module;The input terminal of the Secure Access Modules and client
The output end at end connects, and the output end of the Secure Access Modules and the input terminal of first processor connect, and described first
The output end of processor respectively with the input terminal of data comparison module, the input terminal of memory, the input terminal of controller and service
The connection of device terminal, the first processor are connect with data comparison module two-way signaling;The output end of the controller and police
The input terminal connection of module is accused, the output end of alert module and the input terminal of client connect.
Further, the authentication subsystem further includes database, and the database and the data comparison module are two-way
Signal connection.
Further, the identity information area in the usage record area in the database equipped with user and user.
Further, the network control subsystem includes safety management module, violation operation identification module, second processor
And network weight control module;The input terminal of the safety management module and the output end of client connect, safety management module
Output end connect with the input terminal of violation operation identification module, the output end and second processing of the violation operation identification module
The input terminal of device connects, and the output end of the second processor is connect with the input terminal of network legal power control module, network legal power
The output end of control module and the input terminal of client connect.
Further, user is divided into administrator, advanced level user and ordinary user three by the network legal power control module
Grade.
Further, the network legal power control module access level of user is divided into forbid accessing, allow access and
Limitation access.
Further, the client is to access the smart machine of wireless network.
The utility model has the advantages that the certification security management and control device of the utility model can ensure that, when user's operation and access process go out
When now exception can limit the access of the user, the information of user is not encroached on, and ensures the safety of system data, manages the time
Starting point is when online, when suspension, terminates, can guarantee in whole process using safe, and using control in real time, once
Access can be limited immediately by exception occur;By the certification of Secure Access Modules, non-user operation can be stopped immediately, gone forward side by side
Row warning avoids it from seeing the browsing of real user record and personal real information, go to ensure user using safe.
Detailed description of the invention
Fig. 1 is the block diagram of the network authentication security management and control device of the utility model;
Fig. 2 is the block diagram of the network control subsystem of the utility model.
Specific embodiment
The utility model is further described below.
As Figure 1-Figure 2, a kind of network authentication security management and control device provided by the utility model, which includes: visitor
It family end, server terminal, the authentication subsystem for connecting client and server terminal and connect with client two-way signaling
Network manages subsystem.Authentication subsystem can authenticate the login of user, will be in the identity information and database of user
The identity information of storage is compared, and only authentication completion just can be carried out normal operating, and certification is not completed and cannot then be connected
Enter this system, to guarantee the data safety of user, network manages subsystem and then carries out supervision in system actual use, to it
In violation operation identified and controlled, and the limitation of network legal power is carried out for different user gradation, to guarantee to make
With safety in the process.
Authentication subsystem includes: Secure Access Modules, first processor, data comparison module, database, memory, police
Accuse module and controller;The input terminal of Secure Access Modules and the output end of client connect, the output of Secure Access Modules
End is connect with first processor, is substantially carried out authentication function, the identity information and verification process of user is monitored, in verification process
It is required that user inputs account information and password, after the completion of authenticating first time, then the usage record of user is used with other and is remembered
Record upsets arrangement, and user is allowed to select, and only once fault-tolerant chance, to complete second of certification, avoids illegal rear end
Entered in the account of user by account and multiple password attempt, that steals user uses data information;Then have in database more
A subregion, the identity information area etc. in usage record area, user including user when authenticating for the first time, read the identity letter of user
Breath area is compared with the identity information of login, and when authenticating for the second time, the usage record area for reading user makes with what user selected
It is compared with record;Memory, controller and data comparison module are connect with the output end of first processor respectively, storage
Device then persists the identity information of user, when password is inputed by mistake for the first time, and the warning page returns to login page after occurring,
The account information of user is refreshed on the new page, it is only necessary to be re-entered password, be completed to authenticate for the first time, not need defeated again
Enter account, can be improved the usage experience of user, data comparison module will belong to this in the identity information area of user in database
The password of account is compared with the password that user inputs, will belong in the usage record area of user the usage record of the account with
The usage record of user's selection is compared, to complete to authenticate for the first time and second authenticates, controller also with alert module
Connection, controller mainly respond the processing result of first processor, and it is abnormal conscientious to exist, then are sent by alert module
It is alerted to client, guarantees the data safety of user.
It includes safety management module, violation operation identification module, second processor and network weight that network, which manages subsystem,
Limit control module.Wherein, safety management module can monitor the upper downtime of user, flowing of access information, client in real time and set
The output end of standby and IP address etc., safety management module is connect with the input end signal of violation operation identification module, is grasped in violation of rules and regulations
Module is differentiated using filtering and capture function, capture analysis is carried out to information, there are violations of rules and regulations to alarm to administrator, in violation of rules and regulations
The input end signal of the output end and second processor that operate identification module connects, the output end and network legal power of second processor
The input end signal of control module connects, and network legal power control module falls into three classes user, and different grades of user visits
Ask that the range of network is different, respectively administrator, advanced level user and ordinary user's three grades, and there are three access for user
Grade is respectively forbidden accessing, allows to access and limit access, guaranteed the data safety of user and system with this.
Client is that the smart machine of access wireless network is provided with not existing together for the equipment for distinct device
Reason mode and interface, such as mobile phone terminal and computer end, the certification page of mobile phone terminal is arranged in middle position, computer end
The right end of the page is arranged in certification page, and left end can be provided with feature advertisement or promotional videos of the website etc., even if being all
The page of computer end, different model is slightly different, such as the page-size of the site certificate page, font size, publicity the page with
The arrangement ratio of certification page, distinct according to different computers model, ratio is 5:5 or ratio is 6:4.
Secure Access Modules use RADAIUS, verify to the username and password of client input, response speed
Fastly, processing speed is fast, and anti-virus ability is strong, strong for the recognition capability of real user and violation rear end.First processor is adopted
With the dual core processors of model PentiumEE, energy multiple threads task has multiple tasks that first processor is needed to carry out
When processing, first processor can be handled simultaneously, be capable of the processing speed of support mission, and not phase between different processing tasks
Mutually influence.The 16 core E5-2670V3 of model of memory, hard disk is 2*480G SSD in memory, and memory is only to place to use
The identity account at family, when user carries out account input, there are association functions, increase the usage experience of user, and identity account is number
The storage space of word information, occupancy is small, but in order to be used continuously for a long time, so the memory big using memory space,
The case where being overflowed in later use process there is no data.The model Pentium D 965 of second processor, can be right
The identification handling suggestion of violation operation identification module is reprocessed, and because there are a large amount of data flows in each user's use, is disobeyed
Rule operation identification module only retains abnormal data, but treating capacity is also very huge, so needing one can largely locate
The processor of data is managed, and is not easy to collapse in data handling procedure.
User carries out register by client, and Secure Access Modules need to verify username and password, and real-time
Verification information signal is passed to first processor, first processor by monitoring identity information and verification process, Secure Access Modules
Identity information is temporarily stored by memory, and verification information is passed into data comparison module, data comparison module
It calls the identity information in database to be compared, comparison result is communicated to first processor, and it is anti-to do information to database
Feedback, compares successfully, that is, completes verifying, and identity information does not compare success, and first processor then assigns instruction to controller, controller
It is alerted by alert module to using the user of client to give, in the normal use network development process of user, safety management mould
Block monitors upper downtime, flowing of access information, client device and the IP address of user in real time, and use information is transmitted
Violation operation identification module is given, violation operation identification module identify and pass to identification result at second to abnormal behaviour
Device is managed, second processor verifies the class information of user by network legal power control module, according to user gradation to the different of user
Often operation is limited, to realize network monitoring.
Claims (7)
1. a kind of network authentication security management and control device, it is characterised in that: the device includes: client, authentication subsystem, net
Network manages subsystem and server terminal, and client connects with authentication subsystem and network control subsystem two-way signaling respectively
It connects, authentication subsystem is also connect with server terminal;Wherein, the authentication subsystem includes Secure Access Modules, at first
Manage device, memory, data comparison module, controller and alert module;The input terminal of the Secure Access Modules and client
The output end at end connects, and the output end of the Secure Access Modules and the input terminal of first processor connect, and described first
The output end of processor respectively with the input terminal of data comparison module, the input terminal of memory, the input terminal of controller and service
The connection of device terminal, the first processor are connect with data comparison module two-way signaling;The output end of the controller and police
The input terminal connection of module is accused, the output end of alert module and the input terminal of client connect.
2. network authentication security management and control device according to claim 1, it is characterised in that: the authentication subsystem also wraps
Database is included, which connect with the data comparison module two-way signaling.
3. network authentication security management and control device according to claim 2, it is characterised in that: be equipped with user in the database
Usage record area and user identity information area.
4. network authentication security management and control device according to claim 1, it is characterised in that: the network manages subsystem packet
Include safety management module, violation operation identification module, second processor and network legal power control module;The safety management mould
The input terminal of block and the output end of client connect, the output end of safety management module and the input terminal of violation operation identification module
The input terminal of connection, the output end of the violation operation identification module and second processor connects, the second processor it is defeated
Outlet is connect with the input terminal of network legal power control module, and the output end of network legal power control module and the input terminal of client connect
It connects.
5. network authentication security management and control device according to claim 4, it is characterised in that: the network legal power controls mould
User is divided into administrator, advanced level user and ordinary user's three grades by block.
6. network authentication security management and control device according to claim 4, it is characterised in that: the network legal power controls mould
The access level of user is divided by block to be forbidden accessing, allows to access and limit access.
7. network authentication security management and control device according to claim 1, it is characterised in that: the client is access nothing
The smart machine of gauze network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201822017893.7U CN209218131U (en) | 2018-11-27 | 2018-11-27 | A kind of network authentication security management and control device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201822017893.7U CN209218131U (en) | 2018-11-27 | 2018-11-27 | A kind of network authentication security management and control device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN209218131U true CN209218131U (en) | 2019-08-06 |
Family
ID=67462707
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201822017893.7U Active CN209218131U (en) | 2018-11-27 | 2018-11-27 | A kind of network authentication security management and control device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN209218131U (en) |
-
2018
- 2018-11-27 CN CN201822017893.7U patent/CN209218131U/en active Active
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
US11171784B2 (en) | Systems and methods for providing a secured password and authentication mechanism for programming and updating software or firmware | |
CN107645482A (en) | A kind of risk control method and device for business operation | |
WO2023216641A1 (en) | Security protection method and system for power terminal | |
US9667613B1 (en) | Detecting mobile device emulation | |
CN112528251B (en) | User account authority management method, device, equipment and readable medium | |
CN102999716A (en) | virtual machine monitoring system and method | |
CN107506289A (en) | The abnormality monitoring method and financial terminal of a kind of financial terminal | |
CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
CN112104618A (en) | Information determination method, information determination device and computer readable storage medium | |
CN110650151A (en) | Computer network safety remote monitoring device | |
CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
DE102017113147A1 (en) | Secure payment protection method and corresponding electronic device | |
CN209218131U (en) | A kind of network authentication security management and control device | |
CN107612755A (en) | The management method and its device of a kind of cloud resource | |
CN111541641A (en) | Password management system and method | |
CN110490007A (en) | A kind of Computer Data Security shared platform Internet-based | |
CN112287313A (en) | Device authentication system and method | |
CN109862035A (en) | Game APP account verification method and equipment | |
CN115310078A (en) | Industrial production line auditing system and application method | |
CN111510431B (en) | Universal terminal access control platform, client and control method | |
CN211506487U (en) | Cross-platform security audit device | |
CN114205116A (en) | Zero-trust borderless security access system | |
CN109756403A (en) | Access verification method, device, system and computer readable storage medium | |
RU2656692C2 (en) | Device and method of server administration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant |